Box Request Approve/Deny Handlers #28
Description
Tech Story: Box Request Approve/Deny Handlers
As a developer
I want to implement GraphQL mutations for approving and denying box requests
So that admins can process requests and trigger appropriate actions
Technical Tasks
- Create approveBoxRequest GraphQL mutation
- Create denyBoxRequest GraphQL mutation
- Implement box creation logic on approval
- Add request status update logic
- Store denial reason for rejected requests
- Add validation (admin-only, request exists, valid status)
- Trigger email notifications after status change
- Add error handling for box creation failures
- Update request timestamps (approvedAt, deniedAt)
- Set approvedBy field to current admin user
- Add tests for both mutations
Implementation Notes
- Mutations should check admin=true on current user
- Only PENDING requests can be approved/denied
- On approval: create box with boxType=REQUESTED
- On denial: require reason field
- Link created box to original requester
- Handle race conditions (multiple admins)
Acceptance Criteria
- approveBoxRequest creates new box and updates request status
- denyBoxRequest updates status and stores reason
- Only admins can execute these mutations
- Email notifications triggered automatically
- Request audit trail maintained (who approved/denied when)
Related
- Epic Box display #2: Request & Approval Workflow
- Story: Box Request Detail Page (uses these mutations)
- Tech Story: BoxRequest Data Model
- Story: User Notification