I'm in the process of developing an LCMS application for universities where insturctors and students can meet. Now we are faced with a scenario where we need expert advice. All the functionality of the system is implemented role-wise, so each user has a list of submodule/operations - ids which determines what all things he can do.
In every page and sometimes at different places in a single page, we need to check whether the user has access to the different features. To implement this we have two different solutions before us. We would be thankful if you could recommend one for us.
We are having a table for submodules that maps to another table operations. So logically the data will be like "courses ===> add,edit,delete"
First one is to create a singletone class that will create an array with the key as submodule_code and value as operations in csv. Every further call in that page will use the same array.
To store the array in session, when the user logs in. Though we are using int as unique fileds, for programmers to check acces in pages we are using a function similar to checkAccess('courses','add|edit|delete'); . So to implement this we have unique string values as submodule_code and operations. As the system now has almost 30-50 submodules and 150 operations, is it ok to serialize and store the array in Session. The number of users accessing the system may go upto a lakh.
Thank you for your time and consideration.
Sajith A
