3단계 권한 모델 확장, keto 권한 정책

backend/internal/handler/tenant_handler.go

@@ -39,6 +39,47 @@ type tenantListResponse struct {
 	Total  int64           `json:"total"`
 }
 
+func (h *TenantHandler) RegisterTenantPublic(c *fiber.Ctx) error {
+	var req struct {
+		Name        string `json:"name"`
+		Slug        string `json:"slug"`
+		Description string `json:"description"`
+		Domain      string `json:"domain"`
+		AdminEmail  string `json:"adminEmail"`
+	}
+	if err := c.BodyParser(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request body"})
+	}
+
+	// Basic validation
+	if req.Name == "" || req.Domain == "" || req.AdminEmail == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "name, domain, and adminEmail are required"})
+	}
+
+	tenant, err := h.Service.RequestRegistration(c.Context(), req.Name, req.Slug, req.Description, req.Domain, req.AdminEmail)
+	if err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.Status(fiber.StatusAccepted).JSON(fiber.Map{
+		"message": "Registration request received and is pending approval.",
+		"tenant":  mapTenantSummary(*tenant),
+	})
+}
+
+func (h *TenantHandler) ApproveTenant(c *fiber.Ctx) error {
+	tenantID := c.Params("id")
+	if tenantID == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "tenant id is required"})
+	}
+
+	if err := h.Service.ApproveTenant(c.Context(), tenantID); err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.JSON(fiber.Map{"message": "Tenant approved successfully"})
+}
+
 func (h *TenantHandler) ListTenants(c *fiber.Ctx) error {
 	if h.DB == nil {
 		return c.Status(fiber.StatusServiceUnavailable).JSON(fiber.Map{"error": "database not available"})