So for your use case, if it is convenient for you to use integrated webView (inside the Adobe Campaign client) instead of opening it directly in IE, it is enough to use the <input type="urlViewer"> that I mentioned in my post, with the visibleIf/accessibleIf filtering based either on HasNamedRight (recommended) or $(login) operator information.
As Florent said, it would be better to tell which XML form you want to modify, in order to better help. I guess it is one of nms:delivery, nms:deliveryDet, nms:newDelivery depending on your need. Or one of their subforms.
Whatever the form you have to change, the global idea is to use this specific input xml element type, urlViewer. Please note that this type urlViewer is not mentioned in the JS API v6.1 documentation. (The urlButton type is intended to act only as the Button input type, so internally to the form, even if SOAP methods can be called in <enter> or <leave> sections.).
The good think is that <input type="urlViewer"> element can be used to open the html target page (standard web page, AC report, etc) directly in the Adobe Campaign client, either inside another form/container, as a subform with type="frame", equivalent to an iFrame behavior, or in a plain new tab of the Adobe Campaign client). I don't know if it is possible to open the target page directly in the Internet Explorer browser.
In order to be clearer, let me mention some examples:
the Deliverability report that is available in the Welcome home tab>Menu Monitoring>link Deliverabilty: the form is nms:deliverabilityReports and it opens the report web page of external site (Adobe site) inside AC client as a new tab <input type="urlViewer" urlExpr="'http://deliverability.neolane.net/jssp/xtk/report.jssp [etc]/>
many urlViewer uses in the formlib library (with most often sessiontoken=true)
dashboards use them often to display reports or jssp
the webApp dashboard (1st tab) is actually an html web page, while other tabs are xml forms (and so it display the published URL and because being an (integrated) web page, it is easy to open the target url in a browser.
So it gives an idea of many integrations/combinations possibles for carrying out your intended specific customisation of delivery (WeChat channel).
Regarding the right access privileges, I recommend to use a dedicated Group operator to restrict access to your functionality, rather testing operator id/email. Many samples describe this mechanism in JS API documentation, but for instance see CheckRights method of xtk:operator.