phi_attrs 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6271ebbfae4a5ddad7aa1ad27b812cc4056a5a4958b1067ddf2aa717975b738
-  data.tar.gz: '098ec65389f50bbe24876657a1ff9eb78bbbe17fb5192804ebbc2f75eedd97f4'
+  metadata.gz: 0c95e0078a0816fa79591bab794e8c423d70d8792354cbb09cb69cda60b93d4b
+  data.tar.gz: 7af031bbc1cc1aa2ba308dc778611b590faf33b4e572e9e264477dde4fb24ace
 SHA512:
-  metadata.gz: a5832351881d96019071f9b77ac4e08b991104dca6f47c8a1917f5c3546002d7510c5d0fe7ceaa4fe37df7006ec71105acbbcc99a5c9928e57e78b43a7cd2d5d
-  data.tar.gz: 3a153bd1a992dbbb94de889f8a82c22f969dd1bb9b9f36254485d0265f70cba89d89f1c8b424e30056aa1c23c5b8e8be3142d7b5ccfed05c970ec67aa3614d69
+  metadata.gz: a13b688097f56ad46044a7da0f91402565e582383e80f522f6ef3829fc75e677a5518a3190e261114713177ab6ab746783eb10bec4cc83215cf8089ca17cbc35
+  data.tar.gz: 323f3337e8d687e5e8e781324fd284008344a9ee8c15ff737840b736908face774331b762783076ffd5bb9e37a150452e4d712129a4a30fc169a33edde3abec9

data/.github/workflows/publish.yml

@@ -0,0 +1,28 @@
+name: Publish Gem
+
+on:
+  push:
+    branches:
+      - "main"
+    tags:
+      - v*
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-ruby@v1
+        with:
+          ruby-version: '2.6'
+      - name: Install dependencies
+        run: |
+          gem install bundler:2.1.4
+          bundle install
+      - name: Release Gem
+        if: contains(github.ref, 'refs/tags/v')
+        uses: cadwallion/publish-rubygems-action@master
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_API_KEY}}
+          RELEASE_COMMAND: bundle exec rake release

data/lib/phi_attrs/phi_record.rb

@@ -107,8 +107,32 @@ module PhiAttrs
       #   end
       #   # PHI Access Disallowed
       #
-      def allow_phi(user_id = nil, reason = nil, allow_only: nil)
-        raise ArgumentError, 'block required. use allow_phi! without block' unless block_given?
+      def allow_phi(user_id = nil, reason = nil, allow_only: nil, &block)
+        get_phi(user_id, reason, allow_only: allow_only, &block)
+        return
+      end
+
+
+      # Enable PHI access for any instance of this class in the block given only
+      # returning whatever the block returns.
+      #
+      # @param [String] user_id                       A unique identifier for the person accessing the PHI
+      # @param [String] reason                        The reason for accessing PHI
+      # @param [collection of PhiRecord] allow_only   Specific PhiRecords to allow access to
+      # &block [block]                                The block in which PHI access is allowed for the class
+      #
+      # @example
+      #   results = Foo.allow_phi('user@example.com', 'viewing patient record') do
+      #     Foo.search(params)
+      #   end
+      #
+      # @example
+      #   loaded_foo = Foo.allow_phi('user@example.com', 'exporting patient list', allow_only: list_of_foos) do
+      #     Bar.find_by(foo: list_of_foos).include(:foo)
+      #   end
+      #
+      def get_phi(user_id = nil, reason = nil, allow_only: nil)
+        raise ArgumentError, 'block required' unless block_given?
 
         if allow_only.present?
           raise ArgumentError, 'allow_only must be iterable with each' unless allow_only.respond_to?(:each)
@@ -125,7 +149,7 @@ module PhiAttrs
           allow_only.each { |t| t.allow_phi!(user_id, reason) }
         end
 
-        yield if block_given?
+        result = yield if block_given?
 
         __instances_with_extended_phi.each do |obj|
           if frozen_instances.include?(obj)
@@ -143,6 +167,8 @@ module PhiAttrs
           allow_only.each { |t| t.disallow_last_phi!(preserve_extensions: true) }
           # We've handled any newly extended allowances ourselves above
         end
+
+        result
       end
 
       # Explicitly disallow phi access in a specific area of code. This does not
@@ -335,17 +361,41 @@ module PhiAttrs
     #   end
     #   # PHI Access Disallowed Here
     #
-    def allow_phi(user_id = nil, reason = nil)
-      raise ArgumentError, 'block required. use allow_phi! without block' unless block_given?
+    def allow_phi(user_id = nil, reason = nil, &block)
+      get_phi(user_id, reason, &block)
+      return
+    end
+
+
+    # Enable PHI access for a single instance of this class inside the block.
+    # Returns whatever is returned from the block.
+    # Nested calls to get_phi will log once per nested call
+    #s
+    # @param [String] user_id   A unique identifier for the person accessing the PHI
+    # @param [String] reason    The reason for accessing PHI
+    # @yield                    The block in which phi access is allowed
+    #
+    # @return PHI
+    #
+    # @example
+    #   foo = Foo.find(1)
+    #   phi_data = foo.get_phi('user@example.com', 'viewing patient record') do
+    #    foo.phi_field
+    #   end
+    #
+    def get_phi(user_id = nil, reason = nil)
+      raise ArgumentError, 'block required' unless block_given?
 
