phi_attrs 0.3.2 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb209a550589eee5edbb17853c56c001c9ce8f7292784e1775cebb644468b830
-  data.tar.gz: 0ca474072ecf6b33b2491ac77f097622e4611716d8c95fb03afee896615b8ac8
+  metadata.gz: 237044ea15d9e2cfbabb11218d60dbc32869ab91caa8c5f6f42f13eb2d9c34ff
+  data.tar.gz: 21b7e8149c94f9bc515767078bcf644976ebcda4e7c14209daec970b24ae8691
 SHA512:
-  metadata.gz: 19021f005a8283d3db4da049c8278dd63b4e0cf5b229ddec2274b414501c9414347e8553d47bfdf5597d06f3da3d4ae2c679fe852d98c8a94e5299f7cb598f1e
-  data.tar.gz: 8fdf599c5db471f842ee25fb91e50d5e54d3c9174978e709ebab5c6d45219a7bc8025f3b7060a51d425bc5fcd1176bcd7ea04df0054b50e8fb48b83c41658170
+  metadata.gz: 9cbaf5dcb370bd661ccbef997adbd68828289c9c7aa56e66c4773e765dffd2d65d41248991f3543b42fc09a73416fd9d8e38a9a3ce174fb1e95ddc89d268499c
+  data.tar.gz: e2c6245f0ef7843b4b55d3d0f2b4acf850ccfcc72755dc6482f09cb08e19efa8f0afdf2c5b26b56f1ee0bc5f7cec4128401764c54bb79905d767c93c05f9faaf

data/README.md

@@ -204,12 +204,25 @@ patient.patient_info.first_name
 
 **NOTE:** This is not intended to be used on all relationships! Only those where you intend to grant implicit access based on access to another model. In this use case, we assume that allowed access to `Patient` implies allowed access to `PatientInfo`, and therefore does not require an additional `allow_phi!` check. There are no guaranteed safeguards against circular `extend_phi_access` calls!
 
+### New Records
+
+PHI access is automatically allowed for new (unsaved) records. This allows attributes to be set during object creation without requiring an explicit `allow_phi!` call. Once a record has been persisted, normal PHI access controls apply.
+
+```ruby
+patient = Patient.new
+patient.phi_allowed? # => true
+patient.first_name = 'Jane' # works without allow_phi!
+
+patient.save!
+patient.phi_allowed? # => false — must call allow_phi! after persisting
+```
+
 ### Check If PHI Access Is Allowed
 
 To check if PHI is allowed for a particular instance of a class call `phi_allowed?`.
 
 ```ruby
-patient = Patient.new
+patient = Patient.find(1)
 patient.phi_allowed? # => false
 
 patient.allow_phi('user@example.com', 'reason') do
@@ -430,16 +443,20 @@ It is recommended to use the provided `docker-compose` environment for developme
 
 ### Tests
 
-Tests are written using [RSpec](http://rspec.info/) and are setup to use [Appraisal](https://github.com/thoughtbot/appraisal) to run tests over multiple rails versions.
+Tests are written using [RSpec](https://rspec.info/) and are setup to use [Appraisal](https://github.com/thoughtbot/appraisal) to run tests over multiple Rails versions. Supported runtimes are Ruby 3.2+ and Rails 7.0 through 8.0.
 
     $ bin/run_tests
     or for individual tests:
     $ bin/ssh_to_container
     $ bundle exec appraisal rspec spec/path/to/spec.rb
 
-To run just a particular rails version:
-    $  bundle exec appraisal rails_6.1 rspec
-    $  bundle exec appraisal rails-7.0 rspec
+To run just a particular Rails version:
+
+    $ bundle exec appraisal rails_7.0 rspec
+
+Linting uses [standardrb](https://github.com/standardrb/standard):
+
+    $ bundle exec standardrb
 
 ### Console
 
@@ -450,13 +467,38 @@ An interactive prompt that will allow you to experiment with the gem.
 
 ### Local Install
 
-Run `bin/setup` to install dependencies. Then, run `bundle exec appraisal rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+Run `bin/setup` to install dependencies. Then, run `bundle exec rake` to run linting and tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 To install this gem onto your local machine, run `bundle exec rake install`.
