Recently, we worked on a project for Catholic Schools NSW, where one of the key requirements was controlling access to content. Some pages and resources needed to be available only to authenticated users, while the rest of the site remained publicly accessible.
That requirement didn’t stop at the website itself, but it also extended to search. Authenticated users needed to see protected content in their results, while anonymous visitors should only see public content.
This presented an interesting challenge. In a decoupled architecture, search doesn’t automatically inherit Drupal’s access controls, so we needed a way to make search permission-aware without compromising performance. We used OpenSearch to build a solution that ensured users only saw content they were authorised to access, while keeping the search experience seamless.