Tom Barrett

Question: Is it best for an access token to be a child of a staff_member (so if the staff_member is archived, the access token is defunct)? Or better for access...

I agree that http basic auth is old skool and better avoided. But as you say, just using regular accounts would be simpler. I wonder about the option of being...

It sounds like some extra summary rows at the end of the "Attendance > Display" page would fill this need?

Ie at the moment, for each dated column, we have "Total present" row at the bottom. We could add rows for "Total present - Adult", "Total Present -Child" etc. And...

I get the general principle - trimming out irrelevant stuff to smooth the way for common tasks. One existing feature that relates here is the ability to turn certain features...

CardDAV can also be used by Mac Mail, for example. But it does not seem that gmail can be a CardDav client (only a server).

Fair enough, although that'd be a on server without any load. I'm keen to have a quick look at these slow queries anyway to see if there are any obvious...

> is an email code as safe as sms? That's an interesting question, since emails are cheaper to send. Good answers here: https://www.twilio.com/blog/email-2fa-tradeoffs It's noteworthy that in Jethro, your username...

Long-lived cookie like this is not a bad idea. Various sites use it. But unlike SMS auth it doesn't protect against the left-my-computer-unlocked-on-the-train scenario.

Sure, although that will take some time. And if you've saved the password in your browser and the person who picks up your device has access to your email they...