How make a field visible only to the assigned user?

**a.slyzhko** · 02-05-2026, 08:07 AM

Dynamic logic in the Espo lacks this functionality currently, I mean to be ably to do this in a few clicks. However you can create output filter (this will not allow the value to be passed to front-end) and combine it with dynamic handler on the front-end (you can hide field from the assigned user)

**murugappan** · 02-05-2026, 09:28 AM

a.slyzhko thank you so much for your advise. Unfortunately, we have a policy of not messing with code as this will give rise to

(1) Inconsistency when new versions are released
(2) problems to later app support staff in debugging issues
(3) voiding the wonderful simplicity and flexibility of EPOCRM
(4) promoting additional bugs and system hangs.

Prefer a more straight forward solution.

**a.slyzhko** · 02-05-2026, 09:44 AM

At the moment, I don’t see a viable solution for this case without custom code.

While it’s true that customizations may require adjustments after updates, that is an expected and manageable part of software development. This is precisely why the platform allows and supports extensibility.

EspoCRM is highly customization-friendly, and in our company we rely on a substantial custom codebase. This approach gives us the flexibility we need and has proven to be both effective and sustainable for our use cases.

**yuri** · 02-05-2026, 09:47 AM

Currently, there's no such an ability. To implement it properly, we would need to have more granularity in field level security levels. There are some complexities to implement it.

**murugappan** · 02-05-2026, 12:50 PM

Hi yuri and a.slyzhko

Managed to get it working with the help of ChatGPT. The following are codes:

(1) custom/Espo/Custom/Resources/metadata/clientDefs/Lead.json

PHP Code:


{
  "kanbanViewMode": false,
  "color": "#f19c79",
  "iconClass": "fas fa-address-card",
  "dynamicHandler": "custom:lead-whatsapp-visibility" // <--add this line
}

(2) client/custom/src/lead-whatsapp-visibility.js

PHP Code:


define('custom:lead-whatsapp-visibility', ['dynamic-handler'], (Dep) => {

  return class extends Dep {

    init() {
      // Cache user id so we don't call the API repeatedly.
      this._currentUserId = null;
      this._loadingUser = false;

      // Run once.
      this.control();

      // Re-run when model loads/refreshes.
      this.recordView.listenTo(this.model, 'sync', () => this.control());

      // Re-run if assigned user changes in UI.
      this.recordView.listenTo(this.model, 'change:assignedUserId', (model, value, options) => {
        // If change initiated by UI interaction, re-control immediately.
        // (Options.ui is used in Espo docs examples to detect UI changes.) :contentReference[oaicite:2]{index=2}
        this.control();
      });
    }

    async control() {
      // If recordView isn't ready yet, do nothing safely.
      if (!this.recordView) return;

      // Always "default hide" until we confirm user.
      const fields = ['c_whatsapp_number', 'c_btn_connect_whatsapp'];
      fields.forEach((f) => this.recordView.hideField(f));

      // Ensure we know current user id.
      const currentUserId = await this.getCurrentUserIdSafe();
      if (!currentUserId) return;

      const assignedUserId = this.model.get('assignedUserId');
      const allowed = assignedUserId && (currentUserId === assignedUserId);

      fields.forEach((field) => {
        if (allowed) {
          this.recordView.showField(field);
        } else {
          this.recordView.hideField(field);
        }
      });
    }

    async getCurrentUserIdSafe() {
      // If already cached, return it.
      if (this._currentUserId) return this._currentUserId;

      // Prevent parallel calls.
      if (this._loadingUser) return null;
      this._loadingUser = true;

      try {
        // This endpoint returns current logged-in user info. :contentReference[oaicite:3]{index=3}
        const resp = await fetch('api/v1/App/user', { credentials: 'same-origin' });
        if (!resp.ok) return null;

        const data = await resp.json();

        // Common response shape: data.user.id
        // (If your response differs, tell me what you see in Network tab.)
        const id = data && data.user && data.user.id ? data.user.id : null;

        this._currentUserId = id;
        return id;
      } catch (e) {
        return null;
      } finally {
        this._loadingUser = false;
      }
    }
  };
});

yuri need your help to confirm the code. Thank you all so much.

How make a field visible only to the assigned user?

How make a field visible only to the assigned user?

Comment

Comment

Comment

Comment

Comment