Updated ZeroTier network membership flow and logic

gatehouse_app/api/v1/zerotier.py

@@ -924,16 +924,25 @@ def admin_list_memberships(org_id):
 @require_admin
 @full_access_required
 def admin_delete_membership(org_id, membership_id):
-    """Hard-delete a membership and remove it from ZeroTier (admin only)."""
+    """Force-delete a membership and remove it from ZeroTier (admin only).
+
+    Handles the full lifecycle: deactivates if active, removes the member
+    from the ZeroTier controller, and hard-deletes the DB record.
+    """
     org, err = _org_check(org_id)
     if err:
         return err
 
     try:
-        network_access_service.hard_delete_request(membership_id)
+        network_access_service.admin_force_delete_request(
+            membership_id,
+            admin_user_id=g.current_user.id,
+        )
         return api_response(message="Request permanently deleted")
     except ApprovalNotFoundError as e:
         return api_response(success=False, message=str(e), status=404, error_type=e.error_type)
+    except AppValidationError as e:
+        return api_response(success=False, message=str(e.message), status=400, error_type=e.error_type)
 
 
 # ── ZeroTier Controller ───────────────────────────────────────────────────────