Broadleaf Microservices
  • v1.0.0-latest-prod

Catalog Services Release Notes for 2.1.0-GA

  • The 2.x versions are Spring Boot 3 compatible.

Requirements

  • JDK 17 is required for Broadleaf release trains 2.0.0-GA, and beyond.

New Features & Notable Changes

  • Business Types are enabled by default and the Product Browse List Grid now uses them as filters on a single grid rather than splitting each type into separate grids.

    • To disable set

      broadleaf:
  catalog:
    metadata:
      products:
         enable-business-types: false

  • Product Browse List Grid now integrates with Search Services to enable Faceted Search functionality.

    • Requires AdminWeb 1.10.7

    • To disable, set

      broadleaf:
  catalog:
    metadata:
      faceted-search-enabled: false

  • Bulk Operations are now supported with four out-of-the-box operations for Product.

Introduced Catalog Access Policies

Catalog access policies allow merchandisers to restrict the contents of a catalog that are visible to customers in the storefront. See this guide for more details.

API Changes

CatalogServices OpenAPI Docs

Table 1. New Endpoints
Path Description

GET /catalog-access-policies

Read all catalog access policies by the given RSQL filters or request parameters

POST /catalog-access-policies

Creates a Catalog Access Policies

GET /catalog-access-policies/{catalogAccessPolicyId}

Reads a catalog access policy by ID

PATCH /catalog-access-policies/{catalogAccessPolicyId}

Updates a catalog access policy

PUT /catalog-access-policies/{catalogAccessPolicyId}

Replaces a catalog access policy

DELETE /catalog-access-policies/{catalogAccessPolicyId}

Deletes a catalog access policy

Configuration Properties

  • broadleaf.catalog.catalog-access-policy.request-attribute-list

    • Represents the list of attribute from a WebRequest to store on CatalogAccessPolicyContext.

    • The attribute name should be matched by a field name configured in metadata for the CatalogAccessPolicy#matchRule rule-builder.

  • broadleaf.catalog.catalog-access-policy.additional-claims

    • Represents a list of additional auth token claims to add as attributes to the CatalogAccessPolicyContext for rules to be evaluated against.

    • The attribute name should be matched by a field name configured in metadata for the CatalogAccessPolicy#matchRule rule-builder.

  • broadleaf.search.common.catalog-access-policy.whitelisted-service-callers: The names of external microservices that are expected to call Search Service for admin or bulk processing requests and should be whitelisted so that they bypass Catalog Access Policy filtering.

    • When another service calls Search, the original user’s (e.g., admin user’s) auth token is replaced by the calling service’s, so any information about them must be provided in the request rather than in the auth.

    • Default is ["bulkopsclient"]

Spring Cloud Stream Message Binding Updates

This CatalogAccessPolicyModifiedEventProducer is responsible for sending a message to be consumed by Search services to synchronize Catalog Access Policies that have been created, updated, or deleted.

The channel message bindings are registered in the yaml configuration file, see below for example.

spring:
  cloud:
    stream:
      bindings:
          catalogAccessPolicyModifiedInput:
              group: search-catalog-access-policy
              destination: catalogAccessPolicyModified

Permissions

New Permissions are required for working with the new CatalogAccessPolicy domain in the Admin.

Note
 This step is not necessary if running Project Initializer’s data module
To be run against the Auth schema. 
-- Scopes
INSERT INTO BLC_SECURITY_SCOPE (ID, NAME, OPEN) VALUES ('-92', 'CATALOG_ACCESS_POLICY', 'N');

-- Permissions
INSERT INTO BLC_USER_PERMISSION (ID, ARCHIVED, LAST_UPDATED, NAME, IS_ACCOUNT_PERM, USER_ASSIGNABLE) VALUES ('-316', 'N', '2024-03-01 19:20:26.220826', 'ALL_CATALOG_ACCESS_POLICY', 'N', 'Y');
INSERT INTO BLC_USER_PERMISSION (ID, ARCHIVED, LAST_UPDATED, NAME, IS_ACCOUNT_PERM, USER_ASSIGNABLE) VALUES ('-317', 'N', '2024-03-01 19:20:26.232039', 'READ_CATALOG_ACCESS_POLICY', 'N', 'Y');

-- Permissions Scopes
INSERT INTO BLC_PERMISSION_SCOPE (ID, PERMISSION, IS_PERMISSION_ROOT, SCOPE_ID) VALUES ('-413', 'CATALOG_ACCESS_POLICY', 'Y', '-92');

-- Role Permissions
-- Partial Access
INSERT INTO BLC_ROLE_PERMISSION_XREF (ROLE_ID, PERMISSION_ID) VALUES ('-1', '-317');
-- Full Access
INSERT INTO BLC_ROLE_PERMISSION_XREF (ROLE_ID, PERMISSION_ID) VALUES ('-2', '-316');
-- Application Access
INSERT INTO BLC_ROLE_PERMISSION_XREF (ROLE_ID, PERMISSION_ID) VALUES ('-7', '-316');
-- Marketplace Operator Access
INSERT INTO BLC_ROLE_PERMISSION_XREF (ROLE_ID, PERMISSION_ID) VALUES ('-200', '-316');
-- Vendor Admin Access
INSERT INTO BLC_ROLE_PERMISSION_XREF (ROLE_ID, PERMISSION_ID) VALUES ('-201', '-316');
-- Vendor Merchandiser Access
INSERT INTO BLC_ROLE_PERMISSION_XREF (ROLE_ID, PERMISSION_ID) VALUES ('-202', '-317');

-- Client Scopes
INSERT INTO BLC_CLIENT_SCOPES (ID, SCOPE) VALUES ('openapi', 'CATALOG_ACCESS_POLICY');

-- Client Permissions
INSERT INTO BLC_CLIENT_PERMISSIONS (ID, PERMISSION) VALUES ('openapi', 'ALL_CATALOG_ACCESS_POLICY');