권한부여 및 정합성 검사 추가

backend/internal/service/worksmobile_relay_worker.go

@@ -97,13 +97,17 @@ func (w *WorksmobileRelayWorker) dispatch(ctx context.Context, job domain.Worksm
 			if err := decodeWorksmobileRequest(job.Payload, &payload); err != nil {
 				return err
 			}
-			return w.client.UpsertUser(ctx, payload)
-		case domain.WorksmobileActionDelete:
-			userID := stringValue(job.Payload["loginEmail"])
-			if userID == "" {
-				userID = stringValue(job.Payload["userExternalKey"])
+			if err := w.client.UpsertUser(ctx, payload); err != nil {
+				return err
 			}
-			return w.client.DeleteUser(ctx, userID)
+			if stringValue(job.Payload["baronStatus"]) == domain.UserStatusActive {
+				return w.client.SetUserActive(ctx, worksmobileOutboxUserIdentifier(job), true)
+			}
+			return nil
+		case domain.WorksmobileActionDelete:
+			return w.client.DeleteUser(ctx, worksmobileOutboxUserIdentifier(job))
+		case domain.WorksmobileActionSuspend:
+			return w.client.SetUserActive(ctx, worksmobileOutboxUserIdentifier(job), false)
 		default:
 			return nil
 		}
@@ -112,6 +116,14 @@ func (w *WorksmobileRelayWorker) dispatch(ctx context.Context, job domain.Worksm
 	}
 }
 
+func worksmobileOutboxUserIdentifier(job domain.WorksmobileOutbox) string {
+	userID := stringValue(job.Payload["loginEmail"])
+	if userID == "" {
+		userID = stringValue(job.Payload["userExternalKey"])
+	}
+	return userID
+}
+
 func decodeWorksmobileRequest(payload domain.JSONMap, target any) error {
 	raw := payload["request"]
 	if raw == nil {