 
-### Versioning
+### Releases
+
+Releases are driven by git tags. The version lives in `lib/phi_attrs/version.rb`, and the gemspec reads `PhiAttrs::VERSION`.
 
-To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+```bash
+bundle install
+bin/release patch # or: minor, major
+```
+
+To publish an RC for a specific version:
+
+```bash
+bin/release rc 1.2.0
+```
+
+This sets the version to `1.2.0-rc` and tags it as `v1.2.0-rc`.
+
+Prereleases can also use `bump`'s native `pre` increment:
+
+```bash
+bin/release pre
+```
+
+`pre` cycles prerelease labels in order: `alpha`, `beta`, `rc`, then the final version. For example, `1.2.0-rc` becomes `1.2.0`, tagged as `v1.2.0`.
+
+`bin/release` uses `bump`, commits the version file, creates a `v<version>` tag, pushes the branch, and pushes the tag.
+
+GitHub Actions publishes only when a `v*` tag is pushed. The publish workflow builds the gem, pushes it to RubyGems with `RUBYGEMS_API_KEY`, and creates a GitHub release with the built gem attached. Tags containing a prerelease suffix, such as `v1.2.0-rc`, are marked as prereleases on GitHub.
 
 
 ## Contributing
@@ -465,6 +507,12 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/apsisl
 
 Any PRs should be accompanied with documentation in `README.md`.
 
+### Releasing
+
+* Squash and merge your PR.
+* Run `bin/release patch`, `bin/release minor`, `bin/release major`, or `bin/release rc X.Y.Z`.
+* The pushed `v*` tag will be automatically built and published to RubyGems.
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/phi_attrs/configure.rb

@@ -1,53 +1,13 @@
 # frozen_string_literal: true
 
 module PhiAttrs
-  @@log_path = nil
-  @@log_shift_age = 0 # Default to disabled
-  @@log_shift_size = 1_048_576 # 1MB - Default from logger class
-  @@current_user_method = nil
-  @@translation_prefix = 'phi'
+  mattr_accessor :log_path, default: nil
+  mattr_accessor :log_shift_age, default: 0
+  mattr_accessor :log_shift_size, default: 1_048_576
+  mattr_accessor :current_user_method, default: nil
+  mattr_accessor :translation_prefix, default: "phi"
 
   def self.configure
     yield self if block_given?
   end
-
-  def self.log_path
-    @@log_path
-  end
-
-  def self.log_path=(value)
-    @@log_path = value
-  end
-
-  def self.log_shift_age
-    @@log_shift_age
-  end
-
-  def self.log_shift_age=(value)
-    @@log_shift_age = value
-  end
-
-  def self.log_shift_size
-    @@log_shift_size
-  end
-
-  def self.log_shift_size=(value)
-    @@log_shift_size = value
-  end
-
-  def self.translation_prefix
-    @@translation_prefix
-  end
-
-  def self.translation_prefix=(value)
-    @@translation_prefix = value
-  end
-
-  def self.current_user_method
-    @@current_user_method
-  end
-
-  def self.current_user_method=(value)
-    @@current_user_method = value
-  end
 end

data/lib/phi_attrs/exceptions.rb

@@ -3,11 +3,11 @@
 module PhiAttrs
   module Exceptions
     class PhiAccessException < StandardError
-      TAG = 'UNAUTHORIZED ACCESS'
+      TAG = "UNAUTHORIZED ACCESS"
 
       def initialize(msg)
         PhiAttrs::Logger.tagged(TAG) { PhiAttrs::Logger.error(msg) }
-        super(msg)
+        super
       end
     end
   end

data/lib/phi_attrs/formatter.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 module PhiAttrs
-  FORMAT = "%s %5s: %s\n"
-
   # https://github.com/ruby/ruby/blob/trunk/lib/logger.rb#L587
   class Formatter < ::Logger::Formatter
+    FORMAT = "%s %5s: %s\n"
+
     def call(severity, timestamp, _progname, msg)
       format(FORMAT, format_datetime(timestamp), severity, msg2str(msg))
     end

data/lib/phi_attrs/logger.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module PhiAttrs
-  PHI_ACCESS_LOG_TAG = 'PHI Access Log'
+  PHI_ACCESS_LOG_TAG = "PHI Access Log"
 
   class Logger
     class << self

data/lib/phi_attrs/phi_record.rb

@@ -2,6 +2,8 @@
 
 # Namespace for classes and modules that handle PHI Attribute Access Logging
 module PhiAttrs
+  PhiStackEntry = Struct.new(:phi_access_allowed, :user_id, :reason, :logged, :uuid, keyword_init: true)