       extended_instances = @__phi_relations_extended.clone
       allow_phi!(user_id, reason)
 
-      yield if block_given?
+      result = yield if block_given?
 
       new_extensions = @__phi_relations_extended - extended_instances
       disallow_last_phi!(preserve_extensions: true)
       revoke_extended_phi!(new_extensions) if new_extensions.any?
+
+      result
     end
 
     # Revoke all PHI access for a single instance of this class.
@@ -412,6 +462,25 @@ module PhiAttrs
       end
     end
 
+
+    # The unique identifier for whom access has been allowed on this instance.
+    # This is what was passed in when PhiRecord#allow_phi! was called.
+    #
+    # @return [String] the user_id passed in to allow_phi!
+    #
+    def phi_allowed_by
+      phi_context[:user_id]
+    end
+
+    # The access reason for allowing access to this instance.
+    # This is what was passed in when PhiRecord#allow_phi! was called.
+    #
+    # @return [String] the reason passed in to allow_phi!
+    #
+    def phi_access_reason
+      phi_context[:reason]
+    end
+
     # Whether PHI access is allowed for a single instance of this class
     #
     # @example
@@ -424,6 +493,18 @@ module PhiAttrs
       !phi_context.nil? && phi_context[:phi_access_allowed]
     end
 
+    # Require phi access. Raises an error pre-emptively if it has not been granted.
+    #
+    # @example
+    #   def use_phi(patient_record)
+    #     patient_record.require_phi!
+    #     # ...use PHI Freely
+    #   end
+    #
+    def require_phi!
+      raise PhiAccessException, 'PHI Access required, please call allow_phi or allow_phi! first' unless phi_allowed?
+    end
+
     def reload
       @__phi_relations_extended.clear
       super
@@ -479,28 +560,6 @@ module PhiAttrs
       @__phi_log_keys = [PHI_ACCESS_LOG_TAG, self.class.name, @__phi_log_id]
     end
 
-    # The unique identifier for whom access has been allowed on this instance.
-    # This is what was passed in when PhiRecord#allow_phi! was called.
-    #
-    # @private
-    #
-    # @return [String] the user_id passed in to allow_phi!
-    #
-    def phi_allowed_by
-      phi_context[:user_id]
-    end
-
-    # The access reason for allowing access to this instance.
-    # This is what was passed in when PhiRecord#allow_phi! was called.
-    #
-    # @private
-    #
-    # @return [String] the reason passed in to allow_phi!
-    #
-    def phi_access_reason
-      phi_context[:reason]
-    end
-
     def phi_context
       instance_phi_context || class_phi_context
     end

data/lib/phi_attrs/rspec.rb

@@ -0,0 +1,43 @@
+require 'rspec/expectations'
+
+DO_NOT_SPECIFY = "do not specify `allowed_by` or `with_access_reason` for negated `allow_phi_access`"
+
+RSpec::Matchers.define :allow_phi_access do
+  match do |result|
+    @allowed = result.phi_allowed?
+    @user_id_matches = @user_id.nil? || @user_id == result.phi_allowed_by
+    @reason_matches = @reason.nil? || @reason == result.phi_access_reason
+
+    @allowed && @user_id_matches && @reason_matches
+  end
+
+  match_when_negated do |result|
+    raise ArgumentError, DO_NOT_SPECIFY unless @user_id.nil? && @reason.nil?
+
+    !result.phi_allowed?
+  end
+
+  chain :allowed_by do |user_id|
+    @user_id = user_id
+  end
+
+  chain :with_access_reason do |reason|
+    @reason = reason
+  end
+
+  # :nocov:
+  failure_message do |result|
+    msgs = []
+
+    msgs = ['PHI Access was not allowed.'] unless @allowed
+    msgs << "PHI Access was allowed by '#{result.phi_allowed_by}' (not '#{@user_id}')." unless @user_id_matches
+    msgs << "PHI Access was allowed because '#{result.phi_access_reason}' (not because '#{@reason}')." unless @reason_matches
+
+    msgs.join "\n"
+  end
+
+  failure_message_when_negated do |result|
+    "PHI access was allowed by '#{result.phi_allowed_by}', because '#{result.phi_access_reason}'"
+  end
+  # :nocov:
+end

data/lib/phi_attrs/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PhiAttrs
-  VERSION = '0.2.1'
+  VERSION = '0.2.2'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: phi_attrs
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Wyatt Kirby
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-10 00:00:00.000000000 Z
+date: 2020-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -228,6 +228,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/workflows/build.yml"
+- ".github/workflows/publish.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -259,6 +260,7 @@ files:
 - lib/phi_attrs/logger.rb
 - lib/phi_attrs/phi_record.rb
 - lib/phi_attrs/railtie.rb
+- lib/phi_attrs/rspec.rb
 - lib/phi_attrs/version.rb
 - phi_attrs.gemspec
 homepage: http://www.apsis.io