Validation against invalid UUID for remove-self endpoint

[bjester]

Summary

This PR fixes an unhandled exception in ChannelUserViewSet.remove_self where malformed channel_id values could trigger a 500 error. It adds proper validation handling to return a 400 Bad Request instead.

The change is localized to contentcuration/contentcuration/viewsets/user.py, aligning error handling with existing patterns in the codebase.

References

Original: #5776
closes #5779

Reviewer guidance

Sending a request with a malformed channel_id (e.g., not-a-valid-uuid) now returns a 400 Bad Request instead of a 500 error. Valid but non existent UUIDs correctly return 404 Not Found, while valid existing IDs continue to work as expected.

AI usage

AI was used only to help improve the phrasing of this pull request description.

The issue identification, debugging, and implementation were done manually after reviewing the code and reproducing the behavior locally. The fix was verified to ensure correct handling of malformed, non-existent, and valid UUID inputs.

In followup, AI was used to address remaining review feedback.

[rtibblesbot]

Clean, minimal fix that addresses exactly what the issue asked for.

CI checks (Python unit tests, linting, frontend build) were still pending at review time — no failures to report. No UI changes; Phase 3 skipped.

• praise: See inline comments on implementation and tests.

---

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Reviewed the pull request diff checking for:

• Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
• Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
• Architecture: duplicated concerns, minimal interfaces, composition over inheritance
• Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
• Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
• Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
• Checked CI status and linked issue acceptance criteria
• For UI changes: inspected screenshots for layout, visual completeness, and consistency

[rtibblesbot]

praise: Normalizing to .hex before the downstream Channel.objects.get() is a nice defensive touch — it canonicalizes any valid UUID variant (with/without dashes, mixed case) into a consistent 32-char hex string, preventing a class of subtle mismatch bugs.

[rtibblesbot]

praise: Good defensive coverage — the 404 test for a valid-but-nonexistent UUID confirms that the new validation block doesn't accidentally swallow legitimate Channel.DoesNotExist paths.