ABBC3 uses that event to block certain reserved bbcodes during post creation based on the group a user belongs to. Your event and this work perfectly in ABBC3. The $user object is the only way to know who the user currently is, but it's not needed from your event since it can just as easily be injected into the extension's classes where needed.
https://github.com/VSEphpbb/abbc3/blob/ ... #L219-L228
I wouldn't say your parser is the problem...the reparsing is the problem. I would think post reparsing should be done with full admin permissions. Doing it based on whoever the lucky user is that triggered a reparse cron task is going to be ugly, because phpBB already has other built in user perms for bbcodes (flash, img, url). It could even be triggered by a bot or guest, for example.
Heck it may be better just to make reparsing the posts a part of the database update to 3.2...just sayin'...
Or...maybe you could make a reparser class that extends the parser class, replacing the methods with the events, so extensions can't introduce user based permissions that might interfere with the reparsing.