Fix(Feat): CA, Audits, Rte Limit

CA Encryption, Serials, Rate Limiter, Account suspension blocks login
Transfer Ownership & Delete Account

gatehouse_app/services/organization_service.py

@@ -188,11 +188,10 @@ class OrganizationService:
         Raises:
             ConflictError: If user is already a member
         """
-        # Check if already a member
+        # Check if already a member (active or soft-deleted — both blocked by DB unique constraint)
         existing = OrganizationMember.query.filter_by(
             user_id=user_id,
             organization_id=org.id,
-            deleted_at=None,
         ).first()
 
         # Development-only debug logging for membership validation
@@ -200,6 +199,25 @@ class OrganizationService:
             logger.debug(f"[Org] Member check: org_id={org.id}, user_id={user_id}, already_member={existing is not None}")
 
         if existing:
+            if existing.deleted_at is not None:
+                # Reactivate the soft-deleted membership with the new role
+                existing.deleted_at = None
+                existing.role = role
+                existing.invited_by_id = inviter_id
+                existing.invited_at = datetime.now(timezone.utc)
+                existing.joined_at = datetime.now(timezone.utc)
+                existing.save()
+
+                AuditService.log_action(
+                    action=AuditAction.ORG_MEMBER_ADD,
+                    user_id=inviter_id,
+                    organization_id=org.id,
+                    resource_type="organization_member",
+                    resource_id=existing.id,
+                    metadata={"added_user_id": user_id, "role": role.value},
+                    description=f"Member re-added to organization with role: {role.value}",
+                )
+                return existing
             raise ConflictError("User is already a member of this organization")
 
         # Create membership