[eluser]asylmottaket[/eluser]
I'm in the process of making a little auth and acl-system.
When authenticated, all permissions and roles is set as a array in the userdata (use session database).
Would this be a okey way of dealing with access control?
I've seen some other alternatives, but they check access from uri string, and then have to make several db queries for every page view. And I'm not quite sure if that is the best way..
Never made a acl-system before.. am I on the wrong path? Or do I make fuzz of a pretty standard way to do it?