search

apsislabs / phi_attrs

HIPAA compliant PHI access logging for Ruby on Rails.
MIT License
27 stars 3 forks source link

Impersonation #11

Closed Crisfole closed 5 years ago

Crisfole commented 5 years ago

We should enable impersonation. "A viewed this while impersonating B"

HenryKeiter commented 5 years ago

It should be on the user to replace allow_phi(current_user) with allow_phi("#{current_user.real_user} impersonating #{current_user}").

wkirby commented 5 years ago

@HenryKeiter I agree overall, but I think we could add to the documentation that "If you are using a system such as impersonate, make sure you call allow_phi with the real user."