Broadleaf Microservices
  • v1.0.0-latest-prod

Catalog Access Policies

Table of Contents


Catalog access policies allow merchandisers to restrict the contents of a catalog that are visible to customers in the storefront. Out-of-box, the targeted content may be of the following types:

  • CATALOG: targets entire catalogs whose IDs are included in CatalogAccessPolicy#targetCatalogIds

  • PRODUCT: targets individual products matching a set of CatalogAccessPolicy#filterRules

The visibility of the targeted content is determined by the CatalogAccessPolicy#matchRule, which is a Spring Expression Language (SpEL) expression to be evaluated against a context object containing authenticated user and request information, CatalogAccessPolicyContext. This feature is managed by Catalog Services in synchronization with Search services to allow for catalog access policies to influence search queries.

Key Components

The following are the key components for making use of CatalogAccessPolicies in Catalog Service:

  • CatalogContextRequestHydrator: Handles finding CatalogAccessPolicies applying to entire Catalogs and modifying the ContextRequest to include or exclude Catalogs based on the which policies match. This is primarily a commerce-facing filtering process. However, to assist in management in the admin at the Application level, this will also filter out any Catalog targeted by a policy. Catalogs targeted by policies can instead be selected individual using a Catalog selector ribbon. There will also be a "default" option to view the contents of all non-restricted Catalogs, which is equivalent to the normal Application-leve behavior.

  • CatalogAccessPolicyContextInfoCustomizer: Handles CatalogAccessPolicies applying to Products rather than entire Catalogs. This will apply QueryInfluencers to the ContextInfo using the filterRules of any policies that match the request. These are then translated in criteria queries for any Product requests.

These are the equivalent components in Search Services for convenience:

  • SearchContextRequestHydrator: Equivalent behavior to CatalogContextRequestHydrator.

  • CatalogAccessPolicyQueryContributor: Equivalent behavior to CatalogAccessPolicyContextInfoCustomizer but instead of modifying the ContextInfo with QueryInfluencers, this modifies the Solr query with filters based on the policies that match the context.