1) Log a user in and cache all their information such as permissions, group assignment, etc. This would mean group and permission changes would not take effect until next login. The plus side to this is that performance will increase because there is no longer a need to hit the database each request.
Are you saying that each and every request, i.e., any option from the quick links, and operation such as adding a reservation and/or changing a reservation, etc., requires permissions checks? If that is the case, I would definitely prefer option #1. I can't imagine too many people needing instant permission changes while a user is logged in. As long as the permissions would update when a user logs in again, #1 makes more sense to me.
Thanks again for a great program. I'm running 1.2.5 and just about to implement it company wide for conference room scheduling.