search

apsislabs / phi_attrs

HIPAA compliant PHI access logging for Ruby on Rails.
MIT License
27 stars 3 forks source link

Allow one-off blocks #17

Closed HenryKeiter closed 3 years ago

HenryKeiter commented 5 years ago

To extract PHI in a single location, once blocks are available we should capture the result of the block and return it, to allow constructs like this:

field_val = obj.allow_phi { obj.phi_field }

If we don't want to allow this sort of behavior (which I could see, since it explicitly "leaks" PHI to an uncontrolled location), we probably don't want blocks at all. Note that such "leaking" is already very easy to do, so this shouldn't be our only reason for not wanting this construct, e.g. 

unprotected_data = []
obj.allow_phi!
unprotected_data << obj.phi_field
obj.disallow_phi!
Crisfole commented 5 years ago

Can't this be closed?

wkirby commented 3 years ago

@HenryKeiter would this syntax be better served by a get_phi(user_id, reason, attr) method?

field_val = obj.get_phi(current_user, 'foo', :phi_field)