1. Scripts

User sign-in script

The following web script example is executed when a user logs into Sitecore Content Hub. It updates the user’s groups based on the provided claims.

Important

This example uses the Everyone user group. Do not use it on your own Content Hub instance without customizing the script based on the names of your organization's user groups.

Before you begin

  • Ensure claims mapping configurations for sign-in are set up in the schema editor.

Script

using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

if (Context.AuthenticationSource != AuthenticationSource.External)
{
  return;
}

// collect group names from the claims
List <string> groups = new List <string> ();
if (Context.ExternalUserInfo?.Claims == null)
{
  groups.Add(Stylelabs.M.Sdk.Constants.UserGroup.Groups.Everyone);
}
else
{
  foreach (Stylelabs.M.Scripting.Types.V1_0.User.Claim group in Context.ExternalUserInfo.Claims)
  {
    if (group.Type == "MySpecialGroupType")
    {
      groups.Add(group.Value);
    }
  }
}

// load the group ids
List <long> groupIds = (await MClient.Users.GetUserGroupIdsAsync(groups).ConfigureAwait(false))?.Values.ToList();

var user = Context.User;

// ensure UserGroupToUser relation is loaded
await user.LoadMembersAsync(null, new RelationLoadOption("UserGroupToUser")).ConfigureAwait(false);

// update the relation UserGroupToUser with ids of the collected groups
user.GetRelation("UserGroupToUser").SetIds(groupIds);

// update the user
await MClient.Entities.SaveAsync(user).ConfigureAwait(false);

Script explanation

This section steps through the script in execution order, explaining each part. The numbered items describe the sequence, not instructions to perform.

  1. Ensure that user groups are updated for a user based on external claims if the authentication source is external.

    if (Context.AuthenticationSource != AuthenticationSource.External)
{
  return;
}

  2. Create a list of group names to collect group information from external claims. If no claims are available, add the default Everyone group.

    List <string> groups = new List <string>();
if (Context.ExternalUserInfo?.Claims == null)
{
  groups.Add(Stylelabs.M.Sdk.Constants.UserGroup.Groups.Everyone);
}
else
{
  foreach (Stylelabs.M.Scripting.Types.V1_0.User.Claim group in Context.ExternalUserInfo.Claims)
  {
    if (group.Type == "MySpecialGroupType")
    {
      groups.Add(group.Value);
    }
  }
}

  3. Retrieve the IDs of the collected user groups using the GetUserGroupIdsAsync method. These IDs will be used to update the user's group relations.

    List <long> groupIds = (await MClient.Users.GetUserGroupIdsAsync(groups).ConfigureAwait(false))?.Values.ToList();

  4. Retrieve the target user entity from the context, and the UserGroupToUser relation is loaded. This relation represents the user's membership in specific groups.

    var user = Context.User;

// ensure UserGroupToUser relation is loaded
await user.LoadMembersAsync(null, new RelationLoadOption("UserGroupToUser")).ConfigureAwait(false);

  5. Update the UserGroupToUser relation with the IDs of the collected groups, linking the user to the appropriate groups.

    user.GetRelation("UserGroupToUser").SetIds(groupIds);

  6. Save the user entity, persisting the updated group memberships.

    await MClient.Entities.SaveAsync(user).ConfigureAwait(false);

Setup

  • Create, publish, and enable the User sign-in script.

Disable a sign-in script

A sign-in script might lock users out if it contains runtime errors or inconsistent user validation. If this happens, disable the script by using the REST API or SDK to change M.Script.Enabled to false.

The following example disables a script using the web SDK:

var loadConfig = new EntityLoadConfiguration(
        CultureLoadOption.None,
        new PropertyLoadOption(
          ScriptingConstants.Scripting.Properties.Enabled),
        RelationLoadOption.None);

var script = await MClient.Entities.GetAsync( your script id , loadConfig).ConfigureAwait(false);
script?.SetPropertyValue("M.Script.Enabled", false);

await MClient.Entities.SaveAsync(script).ConfigureAwait(false);
If you have suggestions for improving this article, let us know!