Update School.find_for_user!

This fixes a problem in editor-standalone where previously a user that
had created a school, but didn't yet have a role in the school, would
be allowed to go through the school onboarding flow a second time.

The method changed in this commit is used by the
`MySchoolController#show` action (exposed at `/api/school`) to return
the school associated with the authenticated user. The `/api/school`
endpoint will now return either the school that the user created, or
that they have a role in. This matches the behaviour of the
`SchoolsController` which uses our Ability class to determine which
school(s) a user can view. Our ability class includes a rule that allows
users to view unverified schools they created[1].

[1]: https://github.com/RaspberryPiFoundation/editor-api/blob/20fbcaddfbe4a320836f3dbd2d274406396c2c57/app/models/ability.rb#L29

Author: chrisroos

app/models/school.rb

@@ -21,7 +21,10 @@ class School < ApplicationRecord
   before_validation :normalize_reference
 
   def self.find_for_user!(user)
-    Role.find_by!(user_id: user.id).school
+    school = Role.find_by(user_id: user.id)&.school || find_by(creator_id: user.id)
+    raise ActiveRecord::RecordNotFound unless school
+
+    school
   end
 
   def creator

spec/models/school_spec.rb

@@ -199,6 +199,12 @@
       expect(described_class.find_for_user!(user)).to eq(school)
     end
 
+    it "returns the school that the user created if they don't have a role in any school" do
+      creator = create(:user)
+      school.update!(creator_id: creator.id)
+      expect(described_class.find_for_user!(creator)).to eq(school)
+    end
+
     it "raises ActiveRecord::RecordNotFound if the user doesn't have a role in a school" do
       user = build(:user)
       expect { described_class.find_for_user!(user) }.to raise_error(ActiveRecord::RecordNotFound)