At least the firewall needs to query permissions. Acl.read has the
handy attribute of clearing the current ACL. I think the main service
function sould also be re-reading the permissions on each loop, or
perhaps not because it may call setupUser instead? Investigate.