Documentation Home

Module Installation

The catalog access policy module requires configuration changes and database
changes.

Configuration Changes

  1. Add the dependency management section to your parent pom.xml:

    <dependency>
    <groupId>com.broadleafcommerce</groupId>
    <artifactId>broadleaf-catalog-access-policy</artifactId>
    <version>1.0.0-SNAPSHOT</version>
    <type>jar</type>
    <scope>compile</scope>
</dependency>

Data Changes

  1. Either include the following file in your blPU.hibernate.hbm2ddl.import_files environment property definition, or manually run the SQL statements found inside:

    /config/bc/sql/load_catalog_access_policy_admin_security.sql

  2. The Schema changes for this module are documented in the Data Model

Catalog Access Concepts

Policies

A policy is a collection of rules that define what parts of the catalog a customer can or cannot access. A policy is comprised of a segment of customers, and then set of rules governing the access for those customers.

Customer Segment

The segment of customers could be tied to an attribute of customer, whether they are registered, or whether they are tied to an account.

Rules

The rules governing access can be defined based on categories of products, or product attributes. For instance, we could exclude all products within the Hot Sauces category, or we could include only products that have the value of "Phone" for their Device Type.

Applications

By default, any catalog access policy will affect the following:

  • Search Results (products that are excluded will not show up in results)
  • Category Pages (you cannot access categories that are excluded)
  • Product Pages (you cannot access products that are excluded)
  • Menu (excluded categories will not show up as menu items)
  • Add To Cart (unable to add blocked products to cart)
  • Checkout (unable to checkout with blocked products)
  • Typeahead (if EnterpriseSearch module's Typeahead is used)
  • Quick Order Suggestions (if Account module is used)

Thymeleaf

In addition to these applications, one may use the CatalogAccessVariableExpression when implementing blocking behavior within thymeleaf templates. Here is an example:

<div th:unless="${#catalog_access.isBlockedByPolicy(product1, product2, product3, product4)}" class="featured-products">
    <h3 class="featured-products-title">Featured Products</h3>

    <ul class="featured-products-list">
        <li class="featured-products-item" th:unless="${#catalog_access.isBlockedByPolicy(product1)}" th:object="${product1}" th:include="catalog/productListItem"></li>
        <li class="featured-products-item" th:unless="${#catalog_access.isBlockedByPolicy(product2)}" th:object="${product2}" th:include="catalog/productListItem"></li>
        <li class="featured-products-item" th:unless="${#catalog_access.isBlockedByPolicy(product3)}" th:object="${product3}" th:include="catalog/productListItem"></li>
        <li class="featured-products-item" th:unless="${#catalog_access.isBlockedByPolicy(product4)}" th:object="${product4}" th:include="catalog/productListItem"></li>
    </ul>
</div>

Java

If you want to include catalog access blocking within your Java code whether it be a controller, workflow, or service, you can do so by using blCatalogAccessPolicyService. First off, you need to include the bean like so:

@Resource(name = "blCatalogAccessPolicyService")
protected CatalogAccessPolicyService policyService;

Once you have the service included, you can use it to get the policy for a Customer. You can then use that policy to check whether a Product or Category are blocked. In addition, you can generate the filter queries that will filter search results to only include products that are not blocked.

Customer customer = CustomerState.getCustomer();

if (customer != null) {
    // find the policy that applies to the customer
    CatalogAccessPolicy policy = policyService.findCatalogAccessPolicyForCustomer(customer);

    if (policy != null) {
        // check if a Product is not blocked by the policy
        if (policyService.validateProductForPolicy(policy, product)) {
            // this product is not blocked
        } else {
            // this product is blocked
        }

        ...

        // check if a Category is not blocked by the policy
        if (policyService.validateCategoryForPolicy(policy, category)) {
            // this category is not blocked
        } else {
            // this category is blocked
        }

        ...

        SolrQuery solrQuery = new SolrQuery();
        fillInMyCustomSolrQuery(solrQuery);

        // generate the filter queries for this policy
        List<String> filterQueries = policyService.createSolrFiltersForPolicy(policy);
        if (CollectionUtils.isNotEmpty(filterQueries)) {
            // iterate over each filter query and add it to the SolrQuery
            for (String filterQuery : filterQueries) {
                solrQuery.addFilterQuery(filterQuery);
            }
        }

        // use your SolrQuery to query Solr
        QueryResponse response = solrConfiguration.getServer().query(solrQuery, getSolrQueryMethod());

        ...
    }
}