kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

fix: enqueue KetoOutboxActionDelete for isRemoveTenant

Browse Source 
- Ensure Keto permissions are correctly revoked when a user is removed from a tenant.
This commit is contained in:
조찬영
2026-05-06 14:44:03 +09:00
parent 5f9a61de98
commit 6d05bb212b
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/internal/handler/user_handler.go
View File

@@ -1556,6 +1556,22 @@ func (h *UserHandler) UpdateUser(c *fiber.Ctx) error {
} }
existingCodes = newCodes existingCodes = newCodes
// [Keto Sync] Remove membership for the target tenant
if h.TenantService != nil && h.KetoOutboxRepo != nil && code != "" {
go func(removedSlug string) {
bgCtx := context.Background()
if t, err := h.TenantService.GetTenantBySlug(bgCtx, removedSlug); err == nil && t != nil {
_ = h.KetoOutboxRepo.Create(bgCtx, &domain.KetoOutbox{
Namespace: "Tenant",
Object: t.ID,
Relation: "members",
Subject: "User:" + userID,
Action: domain.KetoOutboxActionDelete,
})
}
}(code)
}
// If removing the primary company code, pick another one as primary if available // If removing the primary company code, pick another one as primary if available
currentPrimary := extractTraitString(traits, "companyCode") currentPrimary := extractTraitString(traits, "companyCode")
if currentPrimary == code { if currentPrimary == code {