I have a growing web system of around 30,000 users.
There's a few actions on the web system that are disabled for most users. But some trusted clients might be given the privilege to use them.
I already have an object that handles the permissions for each user (get/set). Those permissions are represented in each user database entry as an Integer Field (each bit is a permission).
In my first option I would add a new permission field on my permission manager object for each whitelist that I would want to implement. Then when I would like to know if the current user is on the whitelist, I would call this object and check that permission.
But if would show to the admin a whitelist (display, edit, delete, etc), then I would have to create a permission manager object 30,000 times and test each permission. Which I think is very wasteful.
My second option is to create a new table whitelists and each row would be a different whitelist, then in a TEXT field I would write a comma separated list of users ids. The problem: TEXT VARCHAR or any kind of text field has a character count limit.
I think that the most efficient way is the second option since it's improbable that I would put more than 100 users in the whitelist.
But there's a better implementation?
Maybe I could add a new method to my permission manager object that would use only one query to build lists for a selected permission.