Upload qrda file gets 403 not authorized

[imbroglioj]

I must be doing something wrong... I logged in with the test user (after changing password, etc.).

1. I clicked on Select a practice
2. Saw dialog with line at bottom: "to upload clinical documents: Click here"
3. Clicked and got the 403 not authorized page.
4. Logged out and used the db to give user role "3" (developer
5. same result 6 Logged out. gave user role 1 (sys admin)
6. stopped caliphr hqmf and web processes and restarted them, logged in again and attempted steps 1-3 again with same result.

[drosen123]

Not sure if you are still having this issue, but by default only the user role of 4 ('Tester') has access to upload clinical documents.

The intended use of the application is for CDAs to be received using the XDS.b endpoint. The upload screen is there mostly for testing purposes.

If you elect to make uploads available to all users, however, this can be enabled by modifying caliphr-web/src/main/webapp/WEB-INF/views/master/loggedin.html to remove the following condition:

th:if="${#authorization.expression('hasRole(''ROLE_TEST'')')}"

Also, in caliphr-web/src/main/java/com/ainq/caliphr/website/config/SecurityConfig.java, change the following to ROLE_USER:

.antMatchers("/util/**").hasRole(SecurityRole.ROLE_TESTER.getSpringSecurityKey())

Hope this helps.