I got this for the second part of the question but still couldn't find an answer for the first part even in Google documentation.
This is a very simple answer but it helped. We just need to get the user ID and compare it to the list of authorized users, if user is in the list then a link is created, if not, a label is created telling the user they need permission.
function doGet() {
var app = UiApp.createApplication();
var arr = new Array(4);
arr[0] = "user_001@company.com";
arr[1] = "user_002@company.com";
arr[2] = "user_003@company.com";
arr[3] = "user_004@company.com";
for (var i = 0; i < arr.length; i++) {
if (Session.getActiveUser().getUserLoginId() == arr[i]){
var label = app.createLabel('User: ' + Session.getActiveUser().getUserLoginId() + ', You have permission :)');//false
var link = app.createAnchor('Here is your link', 'http://www.umich.edu').setId("link").setVisible(true);//false
var flag = 1;
break;
//#####################
} else {
var label = app.createLabel('You need permission :(');//false
var flag = 0;
}
}
app.add(label);
if (flag == 1){app.add(link);}
return app;
}