What is obsService.saveObs() used for? Did you also check the obs database table to confirm that it was not saved? How are you checking the attachment on the specific patient (which url)? Could it be that it is a user interface page that expects attachments which have visits or encounters?
HI @dkayiwa
Thanks for your reply.
I see i was able to store the attachment and above to see the attachment in “super user” attachment page.
I am not able to see attachment for other users who have the privilege “App: attachments.attachments.page”. Not sure of the problem.
Hi @dkayiwa
Yes I am looking at the same problem. I see we have attachment module version 3.0.0 and I have enabled the privilege “App: attachments.attachments.page” on our role.
Obs obs = obsSaver.saveImageAttachment(dummyVisit, florencia, orderEncounter, fileCaption, multipartFile, "Notes for user "+florencia.getFamilyName());
When I try to attach an image, I am able to see the attachment on a super account not on other accounts.
At the API level, App: attachments.attachments.page will not work. We used to hack around it with Context.addProxyPrivilege(privilege) where we added the privileges required deep down in the API call chain.
Then the app level privileges like App: attachments.attachments.page are for enforcing user interface level permissions but when behind the scenes, at the API level, a number of privileges are involved.
Do you have the list of privileges that standard user’s have in your distribution? The attachments module mostly doesn’t add it’s own privileges, but users should have privileges to be able to view and get observations and concepts, at the very least.
HI @ibacher@dkayiwa
We have provided Doctor, provider, a custom “Has associated patients” role and “App: attachments.attachments.page” role for the user trying to access the attachment.
Still we do not see any break so far.
So, as Daniel mentioned, the App: attachments.attachments.page was a privilege for controlling an app in 2.x. It’s not applicable here. That’s why I was asking what other privileges you assigned to the Doctor role since that will actually control whether the user can see attachments or not…
I get your point when working with an api.
Our use case here is doing the same throguh an openmrs module.
What are the permissions required for the attachments to be available for a non super user?