This is convenient but causes a problem: any member of staff can edit this ACL (say, by mistake) to break the access control policy.
That isn't necessarily a bad thing - wikis are based largely on trust.
In the preSave method, if the current editor has the special role that allows him to handle ACL, the to-be-saved content is saved directly. Otherwise, any ACL in the to-be-saved content is ignored, and the current (official) ACLs are read from the current version of the page and appended to the to-be-saved content, before it is saved.
This should work. It's probably easier to simply reject edits which are trying to mess your ACLs; then you don't have to parse/fix things too much.
/Janne
