use school id for safeguarding flags

[peconia]

Status

• Related to profile#2006 and profile#2007 and #270

What's changed

When creating or reading safeguarding flags from profile api, include the school id. This should go live so that all new safeguarding flags get the school id, and that profile can backfill the information. After that we can improve the profile API to verify user actions target the correct school.

Also separated out the 401 unauthorized handling partially to stop them getting sent to sentry. Left a TODO for actual further API changes, so this change does not change what the api returns for now.

[Copilot]

Pull request overview

Updates Profile API safeguarding-flag integration to include schoolId on create/list operations, and introduces explicit handling for Profile API 401 responses to reduce Sentry noise during school onboarding.

Changes:

• Add schoolId to ProfileApiClient::SafeguardingFlag and include it in create_safeguarding_flag request bodies.
• Treat Profile API 401 as a non-Faraday error by allowing status 401 through Faraday and raising ProfileApiClient::UnauthorizedError instead.
• Update controllers and request/unit specs to pass/expect school_id when creating safeguarding flags, plus add school creation stubbing in school creation request specs.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
lib/profile_api_client.rb	Adds schoolId to safeguarding flag model and request payloads; introduces UnauthorizedError and 401 handling.
app/services/school_onboarding_service.rb	Rescues ProfileApiClient::UnauthorizedError to avoid sending expected 401s to Sentry during onboarding.
app/controllers/api/school_students_controller.rb	Passes school_id when creating safeguarding flags.
app/controllers/api/school_members_controller.rb	Passes school_id when creating safeguarding flags.
spec/lib/profile_api_client_spec.rb	Updates expectations for safeguarding flag payload/response to include schoolId.
spec/support/shared_examples/profile_api_client_examples.rb	Adjusts shared HTTP error handling expectations to treat 401 differently.
spec/support/profile_api_mock.rb	Adds a stub helper for ProfileApiClient.create_school.
spec/features/school/creating_a_school_spec.rb	Uses the new profile stub and updates auth setup for school creation requests.
spec/features/school_student/creating_a_school_student_spec.rb	Updates expectations to include school_id when creating safeguarding flags.
spec/features/school_student/updating_a_school_student_spec.rb	Updates expectations to include school_id when creating safeguarding flags.
spec/features/school_student/deleting_a_school_student_spec.rb	Updates expectations to include school_id when creating safeguarding flags.
spec/features/school_student/listing_school_students_spec.rb	Updates expectations to include school_id when creating safeguarding flags.
spec/features/school_student/creating_a_batch_of_school_students_spec.rb	Updates expectations to include school_id when creating safeguarding flags.
spec/features/school_member/listing_school_members_spec.rb	Updates expectations to include school_id when creating safeguarding flags.