function post($message, $attachment = null) { // Check the ACL entries. Leaving out parameter 3 will cause the ACL // class to look up and open the current user. if (!acl::getAccess($this, 'post')) { // User doesn't have permission to post at all throw new AccessException("No access to post"); } // Check ACL entries for posting attachments. if ($attachment && !acl::getAccess($this, 'attach')) { // User doesn't have permission to attach stuff throw new AccessException("No access to attach"); } // All is well. Post the data }