+
   # Module for extending ActiveRecord models to handle PHI access logging
   # and restrict access to attributes.
   #
@@ -77,13 +79,17 @@ module PhiAttrs
         reason ||= i18n_reason
         raise ArgumentError, 'user_id and reason cannot be blank' if user_id.blank? || reason.blank?
 
-        __phi_stack.push({
-                           phi_access_allowed: true,
-                           user_id: user_id,
-                           reason: reason
-                         })
-
-        PhiAttrs::Logger.tagged(PHI_ACCESS_LOG_TAG, name) do
+        user_id = user_id.to_s.gsub(/[\r\n]/, " ")
+        reason = reason.to_s.gsub(/[\r\n]/, " ")
+        uuid = SecureRandom.uuid
+        __phi_stack.push(PhiStackEntry.new(
+                            phi_access_allowed: true,
+                            user_id: user_id,
+                            reason: reason,
+                            uuid: uuid
+                         ))
+
+        PhiAttrs::Logger.tagged(PHI_ACCESS_LOG_TAG, name, uuid) do
           PhiAttrs::Logger.info("PHI Access Enabled for '#{user_id}': #{reason}")
         end
       end
@@ -109,7 +115,7 @@ module PhiAttrs
       #
       def allow_phi(user_id = nil, reason = nil, allow_only: nil, &block)
         get_phi(user_id, reason, allow_only: allow_only, &block)
-        return
+        nil
       end
 
       # Enable PHI access for any instance of this class in the block given only
@@ -149,7 +155,7 @@ module PhiAttrs
             allow_only.each { |t| t.allow_phi!(user_id, reason) }
           end
 
-          return yield
+          yield
         ensure
           __instances_with_extended_phi.each do |obj|
             if frozen_instances.include?(obj)
@@ -193,13 +199,12 @@ module PhiAttrs
       def disallow_phi
         raise ArgumentError, 'block required. use disallow_phi! without block' unless block_given?
 
-        __phi_stack.push({
-                           phi_access_allowed: false
-                         })
-
-        yield if block_given?
-
-        __phi_stack.pop
+        __phi_stack.push(PhiStackEntry.new(phi_access_allowed: false))
+        begin
+          yield
+        ensure
+          __phi_stack.pop
+        end
       end
 
       # Revoke all PHI access for this class, if enabled by PhiRecord#allow_phi!
@@ -210,11 +215,12 @@ module PhiAttrs
       def disallow_phi!
         raise ArgumentError, 'block not allowed. use disallow_phi with block' if block_given?
 
+        uuid = __uuid_string(__phi_stack)
         message = __phi_stack.present? ? "PHI access disabled for #{__user_id_string(__phi_stack)}" : 'PHI access disabled. No class level access was granted.'
 
         __reset_phi_stack
 
-        PhiAttrs::Logger.tagged(PHI_ACCESS_LOG_TAG, name) do
+        PhiAttrs::Logger.tagged(PHI_ACCESS_LOG_TAG, name, uuid) do
           PhiAttrs::Logger.info(message)
         end
       end
@@ -228,9 +234,10 @@ module PhiAttrs
         raise ArgumentError, 'block not allowed' if block_given?
 
         removed_access = __phi_stack.pop
-        message = removed_access.present? ? "PHI access disabled for #{removed_access[:user_id]}" : 'PHI access disabled. No class level access was granted.'
+        uuid = __uuid_string(removed_access)
+        message = removed_access.present? ? "PHI access disabled for #{removed_access.user_id}" : 'PHI access disabled. No class level access was granted.'
 
-        PhiAttrs::Logger.tagged(PHI_ACCESS_LOG_TAG, name) do
+        PhiAttrs::Logger.tagged(PHI_ACCESS_LOG_TAG, name, uuid) do
           PhiAttrs::Logger.info(message)
         end
       end
@@ -243,7 +250,7 @@ module PhiAttrs
       # @return [Boolean] whether PHI access is allowed for this instance
       #
       def phi_allowed?
