search

apsislabs / phi_attrs

HIPAA compliant PHI access logging for Ruby on Rails.
MIT License
27 stars 3 forks source link

Devise User as phi_model #70

Open t2 opened 7 months ago

t2 commented 7 months ago

I have my User model as a phi_model and I have the following in the model.

phi_model
include_in_phi(*%i[
    uid
    name
    slug
    phone
    office_phone
    last_sign_in_ip
    unconfirmed_email
    current_sign_in_ip
  ])

In my ApplicationController I have a before_action that allows PHI info:

User.allow_phi!(current_user&.email, "Details: #{params[:controller]}, #{params[:action]}")

I am getting a PhiAttrs::Exceptions::PhiAccessException because I am trying to use the current_user&.email in the log but that is a field I need to include. Am I doing something wrong?

AlecR commented 1 week ago

@t2 Were you able to come up with a solution for this? Just ran into the same problem and ended up here searching for how to handle this scenario.