To do this we first need to add a couple new fields to our custom settings in our A4T.xml file:
As you can see I’ve added 3 custom settings, 2 of which are related to this task, adminRequired and allowedUsers. These plugins will do exactly what they sound like by the time we’re done.
Now I have global access to my settings throughout this JS file. All I need to do now is compare my settings to my current user information to decide if this user gets to use my plugin. I do this in my isEnabled and/or isAvailable functions and the logic is identical:
The function “isAppropriateItem” is unrelated to what we’ve just done, it is checking if the selected item has where used data (we’re looking at WhereUsedPlus as an example). Assuming the item actually has where used data we retrieve the settings we’ve set up, along with the current user (the “user” var). Then it’s a simple matter of checking if we are requiring an admin user and if we are making sure the user is an admin, then checking if we’ve set an allowed user (or users, since this is just a string search we can list as many users as we want using any delimiter between), then seeing if the list of allowed users contains our current user. If no allowed user is set this feature will be ignored. If the adminRequired field is not set to “true” we assume it is not required. You can tweak the logic to meet your specific needs.
Now that this is set we can go view our plugin in the dashboard and configure our permissions right from the Alchemy GUI, no fuss, no XML and no one using our plugin who shouldn’t. With the below settings only the TRIDION\ADMIN user will be able to use the plugin, and only if this user is a Tridion administrator.