-        __phi_stack.present? && __phi_stack[-1][:phi_access_allowed]
+        __phi_stack.present? && __phi_stack[-1].phi_access_allowed
       end
 
       def __instances_with_extended_phi
@@ -262,7 +269,12 @@ module PhiAttrs
 
       def __user_id_string(access_list)
         access_list ||= []
-        access_list.map { |c| "'#{c[:user_id]}'" }.join(',')
+        access_list.map { |c| "'#{c.user_id}'" }.join(',')
+      end
+
+      def __uuid_string(access_list)
+        access_list ||= []
+        Array.wrap(access_list).map(&:uuid).join(',').presence || 'none'
       end
 
       def current_user
@@ -335,13 +347,17 @@ module PhiAttrs
       reason ||= self.class.i18n_reason
       raise ArgumentError, 'user_id and reason cannot be blank' if user_id.blank? || reason.blank?
 
-      PhiAttrs::Logger.tagged(*phi_log_keys) do
-        @__phi_access_stack.push({
-                                   phi_access_allowed: true,
-                                   user_id: user_id,
-                                   reason: reason
-                                 })
-
+      user_id = user_id.to_s.gsub(/[\r\n]/, " ")
+      reason = reason.to_s.gsub(/[\r\n]/, " ")
+      uuid = SecureRandom.uuid
+      @__phi_access_stack.push(PhiStackEntry.new(
+                                 phi_access_allowed: true,
+                                 user_id: user_id,
+                                 reason: reason,
+                                 uuid: uuid,
+                               ))
+
+      PhiAttrs::Logger.tagged(*phi_log_keys, uuid) do
         PhiAttrs::Logger.info("PHI Access Enabled for '#{user_id}': #{reason}")
       end
     end
@@ -362,7 +378,7 @@ module PhiAttrs
     #
     def allow_phi(user_id = nil, reason = nil, &block)
       get_phi(user_id, reason, &block)
-      return
+      nil
     end
 
     # Enable PHI access for a single instance of this class inside the block.
@@ -388,7 +404,7 @@ module PhiAttrs
       begin
         allow_phi!(user_id, reason)
 
-        return yield
+        yield
       ensure
         new_extensions = @__phi_relations_extended - extended_instances
         disallow_last_phi!(preserve_extensions: true)
@@ -405,7 +421,9 @@ module PhiAttrs
     def disallow_phi!
       raise ArgumentError, 'block not allowed. use disallow_phi with block' if block_given?
 
-      PhiAttrs::Logger.tagged(*phi_log_keys) do
+      removed_access_for_uuid = self.class.__uuid_string(@__phi_access_stack)
+
+      PhiAttrs::Logger.tagged(*phi_log_keys, removed_access_for_uuid) do
         removed_access_for = self.class.__user_id_string(@__phi_access_stack)
 
         revoke_extended_phi!
@@ -435,11 +453,12 @@ module PhiAttrs
 
       add_disallow_flag!
       add_disallow_flag_to_extended_phi!
-
-      yield if block_given?
-
-      remove_disallow_flag_from_extended_phi!
-      remove_disallow_flag!
+      begin
+        yield
+      ensure
+        remove_disallow_flag_from_extended_phi!
+        remove_disallow_flag!
+      end
     end
 
     # Revoke last PHI access for a single instance of this class.
@@ -451,11 +470,12 @@ module PhiAttrs
     def disallow_last_phi!(preserve_extensions: false)
       raise ArgumentError, 'block not allowed' if block_given?
 
-      PhiAttrs::Logger.tagged(*phi_log_keys) do
-        removed_access = @__phi_access_stack.pop
+      removed_access = @__phi_access_stack.pop
+      uuid = removed_access&.uuid
 
+      PhiAttrs::Logger.tagged(*phi_log_keys, uuid) do
         revoke_extended_phi! unless preserve_extensions
-        message = removed_access.present? ? "PHI access disabled for #{removed_access[:user_id]}" : 'PHI access disabled. No instance level access was granted.'
+        message = removed_access.present? ? "PHI access disabled for #{removed_access.user_id}" : 'PHI access disabled. No instance level access was granted.'
