With the addition of the access stack, more than one "user" may be responsible for a given PHI access request. We should update the automated access logging to surface all users on the current stack, rather than just the one on top.
# FooController
Foo.allow_phi('henry@apsis.io', 'Displaying Foo') do
foo = Foo.find(params[:id])
MyService.show_foo(foo)
end
# MyService
def show_foo(foo)
foo.allow_phi!('MyService', 'Show Foo')
return foo.as_json # Should log something like "Foo access 0x00fd8a14 by [henry@apsis.io, MyService]"
end
With the addition of the access stack, more than one "user" may be responsible for a given PHI access request. We should update the automated access logging to surface all users on the current stack, rather than just the one on top.