If an unauthorized student accesses the attendance app (anyone in the momentumfrc slack can log in to attendance app as an unprivileged user), or if a mentor leaves the team, we should be able to remove their user account from the list of active users.
This is definitely a case for soft deletions, for two reasons:
User ids are saved when students or attendance events are registered. We need the user corresponding to that id to persist, so we can verify who registered a student or attendance event, even if that individual has left the team and had their account deleted
If a user is deleted, but then signs in again, we don't want to assign them a new user id. It's the same user, so they should have the same user id. This is only possible if user accounts are soft-deleted, so we can detect when a soft-deleted user signs in and we can re-activate their account instead of creating a new account.
If an unauthorized student accesses the attendance app (anyone in the momentumfrc slack can log in to attendance app as an unprivileged user), or if a mentor leaves the team, we should be able to remove their user account from the list of active users.
This is definitely a case for soft deletions, for two reasons: