Merge remote-tracking branch 'origin/master'

svc/routes/user_detail.go

@@ -3,8 +3,10 @@ package routes
 import (
 	"bssapp-backend/auth"
 	"bssapp-backend/internal/auditlog"
+	"bssapp-backend/internal/authz"
 	"bssapp-backend/internal/mailer"
 	"bssapp-backend/internal/security"
+	"bssapp-backend/middlewares"
 	"bssapp-backend/models"
 	"bssapp-backend/queries"
 	"bytes"
@@ -323,6 +325,9 @@ func handleUserUpdate(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
 		return
 	}
 
+	authz.ClearPiyasaCache(int(userID))
+	middlewares.ClearAuthzScopeCacheForUser(userID)
+
 	_ = json.NewEncoder(w).Encode(map[string]any{"success": true})
 }
 
@@ -424,6 +429,9 @@ func handleUserDelete(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
 		return
 	}
 
+	authz.ClearPiyasaCache(int(userID))
+	middlewares.ClearAuthzScopeCacheForUser(userID)
+
 	if claims != nil {
 		auditlog.Enqueue(r.Context(), auditlog.ActivityLog{
 			ActionType:     "user_delete",