Hey Daniel,

The JavaScript version of CanI (which mimics the functionality of our admin version) is simply a check to make sure a given admin user has the appropriate permissions to view whatever page they are on (and use all associated functionality). It is an access control check.The parameters are: CanI( privilege, viewpriv, addpriv, modifypriv, deletepriv ), where "privilege" is the privilege code (CUST for seeing if a user can access customer data, PROD, CTGY, etc), and each of the view/add/modify/delete parameters are boolean 0 or 1. In admin, if you go to the Store Settings > User Groups screen and edit (or create) a group, then go to the Privileges tab, you can see a list of the available ones.

I know you're writing a module for customer data. Please make sure that you keep information leaking in mind and add the appropriate access control checks in to verify that the logged in user in the admin interface has the correct privileges to view/add/update/delete whatever information and functionality you are making available in your module. This goes for both the front facing interface, as well as the backend MivaScript code (JSON functions, actions, etc). Going back to the mmlsk-wtbshipmv file I referenced in your other thread, if you scroll down to the JSON_XXX functions, you should see things like:

You should be doing something similar (in your JSON functions), or:

if in an admin action. g.Admin_Open_Store and JSON_Store_Open verify that the store has been opened correctly. You would, of course, need to use the correct CanI privilege (view, add, modify, delete) check based on what functionality you are attempting to achieve. If you're displaying data, you should be checking view, if there will be any modification of the data, you should be using modify, etc.