search

apsislabs / phi_attrs

HIPAA compliant PHI access logging for Ruby on Rails.
MIT License
27 stars 3 forks source link

extend_phi_access does not work with has_many relationships #9

Closed ncallaway closed 5 years ago

ncallaway commented 5 years ago

Calling extend_phi_access does not adequately work for relationships that were defined with has_many instead of belongs to.

Example:

class MyAwesomeRecord < ApplicationRecord
  phi_model

  belongs_to :awesome_record_meta
  has_many :user_fields

  extend_phi_access :awesome_record_meta, :user_fields
end

...later

awesome = MyAwesomeRecord.first
awesome.allow_phi!("user", "context")

awesome.awesome_record_meta.meta_field # OK, works as expected
awesome.user_fields.first.user_field # Explodes with PHIAccessException

Fix will likely need to be in the phi_extend_access method in https://github.com/apsislabs/phi_attrs/blob/master/lib/phi_attrs/phi_record.rb#L286

HenryKeiter commented 5 years ago

This should probably be implemented using Chris' multi-target allows: https://github.com/apsislabs/phi_attrs/pull/8

HenryKeiter commented 5 years ago

This is fixed in the current version of https://github.com/apsislabs/phi_attrs/pull/8 though that PR may not end up being merged as-is.

HenryKeiter commented 5 years ago

Resolved in #8