refactor: add DomainError::Forbidden + centralize error-to-HTTP mapping

Ownership checks (delete_review, confirm/dismiss watch events) now return Forbidden instead of Unauthorized. Presentation layer maps DomainError→StatusCode via domain_error_response helper, replacing verbose per-handler match arms.
2026-06-02 21:00:22 +02:00
parent 28170c95d4
commit 4067dedb28
8 changed files with 61 additions and 127 deletions
--- a/crates/presentation/src/handlers/webhook.rs
+++ b/crates/presentation/src/handlers/webhook.rs
@@ -128,12 +128,7 @@ async fn run_ingest(
 ) -> StatusCode {
    match ingest_watch_event::execute(&state.app_ctx, cmd, parser).await {
        Ok(()) => StatusCode::OK,
-        Err(domain::errors::DomainError::Unauthorized(_)) => StatusCode::UNAUTHORIZED,
-        Err(domain::errors::DomainError::ValidationError(_)) => StatusCode::BAD_REQUEST,
-        Err(e) => {
-            tracing::error!("webhook ingestion failed: {e:?}");
-            StatusCode::INTERNAL_SERVER_ERROR
-        }
+        Err(e) => crate::errors::domain_error_status(&e),
    }
 }