conceptForm.jsp includes conceptSidebar.jsp and only requires privilege "Manage Concepts"
but if a user wants to access an existing concept via this page, he does also need privileges
- Get Forms
- Get Observations
- Get Patient Programs
for the conceptSidebar.jsp which fetches stats about the concept usage in the Obs.
So if the user does not have one of those listed privileges the page wont fully load since an APIAuthenticationException is thrown due to the missing privileges for accessing Obs services.
This behavior is weird since the user is allowed to "Manage Concepts" so he should see the concept he was able to lookup.
He should simply not see the concept stats/usage in obs.
Add a hasPrivilege tag around the concept sidebar portion concerned with showing the stats: