Open Crisfole opened 5 years ago
@Crisfole it seems like this would be easy to address by extending new
and create
on the model to call allow_phi!
for you. In theory, you aren't creating a model without data you don't already have access to.
I'm hesitant to say we should skip logging all together, though — since as soon as you have data on your server you are its custodian.
I'd want to disallow_phi! on first save too (so if you persiste the model, after that you do have to allow_phi, especially since sometimes that act pulls more data in).
Sometimes you just want a transitory
MyModel.new(params).method_call
It's super annoying to have to assign a variable just to allow phi on the params you're already touching and are unprotected anyway.
We shouldn't 'engage' PHI_Attrs until it's been saved to the database.