cancel requests endpoint

2026-01-10 16:08:20 -05:00 · 2025-12-06 18:11:41 -05:00
parent e82d810ac7
commit 89c1c5ffc4
2 changed files with 52 additions and 1 deletions
--- a/backend/src/server/routes/v1/approval-policy-routers/approval-policy-endpoints.ts
+++ b/backend/src/server/routes/v1/approval-policy-routers/approval-policy-endpoints.ts
@@ -338,4 +338,31 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
      return { request };
    }
  });
+
+  server.route({
+    method: "POST",
+    url: "/requests/:requestId/cancel",
+    config: {
+      rateLimit: writeLimit
+    },
+    schema: {
+      description: "Cancel approval request",
+      params: z.object({
+        requestId: z.string().uuid()
+      }),
+      response: {
+        200: z.object({
+          request: requestResponseSchema
+        })
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    handler: async (req) => {
+      const { request } = await server.services.approvalPolicy.cancelRequest(req.params.requestId, req.permission);
+
+      // TODO(andrey): Audit log
+
+      return { request };
+    }
+  });
 };
--- a/backend/src/services/approval-policy/approval-policy-service.ts
+++ b/backend/src/services/approval-policy/approval-policy-service.ts
@@ -673,6 +673,29 @@ export const approvalPolicyServiceFactory = ({
    return { requests };
  };

+  const cancelRequest = async (requestId: string, actor: OrgServiceActor) => {
+    const request = await approvalRequestDAL.findById(requestId);
+    if (!request) {
+      throw new ForbiddenRequestError({ message: "Request not found" });
+    }
+
+    if (request.status !== ApprovalRequestStatus.Pending) {
+      throw new BadRequestError({ message: "Request is not pending" });
+    }
+
+    if (request.requesterId !== actor.id) {
+      throw new ForbiddenRequestError({ message: "You are not the requester of this request" });
+    }
+
+    const updatedRequest = await approvalRequestDAL.updateById(requestId, {
+      status: ApprovalRequestStatus.Cancelled
+    });
+
+    const steps = await approvalRequestDAL.findStepsByRequestId(requestId);
+
+    return { request: { ...updatedRequest, steps } };
+  };
+
  return {
    create,
    list,
@@ -683,6 +706,7 @@ export const approvalPolicyServiceFactory = ({
    listRequests,
    getRequestById,
    approveRequest,
-    rejectRequest
+    rejectRequest,
+    cancelRequest
  };
 };