From 6d05bb212b17f65ffda0193f3bb701b369f1cdd0 Mon Sep 17 00:00:00 2001
From: chan <b24028@hanmaceng.co.kr>
Date: Wed, 6 May 2026 14:44:03 +0900
Subject: [PATCH] fix: enqueue KetoOutboxActionDelete for isRemoveTenant

- Ensure Keto permissions are correctly revoked when a user is removed from a tenant.
---
 backend/internal/handler/user_handler.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/backend/internal/handler/user_handler.go b/backend/internal/handler/user_handler.go
index 87a911d5..8502e096 100644
--- a/backend/internal/handler/user_handler.go
+++ b/backend/internal/handler/user_handler.go
@@ -1556,6 +1556,22 @@ func (h *UserHandler) UpdateUser(c *fiber.Ctx) error {
 			}
 			existingCodes = newCodes
 
+			// [Keto Sync] Remove membership for the target tenant
+			if h.TenantService != nil && h.KetoOutboxRepo != nil && code != "" {
+				go func(removedSlug string) {
+					bgCtx := context.Background()
+					if t, err := h.TenantService.GetTenantBySlug(bgCtx, removedSlug); err == nil && t != nil {
+						_ = h.KetoOutboxRepo.Create(bgCtx, &domain.KetoOutbox{
+							Namespace: "Tenant",
+							Object:    t.ID,
+							Relation:  "members",
+							Subject:   "User:" + userID,
+							Action:    domain.KetoOutboxActionDelete,
+						})
+					}
+				}(code)
+			}
+
 			// If removing the primary company code, pick another one as primary if available
 			currentPrimary := extractTraitString(traits, "companyCode")
 			if currentPrimary == code {