Fix index list API view

Add index create, delete, detail API tests. Fixes GitLab
issue #564.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>

HISTORY.rst

@@ -27,6 +27,8 @@
 * Reject emails attachments of size 0. Thanks to Robert Schoeftner
   (@robert.schoeftner)for the report and solution. GitLab issue #574.
 * Add missing document index API view create permission.
+* Fix index list API view. Add index create, delete, detail API tests.
+  GitLab issue #564.
 
 3.1.9 (2018-11-01)
 ==================

docs/releases/3.1.10.rst

@@ -80,6 +80,14 @@ don't contain at least one version, and don't contain a single page. All these
 are requirements for a valid document in Mayan EDMS.
 
 
+Other changes
+^^^^^^^^^^^^^
+
+* Add missing document index API view create permission.
+* Fix index list API view. Add index create, delete, detail API tests.
+  GitLab issue #564.
+
+
 Removals
 --------
 
@@ -151,6 +159,7 @@ Bugs fixed or issues closed
 * :gitlab-issue:`559` IndexTestCase.test_dual_level_dual_document_index failure
 * :gitlab-issue:`562` events.links.link_user_notifications_list should use
   reverse
+* :gitlab-issue:`564` API REST /api/indexes/ generates an "Internal Server Error"
 * :gitlab-issue:`566` apps.common.tests.base.GenericViewTestCase doesn't work
   with a custom ROOT_URLCONF
 * :gitlab-issue:`568` Tornado 6.0 doesn't support Python 2.7

mayan/apps/document_indexing/serializers.py

@@ -7,7 +7,7 @@ from .models import Index, IndexInstanceNode, IndexTemplateNode
 
 
 class IndexInstanceNodeSerializer(serializers.ModelSerializer):
-    children = serializers.ListField(child=RecursiveField())
+    children = RecursiveField(many=True, read_only=True)
     documents_count = serializers.SerializerMethodField()
     documents = serializers.HyperlinkedIdentityField(
         view_name='rest_api:index-node-documents'

mayan/apps/document_indexing/tests/test_api.py

@@ -0,0 +1,107 @@
+from __future__ import unicode_literals
+
+from rest_framework import status
+
+from documents.tests import DocumentTestMixin
+from rest_api.tests import BaseAPITestCase
+
+from ..models import Index
+from ..permissions import (
+    permission_document_indexing_create, permission_document_indexing_delete,
+    permission_document_indexing_view
+)
+
+from .literals import TEST_INDEX_LABEL, TEST_INDEX_SLUG
+from .mixins import DocumentIndexingTestMixin
+
+
+class DocumentIndexingAPITestCase(DocumentIndexingTestMixin, DocumentTestMixin, BaseAPITestCase):
+    auto_upload_document = False
+
+    def setUp(self):
+        super(DocumentIndexingAPITestCase, self).setUp()
+        self.login_user()
+
+    def _request_index_create_api_view(self):
+        return self.post(
+            viewname='rest_api:index-list', data={
+                'label': TEST_INDEX_LABEL, 'slug': TEST_INDEX_SLUG,
+                'document_types': self.document_type.pk
+            }
+        )
+
+    def test_index_create_api_view_no_permission(self):
+        response = self._request_index_create_api_view()
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+        self.assertEqual(Index.objects.count(), 0)
+
+    def test_index_create_api_view_with_permission(self):
+        self.grant_permission(permission=permission_document_indexing_create)
+
+        response = self._request_index_create_api_view()
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+        index = Index.objects.first()
+
+        self.assertEqual(response.data['id'], index.pk)
+        self.assertEqual(response.data['label'], index.label)
+
+        self.assertEqual(Index.objects.count(), 1)
+        self.assertEqual(index.label, TEST_INDEX_LABEL)
+
+    def _request_index_delete_api_view(self):
+        return self.delete(
+            viewname='rest_api:index-detail', kwargs={
+                'pk': self.index.pk
+            }
+        )
+
+    def test_index_delete_api_view_no_permission(self):
+        self._create_index()
+
+        response = self._request_index_delete_api_view()
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+        self.assertTrue(self.index in Index.objects.all())
+
+    def test_index_delete_api_view_with_access(self):
+        self._create_index()
+
+        self.grant_access(
+            obj=self.index, permission=permission_document_indexing_delete
+        )
+
+        response = self._request_index_delete_api_view()
+        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
+
+        self.assertTrue(self.index not in Index.objects.all())
+
+    def _request_index_detail_api_view(self):
+        return self.get(
+            viewname='rest_api:index-detail', kwargs={
+                'pk': self.index.pk
+            }
+        )
+
+    def test_index_detail_api_view_no_access(self):
+        self._create_index()
+
+        response = self._request_index_detail_api_view()
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertTrue('id' not in response.data)
+
+    def test_index_detail_api_view_with_access(self):
+        self._create_index()
+
+        self.grant_access(
+            obj=self.index, permission=permission_document_indexing_view
+        )
+
+        response = self._request_index_detail_api_view()
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data['id'], self.index.pk
+        )