If jobhistory/job.* is filtered to bypass acl, resulting page will always show Null user. This differs from 0.20 where filtering on this page, bypasses security to allow all access to the page. essentially passes a null user to AppController where an exception is thrown. If a null user is detected, we should acl checking is disabled on this page.