feat: improve Worksmobile tenant sync handling

backend/internal/service/user_group_service.go

@@ -17,6 +17,7 @@ type UserGroupService interface {
 	List(ctx context.Context, tenantID string) ([]domain.UserGroup, error)
 	Delete(ctx context.Context, tenantID, groupID string) error
 	Update(ctx context.Context, tenantID, groupID string, name, description, unitType string, parentID *string) (*domain.UserGroup, error)
+	SetWorksmobileSyncer(syncer WorksmobileSyncer)
 
 	// Member Management with Keto Sync
 	AddMember(ctx context.Context, groupID, userID string) error
@@ -35,6 +36,7 @@ type userGroupService struct {
 	ketoService KetoService
 	outboxRepo  repository.KetoOutboxRepository
 	kratos      KratosAdminService
+	worksmobile WorksmobileSyncer
 }
 
 func NewUserGroupService(
@@ -55,6 +57,10 @@ func NewUserGroupService(
 	}
 }
 
+func (s *userGroupService) SetWorksmobileSyncer(syncer WorksmobileSyncer) {
+	s.worksmobile = syncer
+}
+
 func (s *userGroupService) Create(ctx context.Context, tenantID string, parentID *string, name, description, unitType string) (*domain.UserGroup, error) {
 	// For Keto and Tenant hierarchy, if no parent group, the company tenant is the parent.
 	actualParentID := parentID
@@ -261,6 +267,10 @@ func (s *userGroupService) AddMember(ctx context.Context, groupID, userID string
 			localUser.Department = group.Name
 			if err := s.userRepo.Update(ctx, localUser); err != nil {
 				slog.Error("Failed to sync local user during AddMember", "user", userID, "error", err)
+			} else if s.worksmobile != nil {
+				if err := s.worksmobile.EnqueueUserUpsertIfInScope(ctx, *localUser); err != nil {
+					slog.Warn("Failed to enqueue Worksmobile user sync during AddMember", "user", userID, "error", err)
+				}
 			}
 		}
 	}