davidknipe/IMarketAccessRightsHelper.cs

## IMarketAccessRightsHelper.cs
using Mediachase.Commerce;

namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
{
    public interface IMarketAccessRightsHelper
    {
        bool IsFilteredMarketsRequest();
        bool UserHasAccessToMarket(IMarket market);
    }
}

## MarketAccessRightsHelper.cs
using System.Collections.Generic;
using System.Web;
using EPiServer.ServiceLocation;
using Mediachase.Commerce;

namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
{
    [ServiceConfiguration(typeof(IMarketAccessRightsHelper), Lifecycle = ServiceInstanceScope.Singleton)]
    public class MarketAccessRightsHelper : IMarketAccessRightsHelper
    {
        private readonly IList<string> _epiUiUrls;

        public MarketAccessRightsHelper()
        {
            // Configure Episerver UI url segments
            _epiUiUrls = new List<string>
            {
                "Episerver.Commerce.Shell/".ToLower(),
                "CMS/".ToLower(),
                "Shell/".ToLower()
            };
        }

        public virtual bool IsFilteredMarketsRequest()
        {
            if (HttpContext.Current.Request.Url.Segments.Length > 2)
            {
                var uiUrlSegment = HttpContext.Current.Request.Url.Segments[2].ToLower();
                return _epiUiUrls.Contains(uiUrlSegment);
            }
            return false;
        }

        public virtual bool UserHasAccessToMarket(IMarket market) => HttpContext.Current.User.IsInRole("MarketAccess_" + market.MarketName);
    }
}

## MarketAccessRightsMarketService.cs
using System.Collections.Generic;
using System.Linq;
using EPiServer.Framework.Cache;
using Mediachase.Commerce;
using Mediachase.Commerce.Markets.Database;

namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
{
    public class MarketAccessRightsMarketService : MarketServiceCache
    {
        private readonly IMarketAccessRightsHelper _marketAccessRightsHelper;

        public MarketAccessRightsMarketService(ISynchronizedObjectInstanceCache cache, IMarketAccessRightsHelper marketAccessRightsHelper) : base(cache)
        {
            _marketAccessRightsHelper = marketAccessRightsHelper;
        }

        public override IEnumerable<IMarket> GetAllMarkets()
        {
            if (_marketAccessRightsHelper.IsFilteredMarketsRequest())
            {
                var allMarkets = base.GetAllMarkets();
                return allMarkets.Where(market => _marketAccessRightsHelper.UserHasAccessToMarket(market)).ToList();
            }
            return base.GetAllMarkets();
        }
    }
}

## MarketAccessRightsPriceDetailDatabase.cs
using System.Collections.Generic;
using System.Linq;
using EPiServer.Core;
using Mediachase.Commerce;
using Mediachase.Commerce.Catalog;
using Mediachase.Commerce.Markets;
using Mediachase.Commerce.Pricing;
using Mediachase.Commerce.Pricing.Database;

namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
{
    public class MarketAccessRightsPriceDetailDatabase : PriceDetailDatabase, IPriceDetailService
    {
        private readonly IMarketAccessRightsHelper _marketAccessRightsHelper;
        private readonly IMarketService _marketService;

        public MarketAccessRightsPriceDetailDatabase(ReferenceConverter referenceConverter, IMarketAccessRightsHelper marketAccessRightsHelper, IMarketService marketService) : base(referenceConverter)
        {
            _marketAccessRightsHelper = marketAccessRightsHelper;
            _marketService = marketService;
        }

        public new IList<IPriceDetailValue> List(ContentReference catalogContentReference, MarketId marketId,
            PriceFilter priceFilter, int offset, int count, out int totalCount)
        {
            // If the market Id is blank (i.e "All") then filter the
            // prices by the markets that the user has access to
            if (_marketAccessRightsHelper.IsFilteredMarketsRequest() && marketId.Value == string.Empty)
            {
                var allowedMarkets = _marketService.GetAllMarkets().Select(m => m.MarketId);
                var allPrices = base.List(catalogContentReference, marketId, priceFilter, offset, count, out totalCount);
                return allPrices.Where(price => allowedMarkets.Contains(price.MarketId)).ToList();
            }
            return base.List(catalogContentReference, marketId, priceFilter, offset, count, out totalCount);
        }
    }
}

## RegisterMarketSecurityImpl.cs
using EPiServer.Framework;
using EPiServer.Framework.Initialization;
using EPiServer.ServiceLocation;
using Mediachase.Commerce.Markets;
using Mediachase.Commerce.Pricing;

namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
{
    [ModuleDependency(typeof(EPiServer.Commerce.Initialization.InitializationModule))]
    public class RegisterMarketSecurityImpl : IConfigurableModule
    {
        public void ConfigureContainer(ServiceConfigurationContext context)
        {
            // Ovveride the default implementations, could use an interceptor here too
            context.Container.Configure(x => { x.For<IMarketService>().Use<MarketAccessRightsMarketService>(); });
            context.Container.Configure(x => { x.For<IPriceDetailService>().Use<MarketAccessRightsPriceDetailDatabase>(); });
        }

