diff --git a/app/controllers/api/school_members_controller.rb b/app/controllers/api/school_members_controller.rb index 2b06cb8c..aef76575 100644 --- a/app/controllers/api/school_members_controller.rb +++ b/app/controllers/api/school_members_controller.rb @@ -6,6 +6,8 @@ class SchoolMembersController < ApiController load_and_authorize_resource :school authorize_resource :school_member, class: false + before_action :create_safeguarding_flags + def index result = SchoolMember::List.call(school: @school, token: current_user.token) @@ -16,5 +18,32 @@ def index render json: { error: result[:error] }, status: :unprocessable_entity end end + + private + + def create_safeguarding_flags + create_teacher_safeguarding_flag + create_owner_safeguarding_flag + end + + def create_teacher_safeguarding_flag + return unless current_user.school_teacher?(@school) + + ProfileApiClient.create_safeguarding_flag( + token: current_user.token, + flag: ProfileApiClient::SAFEGUARDING_FLAGS[:teacher], + email: current_user.email + ) + end + + def create_owner_safeguarding_flag + return unless current_user.school_owner?(@school) + + ProfileApiClient.create_safeguarding_flag( + token: current_user.token, + flag: ProfileApiClient::SAFEGUARDING_FLAGS[:owner], + email: current_user.email + ) + end end end diff --git a/spec/features/school_member/listing_school_members_spec.rb b/spec/features/school_member/listing_school_members_spec.rb index 009e0404..9abb0dd5 100644 --- a/spec/features/school_member/listing_school_members_spec.rb +++ b/spec/features/school_member/listing_school_members_spec.rb @@ -16,8 +16,8 @@ { id: student.id, name: student.name, username: student.username } end stub_profile_api_list_school_students(school:, student_attributes:) - stub_user_info_api_for(teacher) + stub_profile_api_create_safeguarding_flag end it 'responds 200 OK' do @@ -95,6 +95,16 @@ expect(student_names).to eq(sorted_student_names) end + it 'creates the school owner safeguarding flag' do + get("/api/schools/#{school.id}/students", headers:) + expect(ProfileApiClient).to have_received(:create_safeguarding_flag).with(token: UserProfileMock::TOKEN, flag: ProfileApiClient::SAFEGUARDING_FLAGS[:owner], email: owner.email) + end + + it 'does not create the school teacher safeguarding flag' do + get("/api/schools/#{school.id}/students", headers:) + expect(ProfileApiClient).not_to have_received(:create_safeguarding_flag).with(token: UserProfileMock::TOKEN, flag: ProfileApiClient::SAFEGUARDING_FLAGS[:teacher], email: owner.email) + end + it "responds with nil attributes for students if the user profile doesn't exist" do stub_user_info_api_for_unknown_users(user_id: students.first.id) @@ -123,4 +133,20 @@ get("/api/schools/#{school.id}/members", headers:) expect(response).to have_http_status(:forbidden) end + + it 'does not create the school owner safeguarding flag when the user is a school teacher' do + teacher = create(:teacher, school:) + authenticated_in_hydra_as(teacher) + + get("/api/schools/#{school.id}/students", headers:) + expect(ProfileApiClient).not_to have_received(:create_safeguarding_flag).with(token: UserProfileMock::TOKEN, flag: ProfileApiClient::SAFEGUARDING_FLAGS[:owner], email: owner.email) + end + + it 'creates the school teacher safeguarding flag when the user is a school teacher' do + teacher = create(:teacher, school:) + authenticated_in_hydra_as(teacher) + + get("/api/schools/#{school.id}/students", headers:) + expect(ProfileApiClient).to have_received(:create_safeguarding_flag).with(token: UserProfileMock::TOKEN, flag: ProfileApiClient::SAFEGUARDING_FLAGS[:teacher], email: teacher.email) + end end