Broadleaf Microservices
  • v1.0.0-latest-prod

Catalog Access Policies

Table of Contents

Overview

Catalog access policies allow merchandisers to restrict the contents of a catalog that are visible to customers in the storefront. Out-of-box, the targeted content may be of the following types:

  • CATALOG: targets entire catalogs whose IDs are included in CatalogAccessPolicy#targetCatalogIds

  • PRODUCT: targets individual products matching a set of CatalogAccessPolicy#filterRules

The visibility of the targeted content is determined by the CatalogAccessPolicy#matchRule, which is a Spring Expression Language (SpEL) expression to be evaluated against a context object containing authenticated user and request information, CatalogAccessPolicyContext. This feature is managed by Catalog Services in synchronization with Search services to allow for catalog access policies to influence search queries.

Key Components

The following are the key components for making use of CatalogAccessPolicies in Catalog Service:

  • CatalogContextRequestHydrator: Handles finding CatalogAccessPolicies applying to entire Catalogs and modifying the ContextRequest to include or exclude Catalogs based on the which policies match. This is primarily a commerce-facing filtering process. However, to assist in management in the admin at the Application level, this will also filter out any Catalog targeted by a policy. Catalogs targeted by policies can instead be selected individual using a Catalog selector ribbon. There will also be a "default" option to view the contents of all non-restricted Catalogs, which is equivalent to the normal Application-leve behavior.

  • CatalogAccessPolicyContextInfoCustomizer: Handles CatalogAccessPolicies applying to Products rather than entire Catalogs. This will apply QueryInfluencers to the ContextInfo using the filterRules of any policies that match the request. These are then translated in criteria queries for any Product requests.

  • CatalogAccessPolicyAndVendorAwareCacheKeyEnhancer: Enhances the various cache key generators in use to include the relevant Catalog Access Policy information. This component was created as there are cases when an initial request to Catalog Service will not include an access token and this will be followed up quickly with another one that does. When this happens, the Catalog Access Policies that apply can change. However, due to caching of downstream entities in Category or Product details requests, this change in Policies can be ignored due to the cache keys not including the relevant information, which is solved by this new Enhancer component.

These are the equivalent components in Search Services for convenience:

  • SearchContextRequestHydrator: Equivalent behavior to CatalogContextRequestHydrator.

  • CatalogAccessPolicyQueryContributor: Equivalent behavior to CatalogAccessPolicyContextInfoCustomizer but instead of modifying the ContextInfo with QueryInfluencers, this modifies the Solr query with filters based on the policies that match the context.