         PhiAttrs::Logger.info(message)
       end
     end
@@ -466,7 +486,9 @@ module PhiAttrs
     # @return [String] the user_id passed in to allow_phi!
     #
     def phi_allowed_by
-      phi_context[:user_id]
+      return '__new_record__' if new_record?
+
+      phi_context&.user_id
     end
 
     # The access reason for allowing access to this instance.
@@ -475,7 +497,9 @@ module PhiAttrs
     # @return [String] the reason passed in to allow_phi!
     #
     def phi_access_reason
-      phi_context[:reason]
+      return 'new record' if new_record?
+
+      phi_context&.reason
     end
 
     # Whether PHI access is allowed for a single instance of this class
@@ -487,7 +511,7 @@ module PhiAttrs
     # @return [Boolean] whether PHI access is allowed for this instance
     #
     def phi_allowed?
-      !phi_context.nil? && phi_context[:phi_access_allowed]
+      new_record? || (!phi_context.nil? && phi_context.phi_access_allowed)
     end
 
     # Require phi access. Raises an error pre-emptively if it has not been granted.
@@ -499,7 +523,7 @@ module PhiAttrs
     #   end
     #
     def require_phi!
-      raise PhiAccessException, 'PHI Access required, please call allow_phi or allow_phi! first' unless phi_allowed?
+      raise PhiAttrs::Exceptions::PhiAccessException, 'PHI Access required, please call allow_phi or allow_phi! first' unless phi_allowed?
     end
 
     def reload
@@ -512,9 +536,7 @@ module PhiAttrs
     # Adds a disallow phi flag to instance internal stack.
     # @private since subject to change
     def add_disallow_flag!
-      @__phi_access_stack.push({
-                                 phi_access_allowed: false
-                               })
+      @__phi_access_stack.push(PhiStackEntry.new(phi_access_allowed: false))
     end
 
     # removes the last item in instance internal stack.
@@ -553,8 +575,13 @@ module PhiAttrs
     # @return [Array<String>] log key for an instance of this class
     #
     def phi_log_keys
-      @__phi_log_id = persisted? ? "Key: #{attributes[self.class.primary_key]}" : "Object: #{object_id}"
-      @__phi_log_keys = [PHI_ACCESS_LOG_TAG, self.class.name, @__phi_log_id]
+      current_id = persisted? ? public_send(self.class.primary_key) : object_id
+      if @__phi_log_cached_id != current_id
+        @__phi_log_cached_id = current_id
+        prefix = persisted? ? "Key: #{current_id}" : "Object: #{current_id}"
+        @__phi_log_keys = [PHI_ACCESS_LOG_TAG, self.class.name, prefix].freeze
+      end
+      @__phi_log_keys
     end
 
     def phi_context
@@ -576,19 +603,19 @@ module PhiAttrs
     # @return String of all the user_id's passed in to allow_phi!
     #
     def all_phi_allowed_by
-      self.class.__user_id_string(all_phi_context)
-    end
-
-    def all_phi_context
-      (@__phi_access_stack || []) + (self.class.__phi_stack || [])
+      ids = (@__phi_access_stack || []).filter_map { |c| "'#{c.user_id}'" }
+      ids.concat(self.class.__phi_stack.filter_map { |c| "'#{c.user_id}'" })
+      ids.join(',')
     end
 
     def all_phi_context_logged?
-      all_phi_context.all? { |v| v[:logged] }
+      (@__phi_access_stack.nil? || @__phi_access_stack.all? { |v| v.logged }) &&
+        self.class.__phi_stack.all? { |v| v.logged }
     end
 
     def set_all_phi_context_logged
-      all_phi_context.each { |c| c[:logged] = true }
+      @__phi_access_stack&.each { |c| c.logged = true }
+      self.class.__phi_stack.each { |c| c.logged = true }
     end
 
     # Core logic for wrapping methods in PHI access logging and access restriction.
@@ -625,7 +652,7 @@ module PhiAttrs
     #
     def phi_wrap_method(method_name)
       unless respond_to?(method_name)
-        PhiAttrs::Logger.warn("#{self.class.name} tried to wrap non-existant method (#{method_name})")
+        PhiAttrs::Logger.warn("#{self.class.name} tried to wrap non-existent method (#{method_name})")
         return
       end
       return if self.class.__phi_methods_wrapped.include? method_name
@@ -633,23 +660,26 @@ module PhiAttrs
       wrapped_method = :"__#{method_name}_phi_wrapped"
       unwrapped_method = :"__#{method_name}_phi_unwrapped"
 
-      self.class.send(:define_method, wrapped_method) do |*args, **kwargs, &block|
-        PhiAttrs::Logger.tagged(*phi_log_keys) do
-          unless phi_allowed?
