fix: use request environment for approval notifications

[frankeld]

Context

Approval request notifications (Slack, etc) pull the environment name from policy.envId, a column that doesn't represent multi-environment policies since #4220. For policies that span multiple environments, this column only ever points to one of them, so notifications end up saying one environment even when the requests are for different environments.

Switched all three call sites to look up the environment from the request context instead.

Screenshots

N/A

Steps to verify the change

1. Create an approval policy covering multiple environments
2. Delete/update a secret across environments from the overview page
3. Check that each notification shows the right environment

Type

• Fix

Checklist

• Title follows the conventional commit format
• Tested locally
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Summary

Fixes a bug where approval request notifications (Slack, email, etc.) displayed incorrect environment names for multi-environment policies. Since PR #4220, policy.envId only points to one environment even when policies span multiple environments. This PR correctly uses the environment field from the request context to look up the environment by slug and projectId.

Changes:

• Updated 3 notification code paths (mergeSecretApprovalRequest, generateSecretApprovalRequest, generateSecretApprovalRequestV2Bridge) to use projectEnvDAL.findOne({ slug: environment, projectId }) instead of projectEnvDAL.findOne({ id: policy.envId })
• Each change retrieves the environment from the request context, which correctly represents the environment where the secret operation is being performed

This ensures notifications show the actual environment being modified, not just one of the environments covered by a multi-environment policy.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The change is a straightforward bug fix that replaces an incorrect data source (policy.envId) with the correct one (environment from request context). The fix is applied consistently across all three notification code paths, uses existing validated data from the DAL layer, and doesn't introduce any new security concerns or breaking changes.
• No files require special attention

Important Files Changed

Filename	Overview
backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts	Fixes approval notifications to show correct environment by using request context instead of policy.envId (3 identical changes in notification code paths)

_{Last reviewed commit: 68c5dcf}

[x032205]

Thank you for contributing!