Easily add security checks to your H5 Scripts

July 17, 2023
 |  No Comments

Ensuring that the right content displays to the right users creates an intuitive experience. Let’s delve into the ScriptAuth class from the h5-script-plus package and discover how you can effortlessly add these features to your H5 scripts today!

Organizations commonly request that a script should limit an action’s availability to specific users. The preferred approach for defining these user groups is through the standard M3 User Roles. To leverage this functionality in our scripts, we can utilize the ScriptAuth class.

Now, let’s examine a sample script and observe how we can swiftly integrate this capability.

import { ScriptAuth } from '@designedresults/h5-script-plus'

class MMS001E_ReleaseAll {
  private controller: IInstanceController
  
  constructor(args: IScriptArgs) {
  }
  public static Init(args: IScriptArgs) {
    new MMS001E_ReleaseAll(args).run()
  }
  
  private run() {
    if (new ScriptAuth(this.controller).hasRole('ITM_REL')) {
      this.addButton()
    }
  }
  
  private addButton() {
    // add action button ...
  }
  
}

In the initial run method, we can create a new instance of the ScriptAuth class with our controller and pass in the role we want to check against.

We’ve taken what would be several lines of more abstract code and create a single line that communicates what is happening.

If the user has the role, “ITM_REL”, then add the button.


We have abstracted away the details of pulling the roles that the user currently has and checking if it matches the role we’re looking for. This increases readability and reduces the likelihood of errors. To learn more about the benefits of using H5 Script Plus, please read our introductory post, Accelerate your H5 Script projects!

Checking Authorization

We can the check a variety of elements in the current context to determine how our code runs.

  • Program – isProgram()
  • Panel – isPanel()
  • Sorting Order – isSort()
  • View – isView()
  • User – isUser()
  • Role – hasRole()
  • Mode – isMode()

In many cases, it is necessary to test a combination of these elements together. To address this, you can utilize the isAllowed() method. This method is designed to be called with an object that describes the values to be checked against. Additionally, you can set an array of values for each check.

const allowed: IAllowedAuth = {
  role: ['ROLE1','ROLE2'],
  mode: Mode.CHANGE
}
if (new ScriptAuth(this.controller).isAllowed(allowed)) {
  // role is either ROLE1 or ROLE2   AND   mode is change
}

Start using H5 Script Plus today!

Get in touch with us today to get the H5 Script Plus package integrated into your projects. We’ll help get your team set up with a solid project to jump start your H5 Script development today. If you don’t have in-house developers, our technical services team can discuss your requirements, and quickly turn around scripts that will unlock the hidden potential of M3. Don’t hesitate to reach out and take advantage of our expertise.