-            raise PhiAttrs::Exceptions::PhiAccessException, "Attempted PHI access for #{self.class.name} #{@__phi_user_id}"
-          end
+      unless self.class.method_defined?(wrapped_method)
+        self.class.send(:define_method, wrapped_method) do |*args, **kwargs, &block|
+          uuid = self.class.__uuid_string(@__phi_access_stack)
+          PhiAttrs::Logger.tagged(*phi_log_keys, uuid) do
+            unless phi_allowed?
+              raise PhiAttrs::Exceptions::PhiAccessException, "Attempted PHI access for #{self.class.name} #{@__phi_user_id}"
+            end
 
-          unless all_phi_context_logged?
-            PhiAttrs::Logger.info("#{self.class.name} access by [#{all_phi_allowed_by}]. Triggered by method: #{method_name}")
-            set_all_phi_context_logged
-          end
+            unless all_phi_context_logged?
+              PhiAttrs::Logger.info("#{self.class.name} access by [#{all_phi_allowed_by}]. Triggered by method: #{method_name}")
+              set_all_phi_context_logged
+            end
 
-          send(unwrapped_method, *args, **kwargs, &block)
+            send(unwrapped_method, *args, **kwargs, &block)
+          end
         end
       end
 
       # method_name => wrapped_method => unwrapped_method
-      self.class.send(:alias_method, unwrapped_method, method_name)
+      self.class.send(:alias_method, unwrapped_method, method_name) unless self.class.method_defined?(unwrapped_method)
       self.class.send(:alias_method, method_name, wrapped_method)
 
       self.class.__phi_methods_wrapped << method_name
@@ -669,23 +699,25 @@ module PhiAttrs
       wrapped_method = wrapped_extended_name(method_name)
       unwrapped_method = unwrapped_extended_name(method_name)
 
-      self.class.send(:define_method, wrapped_method) do |*args, **kwargs, &block|
-        relation = send(unwrapped_method, *args, **kwargs, &block)
+      unless self.class.method_defined?(wrapped_method)
+        self.class.send(:define_method, wrapped_method) do |*args, **kwargs, &block|
+          relation = send(unwrapped_method, *args, **kwargs, &block)
 
-        if phi_allowed? && (relation.present? && relation_klass(relation).included_modules.include?(PhiRecord))
-          relations = relation.is_a?(Enumerable) ? relation : [relation]
-          relations.each do |r|
-            r.allow_phi!(phi_allowed_by, phi_access_reason) unless @__phi_relations_extended.include?(r)
+          if phi_allowed? && relation.present? && relation_klass(relation).included_modules.include?(PhiRecord)
+            relations = relation.is_a?(Enumerable) ? relation : [relation]
+            relations.each do |r|
+              r.allow_phi!(phi_allowed_by, phi_access_reason) unless @__phi_relations_extended.include?(r)
+            end
+            @__phi_relations_extended.merge(relations)
+            self.class.__instances_with_extended_phi.add(self)
           end
-          @__phi_relations_extended.merge(relations)
-          self.class.__instances_with_extended_phi.add(self)
-        end
 
-        relation
+          relation
+        end
       end
 
       # method_name => wrapped_method => unwrapped_method
-      self.class.send(:alias_method, unwrapped_method, method_name)
+      self.class.send(:alias_method, unwrapped_method, method_name) unless self.class.method_defined?(unwrapped_method)
       self.class.send(:alias_method, method_name, wrapped_method)
 
       self.class.__phi_methods_to_extend << method_name
@@ -720,7 +752,7 @@ module PhiAttrs
       return rel.klass if rel.is_a?(ActiveRecord::Relation)
       return rel.first.class if rel.is_a?(Enumerable)
 
-      return rel.class
+      rel.class
     end
 
     def wrapped_extended_name(method_name)

data/lib/phi_attrs/railtie.rb

@@ -1,15 +1,13 @@
 # frozen_string_literal: true
 
-require 'phi_attrs'
-require 'rails'
+require "phi_attrs"
+require "rails"
 
 module PhiAttrs
   class Railtie < Rails::Railtie
-    initializer 'phi_attrs.initialize' do |_app|
