fix: handle invalid UUID in remove_self to prevent 500 and return 400

[ashnaaseth2325-oss]

Fixes #5779

1. SUMMARY

This PR fixes an unhandled exception in ChannelUserViewSet.remove_self where malformed channel_id values could trigger a 500 error. It adds proper validation handling to return a 400 Bad Request instead.

The change is localized to contentcuration/contentcuration/viewsets/user.py, aligning error handling with existing patterns in the codebase.

---

2. FIX

# Before
try:
    channel = Channel.objects.get(id=channel_id)
except Channel.DoesNotExist:
    return HttpResponseNotFound("Channel not found {}".format(channel_id))

# After
try:
    channel = Channel.objects.get(id=channel_id)
except Channel.DoesNotExist:
    return HttpResponseNotFound("Channel not found {}".format(channel_id))
except ValueError:
    return HttpResponseBadRequest("Invalid channel ID: {}".format(channel_id))

---

3. VERIFICATION

Sending a request with a malformed channel_id (e.g., not-a-valid-uuid) now returns a 400 Bad Request instead of a 500 error. Valid but non existent UUIDs correctly return 404 Not Found, while valid existing IDs continue to work as expected.

---

4. AI Usage

AI was used only to help improve the phrasing of this pull request description.

The issue identification, debugging, and implementation were done manually after reviewing the code and reproducing the behavior locally. The fix was verified to ensure correct handling of malformed, non-existent, and valid UUID inputs.

[learning-equality-bot]

👋 Hi @ashnaaseth2325-oss, thanks for contributing!

For the review process to begin, please verify that the following is satisfied:

• Contribution is aligned with our contributing guidelines

• Pull request description has correctly filled AI usage section & follows our AI guidance:

  AI guidance

  
  

  State explicitly whether you didn't use or used AI & how.

  If you used it, ensure that the PR is aligned with Using AI as well as our DEEP framework. DEEP asks you:

  • Disclose — Be open about when you've used AI for support.
  • Engage critically — Question what is generated. Review code for correctness and unnecessary complexity.
  • Edit — Review and refine AI output. Remove unnecessary code and verify it still works after your edits.
  • Process sharing — Explain how you used the AI so others can learn.

  
  

  Examples of good disclosures:

  "I used Claude Code to implement the component, prompting it to follow the pattern in ComponentX. I reviewed the generated code, removed unnecessary error handling, and verified the tests pass."

  "I brainstormed the approach with Gemini, then had it write failing tests for the feature. After reviewing the tests, I used Claude Code to generate the implementation. I refactored the output to reduce verbosity and ran the full test suite."

Also check that issue requirements are satisfied & you ran pre-commit locally.

Pull requests that don't follow the guidelines will be closed.

Reviewer assignment can take up to 2 weeks.

[ashnaaseth2325-oss]

Hello @bjester
Please review this PR.
Thanks!

[bjester]

Please submit issues first for anymore observed behaviors instead of opening PRs without issues. Opening issues first gives us a chance to collaborate and not waste each other's time.

This should instead validate the channel_id as a UUID first, instead of relying on implicit pathways to surface that.

[ashnaaseth2325-oss]

Hello @bjester
Thanks for the feedback!
I've added explicit UUID validation for channel_id before querying the database. Please let me know if anything else is needed.

[bjester]

Thank you for adding the uuid check. It's much better!

I'd like to request a new unit test to cover it. Writing unit tests, you should also be able to verify whether the original ValueError can actually be reached after adding the uuid validation.

[bjester]

Do we still need this now? Or is it dead code?