implement add teacher and student to school

[tra371]

Note

Introduce dedicated teacher/student add-to-school endpoints with serializers, handling roles, memberships, and class assignments.

• Backend/API:
  • New endpoints: POST /schools/<school_id>/add-teacher-school/ (add_teacher_to_school) and POST /schools/<school_id>/add-student-school/ (add_student_to_school).
    • Validates permissions, ensures User role (teacher/student), creates/activates SchoolMembership.
    • Creates corresponding TeacherProfile/StudentProfile; validates and assigns Class(es) for teachers and students.
• Serializers:
  • Add SchoolAddTeacherSerializer (email, teacher_role, assigned_classes) and SchoolAddStudentSerializer (email, assigned_class).
• Routing:
  • Wire new endpoints in core/urls.py; import serializers in core/views.py.

^{Written by Cursor Bugbot for commit 385a398. This will update automatically on new commits. Configure here.}

[cursor]

This PR is being reviewed by Cursor Bugbot

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Bug: Faulty Logic Denies Teacher Student Access

The permission check uses or instead of and, preventing teachers from adding students. The condition (school.admin != request.user or request.user.role != "teacher") evaluates to True when the user is a teacher but not the admin, incorrectly denying access. This contradicts the docstring stating "school admins and teachers can add students".

 

[cursor]

Bug: Missing Default Breaks Class Filtering

When assigned_classes is not provided in the request, data.get('assigned_classes') returns None, which causes Class.objects.filter(name__in=assigned_class_names, ...) to fail since name__in expects an iterable. The code should default to an empty list when the field is absent.