-      ActiveSupport.on_load(:active_record) do
-        ActiveSupport.on_load(:active_record) { extend PhiAttrs::Model }
-        ActiveSupport.on_load(:action_controller) { include PhiAttrs::Controller }
-      end
+    initializer "phi_attrs.initialize" do |_app|
+      ActiveSupport.on_load(:active_record) { extend PhiAttrs::Model }
+      ActiveSupport.on_load(:action_controller) { include PhiAttrs::Controller }
     end
   end
 end

data/lib/phi_attrs/rspec.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-require 'rspec/expectations'
+require "rspec/expectations"
 
-DO_NOT_SPECIFY = 'do not specify `allowed_by` or `with_access_reason` for negated `allow_phi_access`'
+DO_NOT_SPECIFY = "do not specify `allowed_by` or `with_access_reason` for negated `allow_phi_access`"
 
 RSpec::Matchers.define :allow_phi_access do
   match do |result|
@@ -31,7 +31,7 @@ RSpec::Matchers.define :allow_phi_access do
   failure_message do |result|
     msgs = []
 
-    msgs = ['PHI Access was not allowed.'] unless @allowed
+    msgs = ["PHI Access was not allowed."] unless @allowed
     msgs << "PHI Access was allowed by '#{result.phi_allowed_by}' (not '#{@user_id}')." unless @user_id_matches
     msgs << "PHI Access was allowed because '#{result.phi_access_reason}' (not because '#{@reason}')." unless @reason_matches
 

data/lib/phi_attrs/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PhiAttrs
-  VERSION = '0.3.2'
+  VERSION = "0.4.0"
 end

data/lib/phi_attrs.rb

@@ -3,6 +3,7 @@
 require 'rails'
 require 'active_support'
 require 'request_store'
+require 'securerandom'
 
 require 'phi_attrs/version'
 require 'phi_attrs/configure'

metadata

@@ -1,29 +1,48 @@
 --- !ruby/object:Gem::Specification
 name: phi_attrs
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.4.0
 platform: ruby
 authors:
 - Wyatt Kirby
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-11 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: benchmark
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 7.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 7.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: request_store
   requirement: !ruby/object:Gem::Requirement
@@ -40,6 +59,20 @@ dependencies:
         version: '1.4'
 - !ruby/object:Gem::Dependency
   name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: bump
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -58,16 +91,16 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.33
+        version: '2.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.33
+        version: '2.4'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -110,6 +143,34 @@ dependencies:
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -123,7 +184,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -137,7 +198,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop-rails
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -151,19 +212,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: standardrb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: tzinfo-data
   requirement: !ruby/object:Gem::Requirement
@@ -178,7 +239,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
 email:
 - wyatt@apsis.io
 executables: []
@@ -197,14 +257,14 @@ files:
 - lib/phi_attrs/railtie.rb
 - lib/phi_attrs/rspec.rb
 - lib/phi_attrs/version.rb
-homepage: http://www.apsis.io
+homepage: https://www.apsis.io
 licenses:
 - MIT
 metadata:
   rubygems_mfa_required: 'false'
 post_install_message: "\n    Thank you for installing phi_attrs! By installing this
   gem,\n    you acknowledge and agree to the disclaimer as provided in the\n    DISCLAIMER.txt
-  file.\n\n    For full details, see: https://github.com/apsislabs/phi_attrs/blob/master/DISCLAIMER.txt\n
+  file.\n\n    For full details, see: https://github.com/apsislabs/phi_attrs/blob/main/DISCLAIMER.txt\n
   \ "
 rdoc_options: []
 require_paths:
@@ -213,15 +273,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: PHI Access Restriction & Logging for Rails ActiveRecord
 test_files: []