Filter by access in the program list for catalog client (#1526)

* Filter by access in the catalog list

* Improved fixtures configuration

* Improved comments around the filters

gateway/api/views/programs.py

@@ -319,27 +319,6 @@ def _get_program_queryset_for_title_and_provider(
             codename=VIEW_PROGRAM_PERMISSION
         )
 
-        # Groups logic
-        if type_filter:
-            if type_filter == "catalog":
-                view_permission_criteria = Q(permissions=view_program_permission)
-                groups_with_view_permissions = Group.objects.filter(
-                    view_permission_criteria
-                )
-                groups_with_view_permissions_criteria = Q(
-                    instances__in=groups_with_view_permissions
-                )
-                provider_exists_criteria = ~Q(provider=None)
-                result_queryset = Program.objects.filter(
-                    groups_with_view_permissions_criteria & provider_exists_criteria
-                )
-                return result_queryset
-            if type_filter == "serverless":
-                result_queryset = Program.objects.filter(
-                    Q(author=author) & Q(provider=None)
-                )
-                return result_queryset
-
         user_criteria = Q(user=author)
         view_permission_criteria = Q(permissions=view_program_permission)
         author_groups_with_view_permissions = Group.objects.filter(
@@ -354,11 +333,30 @@ def _get_program_queryset_for_title_and_provider(
             author_groups_with_view_permissions_count,
         )
 
-        # Programs logic
         author_criteria = Q(author=author)
         author_groups_with_view_permissions_criteria = Q(
             instances__in=author_groups_with_view_permissions
         )
+
+        # Serverless filter only returns functions created by the author with the next criterias:
+        # user is the author of the function and there is no provider
+        if type_filter == "serverless":
+            provider_criteria = Q(provider=None)
+            result_queryset = Program.objects.filter(
+                author_criteria & provider_criteria
+            )
+            return result_queryset
+
+        # Catalog filter only returns providers functions that user has access:
+        # author has view permissions and the function has a provider assigned
+        if type_filter == "catalog":
+            provider_exists_criteria = ~Q(provider=None)
+            result_queryset = Program.objects.filter(
+                author_groups_with_view_permissions_criteria & provider_exists_criteria
+            )
+            return result_queryset
+
+        # If filter is not applied we return author and providers functions together
         title = sanitize_name(title)
         provider_name = sanitize_name(provider_name)
         if title:

gateway/tests/api/test_v1_program.py

@@ -75,7 +75,7 @@ def test_provider_programs_catalog_list(self):
         )
         self.assertEqual(
             programs_response.data[0].get("title"),
-            "Docker-Image-Program-2",
+            "Docker-Image-Program-3",
         )
 
     def test_provider_programs_serverless_list(self):

gateway/tests/fixtures/fixtures.json

@@ -92,6 +92,21 @@
       "author": 3,
       "env_vars": "{\"PROGRAM_ENV1\": \"VALUE1\", \"PROGRAM_ENV2\": \"VALUE2\"}",
       "provider": "bfe8aa6a-2127-4123-bf57-5b547293cbeb",
+      "instances": [
+        100
+      ]
+    }
+  },
+  {
+    "model": "api.program",
+    "pk": "74d300c1-f3f2-4c79-9b3e-2faab5f76d76",
+    "fields": {
+      "created": "2023-02-01T15:30:43.281796Z",
+      "title": "Docker-Image-Program-3",
+      "image": "icr.io/awesome-namespace/awesome-title",
+      "author": 3,
+      "env_vars": "{\"PROGRAM_ENV1\": \"VALUE1\", \"PROGRAM_ENV2\": \"VALUE2\"}",
+      "provider": "bfe8aa6a-2127-4123-bf57-5b547293cbeb",
       "instances": [
         100,
         101