Closed Crisfole closed 5 years ago
It should be on the user to replace allow_phi(current_user)
with allow_phi("#{current_user.real_user} impersonating #{current_user}")
.
@HenryKeiter I agree overall, but I think we could add to the documentation that "If you are using a system such as impersonate
, make sure you call allow_phi
with the real user."
We should enable impersonation. "A viewed this while impersonating B"