Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't require phi_access logging for new models #39

Open
Crisfole opened this issue Jan 1, 2019 · 2 comments
Open

Don't require phi_access logging for new models #39

Crisfole opened this issue Jan 1, 2019 · 2 comments

Comments

@Crisfole
Copy link
Contributor

Crisfole commented Jan 1, 2019

Sometimes you just want a transitory MyModel.new(params).method_call

It's super annoying to have to assign a variable just to allow phi on the params you're already touching and are unprotected anyway.

We shouldn't 'engage' PHI_Attrs until it's been saved to the database.
@wkirby
Copy link
Contributor

wkirby commented Nov 10, 2020

@Crisfole it seems like this would be easy to address by extending new and create on the model to call allow_phi! for you. In theory, you aren't creating a model without data you don't already have access to.

I'm hesitant to say we should skip logging all together, though — since as soon as you have data on your server you are its custodian.

@Crisfole
Copy link
Contributor Author

I'd want to disallow_phi! on first save too (so if you persiste the model, after that you do have to allow_phi, especially since sometimes that act pulls more data in).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Crisfole @wkirby