Hide Field Based On Role/ Change Data Based On Role

I’m sure this is a common request for developers looking to hide sensitive data from the entire company. Classic examples will include social security numbers or credit card numbers as well as any other data.
After much research and testing I have found some great ways of altering output or all together hiding data to the user, keeping security a priority.
The process is simple and will include altering only 2 files per view.
I will document my findings by the end of the day or early morning.

I prefer to go this route instead of purchasing a yearly licence. Sometimes I feel that is not a good direction to go when a company may be looking toward a long term solution, and relying on a third party company can jeopardize use if the third party changes policy, pricing, goes out of business, or any number of unforeseen circumstances.

Well so far I have the manipulation of displayed data for the detail view down.
I am struggling to get the data manipulated for the edit view.

First we need to edit two files. The information helping me most came form here.

First edit /custom/modules/Contacts/view.detail.php

We want to check against a role, and set action afterwords.

class CustomContactsViewDetail extends ContactsViewDetail{
    public function display(){
        global $sugar_config;
        global $current_user; //First we need to add global user variable
        $aop_portal_enabled = !empty($sugar_config['aop']['enable_portal']);

        $this->ss->assign("AOP_PORTAL_ENABLED", $aop_portal_enabled);


		$isEnabledRole = in_array("Privileged", ACLRole::getUserRoleNames($current_user->id)); //Load Role to True or False
                 //If user is part of Role Privileged then they may see the full SSN
			//take the curent bean field needed to manipulate
			$numbers_only = preg_replace("/[^\d]/", "", $this->bean->ssn_c);
			$ssnformat = preg_replace("/^(\d{3})(\d{2})(\d{4})$/", "$1-$2-$3", $numbers_only);
                        //now this part i needed some brain food but basically we are taking a variable (ssnView) defined
                        //in the detailviewdefs.php which is the file that defines what is displayed per field and location
			$this->dv->ss->assign('ssnView', $ssnformat);

		} else {
			$numbers_only = preg_replace("/[^\d]/", "", $this->bean->ssn_c);
			$ssnlastfour = substr($numbers_only, -4);
			$ssnformat = '***-**-'.$ssnlastfour;
                        //alternate view for the remainding roles for the SSN, here we are also updating a variable in detailviewdefs.php
			$this->dv->ss->assign('ssnView', $ssnformat);


Great now we will update the detailviewdefs.php located in /custom/modules/Contacts/metadata/detailviews.php

//find where the field you would like to edit is located
10 => 
        array (
          0 => 
          array (
            'name' => 'ssn_c',
            'label' => 'LBL_SSN',
			'customCode' => '<span class="sugar_field" id="ssn_c">{$ssnView}</span>',// here we add the custom code section
//this allows us to place our very own output for this field
//and here we see the $ssnView variable is defined, make sure to have the variable enclosed in {} brackets.

That is simply it, run a quick repair and rebuild.

Now all the users with role “Privileged” will see the full SSN number. The remainding users will only see the last four of the SSN.

This can also be used to hide the field by simply assigning $ssnView variable *** or blank characters.

Now the issue I am Running into is with the EDIT view. I have followed the same vonvention, and even ensured $this->dv->ss->assign(‘ssnView’, $ssnformat); the “dv” is “ev” for edit view…and when the field is there and available, as I am only changing

array (
            'name' => 'ssn_c',
            'label' => 'LBL_SSN',
			'customCode' => '<input type="text" name="ssn_c" id="ssn_c" size="30" maxlength="15" value="{$ssnView}" title="">',

the value for the input, the input field appears but not the value inside of it. I suspect it is because the input fields are being rendered before the value of the variable. I honestly don’t know what could be missing and will have to save it for another day. Simply getting the data to be protected from users not needing it took me a solid 2 days of experimenting and coding.