        public void Initialize(InitializationEngine context) { }

        public void Uninitialize(InitializationEngine context) { }
    }
}
	using Mediachase.Commerce;

	namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
	{
	public interface IMarketAccessRightsHelper
	{
	bool IsFilteredMarketsRequest();
	bool UserHasAccessToMarket(IMarket market);
	}
	}
	using System.Collections.Generic;
	using System.Web;
	using EPiServer.ServiceLocation;
	using Mediachase.Commerce;

	namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
	{
	[ServiceConfiguration(typeof(IMarketAccessRightsHelper), Lifecycle = ServiceInstanceScope.Singleton)]
	public class MarketAccessRightsHelper : IMarketAccessRightsHelper
	{
	private readonly IList<string> _epiUiUrls;

	public MarketAccessRightsHelper()
	{
	// Configure Episerver UI url segments
	_epiUiUrls = new List<string>
	{
	"Episerver.Commerce.Shell/".ToLower(),
	"CMS/".ToLower(),
	"Shell/".ToLower()
	};
	}

	public virtual bool IsFilteredMarketsRequest()
	{
	if (HttpContext.Current.Request.Url.Segments.Length > 2)
	{
	var uiUrlSegment = HttpContext.Current.Request.Url.Segments[2].ToLower();
	return _epiUiUrls.Contains(uiUrlSegment);
	}
	return false;
	}

	public virtual bool UserHasAccessToMarket(IMarket market) => HttpContext.Current.User.IsInRole("MarketAccess_" + market.MarketName);
	}
	}
	using System.Collections.Generic;
	using System.Linq;
	using EPiServer.Framework.Cache;
	using Mediachase.Commerce;
	using Mediachase.Commerce.Markets.Database;

	namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
	{
	public class MarketAccessRightsMarketService : MarketServiceCache
	{
	private readonly IMarketAccessRightsHelper _marketAccessRightsHelper;

	public MarketAccessRightsMarketService(ISynchronizedObjectInstanceCache cache, IMarketAccessRightsHelper marketAccessRightsHelper) : base(cache)
	{
	_marketAccessRightsHelper = marketAccessRightsHelper;
	}

	public override IEnumerable<IMarket> GetAllMarkets()
	{
	if (_marketAccessRightsHelper.IsFilteredMarketsRequest())
	{
	var allMarkets = base.GetAllMarkets();
	return allMarkets.Where(market => _marketAccessRightsHelper.UserHasAccessToMarket(market)).ToList();
	}
	return base.GetAllMarkets();
	}
	}
	}
	using System.Collections.Generic;
	using System.Linq;
	using EPiServer.Core;
	using Mediachase.Commerce;
	using Mediachase.Commerce.Catalog;
	using Mediachase.Commerce.Markets;
	using Mediachase.Commerce.Pricing;
	using Mediachase.Commerce.Pricing.Database;

	namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
	{
	public class MarketAccessRightsPriceDetailDatabase : PriceDetailDatabase, IPriceDetailService
	{
	private readonly IMarketAccessRightsHelper _marketAccessRightsHelper;
	private readonly IMarketService _marketService;

	public MarketAccessRightsPriceDetailDatabase(ReferenceConverter referenceConverter, IMarketAccessRightsHelper marketAccessRightsHelper, IMarketService marketService) : base(referenceConverter)
	{
	_marketAccessRightsHelper = marketAccessRightsHelper;
	_marketService = marketService;
	}

	public new IList<IPriceDetailValue> List(ContentReference catalogContentReference, MarketId marketId,
	PriceFilter priceFilter, int offset, int count, out int totalCount)
	{
	// If the market Id is blank (i.e "All") then filter the
	// prices by the markets that the user has access to
	if (_marketAccessRightsHelper.IsFilteredMarketsRequest() && marketId.Value == string.Empty)
	{
	var allowedMarkets = _marketService.GetAllMarkets().Select(m => m.MarketId);
	var allPrices = base.List(catalogContentReference, marketId, priceFilter, offset, count, out totalCount);
	return allPrices.Where(price => allowedMarkets.Contains(price.MarketId)).ToList();
	}
	return base.List(catalogContentReference, marketId, priceFilter, offset, count, out totalCount);
	}
	}
	}
	using EPiServer.Framework;
	using EPiServer.Framework.Initialization;
	using EPiServer.ServiceLocation;
	using Mediachase.Commerce.Markets;
	using Mediachase.Commerce.Pricing;

	namespace EPiServer.Reference.Commerce.Site.Features.MarketSecurity
	{
	[ModuleDependency(typeof(EPiServer.Commerce.Initialization.InitializationModule))]
	public class RegisterMarketSecurityImpl : IConfigurableModule
	{
	public void ConfigureContainer(ServiceConfigurationContext context)
	{
	// Ovveride the default implementations, could use an interceptor here too
	context.Container.Configure(x => { x.For<IMarketService>().Use<MarketAccessRightsMarketService>(); });
	context.Container.Configure(x => { x.For<IPriceDetailService>().Use<MarketAccessRightsPriceDetailDatabase>(); });
	}

	public void Initialize(InitializationEngine context) { }

	public void Uninitialize(InitializationEngine context) { }
	}
	}