Add some specimen API tests

api/src/org/labkey/api/action/SpringActionController.java

@@ -267,14 +267,6 @@ protected static <P extends UrlProvider> P urlProvider(Class<P> inter)
         return PageFlowUtil.urlProvider(inter);
     }
 
-    protected void requiresLogin()
-    {
-        if (getUser().isGuest())
-        {
-            throw new UnauthorizedException();
-        }
-    }
-
     protected ViewBackgroundInfo getViewBackgroundInfo()
     {
         ViewContext vc = getViewContext();

specimen/src/org/labkey/specimen/actions/SpecimenApiController.java

@@ -402,22 +402,22 @@ public void setPreferredLocation(Integer preferredLocation)
     private SpecimenRequest getRequest(User user, Container container, int rowId, boolean checkOwnership, boolean checkEditability)
     {
         SpecimenRequest request = SpecimenRequestManager.get().getRequest(container, rowId);
-        boolean admin = container.hasPermission(user, RequestSpecimensPermission.class);
+        boolean admin = container.hasPermission(user, ManageRequestsPermission.class);
         boolean adminOrOwner = request != null && (admin || request.getCreatedBy() == user.getUserId());
         if (request == null || (checkOwnership && !adminOrOwner))
-            throw new RuntimeException("Request " + rowId + " was not found or the current user does not have permissions to access it.");
+            throw new IllegalArgumentException("Request " + rowId + " was not found or the current user does not have permissions to access it.");
         if (checkEditability)
         {
             if (admin)
             {
                 if (SpecimenRequestManager.get().isInFinalState(request))
-                    throw new RuntimeException("Request " + rowId + " is in a final state and cannot be modified.");
+                    throw new IllegalArgumentException("Request " + rowId + " is in a final state and cannot be modified.");
             }
             else
             {
                 SpecimenRequestStatus cartStatus = SpecimenRequestManager.get().getRequestShoppingCartStatus(container, user);
                 if (cartStatus == null || request.getStatusId() != cartStatus.getRowId())
-                    throw new RuntimeException("Request " + rowId + " has been submitted and can only be modified by an administrator.");
+                    throw new IllegalArgumentException("Request " + rowId + " has been submitted and can only be modified by an administrator.");
             }
         }
         return request;
@@ -616,7 +616,7 @@ public ApiResponse execute(RequestIdForm deleteRequestForm, BindException errors
 
     private void buildTypeSummary(List<Map<String, Object>> summary, List<? extends SpecimenTypeSummary.TypeCount> types)
     {
-        // Recursively decend through the vial type hierarchy, adding a count property and a list of children for each type.
+        // Recursively descend through the vial type hierarchy, adding a count property and a list of children for each type.
         for (SpecimenTypeSummary.TypeCount count : types)
         {
             Map<String, Object> countProperties = new TreeMap<>();

specimen/src/org/labkey/specimen/actions/SpecimenController.java

@@ -99,6 +99,7 @@
 import org.labkey.api.reader.ColumnDescriptor;
 import org.labkey.api.reader.DataLoader;
 import org.labkey.api.security.ActionNames;
+import org.labkey.api.security.RequiresLogin;
 import org.labkey.api.security.RequiresPermission;
 import org.labkey.api.security.User;
 import org.labkey.api.security.ValidEmail;
@@ -1325,12 +1326,12 @@ public void addNavTrail(NavTree root)
     }
 
     @RequiresPermission(ReadPermission.class)
+    @RequiresLogin
     public class ViewRequestsAction extends SimpleViewAction<Object>
     {
         @Override
         public ModelAndView getView(Object o, BindException errors)
         {
-            requiresLogin();
             SpecimenRequestQueryView grid = SpecimenRequestQueryView.createView(getViewContext());
             grid.setExtraLinks(true);
             grid.setShowCustomizeLink(false);
@@ -4428,6 +4429,9 @@ public class RequestHistoryAction extends SimpleViewAction<IdForm>
         public ModelAndView getView(IdForm form, BindException errors)
         {
             _requestId = form.getId();
+            @Nullable SpecimenRequest request = SpecimenRequestManager.get().getRequest(getContainer(), _requestId);
+            if (null == request)
+                throw new NotFoundException("Specimen request " + _requestId + " was not found in this study");
             HtmlView header = new HtmlView(LinkBuilder.labkeyLink("View Request", SpecimenController.getManageRequestURL(getContainer(), form.getId(), null)));
             SimpleFilter filter = new SimpleFilter(FieldKey.fromParts("RequestId"), form.getId());
             GridView historyGrid = getRequestEventGridView(getViewContext().getRequest(), errors, filter);