--- lib/TWiki/Plugin.pm.dist	2007-11-27 14:19:51.000000000 +0100
+++ lib/TWiki/Plugin.pm	2007-11-27 14:20:32.000000000 +0100
@@ -59,6 +59,7 @@
    'renderWikiWordHandler',        # 1.023
    'startRenderingHandler',        # 1.000 DEPRECATED
    'writeHeaderHandler',           # 1.010 DEPRECATED
+   'permissionCheckHandler'	   # 1.027 ? (gmc)
   );
 
 # deprecated handlers
--- lib/TWiki/Access.pm.dist	2007-11-27 14:21:40.000000000 +0100
+++ lib/TWiki/Access.pm	2007-11-27 16:09:20.000000000 +0100
@@ -128,6 +128,9 @@
                                                       $web, $topic );
     }
 
+    $this->{session}->{plugins}->permissionCheckHandler($this->{session},$web,$topic,'ALLOWTOPIC',$mode,$allowText);
+    $this->{session}->{plugins}->permissionCheckHandler($this->{session},$web,$topic,'DENYTOPIC',$mode,$denyText);
+
     # Check DENYTOPIC
     if( defined( $denyText )) {
         if( $denyText =~ /\S$/ ) {
@@ -159,6 +162,7 @@
     unless( defined( $denyText )) {
         $denyText =
           $prefs->getWebPreferencesValue( 'DENYWEB'.$mode, $web );
+        $this->{session}->{plugins}->permissionCheckHandler($this->{session},$web,$topic,'DENYWEB',$mode,$denyText);
         if( defined( $denyText ) &&
               $this->{session}->{users}->isInList( $user, $denyText )) {
             $this->{failure} = $this->{session}->i18n->maketext('access denied on web');
@@ -170,6 +174,7 @@
     # Check ALLOWWEB. If this is defined and not overridden by
     # ALLOWTOPIC, the user _must_ be in it.
     $allowText = $prefs->getWebPreferencesValue( 'ALLOWWEB'.$mode, $web );
+    $this->{session}->{plugins}->permissionCheckHandler($this->{session},$web,$topic,'ALLOWWEB',$mode,$allowText);
 
     if( defined( $allowText ) && $allowText =~ /\S/ ) {
         unless( $this->{session}->{users}->isInList( $user, $allowText )) {
@@ -183,6 +188,7 @@
     unless( $web ) {
         $denyText =
           $prefs->getPreferencesValue( 'DENYROOT'.$mode, $web );
+        $this->{session}->{plugins}->permissionCheckHandler($this->{session},$web,$topic,'DENYROOT',$mode,$denyText);
         if( defined( $denyText ) &&
               $this->{session}->{users}->isInList( $user, $denyText )) {
             $this->{failure} = $this->{session}->i18n->maketext('access denied on root');
@@ -191,6 +197,7 @@
         }
 
         $allowText = $prefs->getPreferencesValue( 'ALLOWROOT'.$mode, $web );
+        $this->{session}->{plugins}->permissionCheckHandler($this->{session},$web,$topic,'ALLOWROOT',$mode,$allowText);
 
         if( defined( $allowText ) && $allowText =~ /\S/ ) {
             unless( $this->{session}->{users}->isInList( $user, $allowText )) {
--- lib/TWiki/Plugins.pm.dist	2007-11-27 14:11:32.000000000 +0100
+++ lib/TWiki/Plugins.pm	2007-11-27 15:14:43.000000000 +0100
@@ -109,6 +109,7 @@
    redirectCgiQueryHandler        => 1,
    renderFormFieldForEditHandler  => 1,
    renderWikiWordHandler          => 1,
+#   permissionCheckHandler	  => 1,
   );
 
 =pod
@@ -865,4 +866,9 @@
     return _dispatch( $this, 'renderWikiWordHandler', @_ );
 }
 
+sub permissionCheckHandler {
+    my $this = shift;
+    return _dispatch( $this, 'permissionCheckHandler', @_ );
+}
+
 1;