I'm not sure if this is what you mean, but why do you need the ACLS of an object?
You want to enable/disable actions, so if you can get the Allowable Actions then that's enough. Why do you even want to see if user/group x has permissions on an object?
If you look at the possible result of the Allowable Actions CMIS API then there is all you need to know. Also set in the operationContext the include Actions to true)
If you want to know the permissions on an object and what to do other stuff than enable/disable actions then use an admin account to check the permissions and cross-check it with the current user.
Secondly: I don't think it can do harm to enable the permission, but in long-term regarding upgrades etc. I wouldn't change the default permissions. I'd then create a custom permissionGroup which has this permission and apply that on the EVERYONE group at the top level.