diff -urp privatemsg/privatemsg.module privatemsg_access/privatemsg.module
--- privatemsg/privatemsg.module	2008-09-03 07:20:51.414400000 +0100
+++ privatemsg_access/privatemsg.module	2008-09-03 07:45:21.966400000 +0100
@@ -32,13 +32,13 @@ function privatemsg_menu() {
   $items['messages'] = array(
     'title'            => 'Private messages',
     'page callback'    => 'privatemsg_list',
-    'access arguments' => array('read privatemsg'),
+    'access callback' => 'privatemsg_access',
     'type'             => MENU_NORMAL_ITEM,
   );
   $items['messages/inbox'] = array(
     'title'            => 'Inbox',
     'page callback'    => 'privatemsg_list',
-    'access arguments' => array('read privatemsg'),
+    'access callback' => 'privatemsg_access',
     'type'             => MENU_DEFAULT_LOCAL_TASK,
     'weight'           => -10,
   );
@@ -53,7 +53,7 @@ function privatemsg_menu() {
   $items['messages/sent'] = array(
     'title'            => 'Sent messages',
     'page callback'    => 'privatemsg_list',
-    'access arguments' => array('read privatemsg'),
+    'access callback' => 'privatemsg_access',
     'type'             => MENU_LOCAL_TASK,
     'weight'           => -5,
   );
@@ -87,6 +87,12 @@ function privatemsg_menu() {
     'type'             => MENU_CALLBACK,
     'weight'           => -10,
   );
+  $items['user/%/messages'] = array(
+    'title' => 'Messages',
+    'page callback' => 'privatemsg_list',
+    'access callback' => 'privatemsg_access',
+    'type' => MENU_LOCAL_TASK,
+  );
   $items['admin/settings/messages'] = array(
     'title'            => 'Private messages',
     'description'      => 'Configure private messaging settings.',
@@ -213,28 +219,18 @@ function privatemsg_preprocess_privatems
  */
 function privatemsg_list($uid = NULL) {
   global $user;
-  disallow_anon_access();
-
-  if (!$uid) {
-    // Default behavior: we are trying to view our own private messages if no uid is passed...
-    $account = $user;
+  if (arg(0) == 'user' && is_numeric(arg(1))) {
+    $uid = arg(1);
+    $account = user_load(array('uid' => $uid));
+    $box = arg(3);
   }
-  else { // ...or we are viewing either our own or someone else's messages.
-    if ($uid && $uid == $user->uid) { // Viewing our own messages.
-      $account = $user;
-    }
-    else if ($uid && $uid != $user->uid && user_access('read all private messages')) {
-      $account = user_load(array('uid' => $uid));
-    }
-    else { // We tried viewing someone else's messages but didn't have sufficient rights.
-      drupal_set_message("You do not have sufficient rights to view someone else's messages", WATCHDOG_WARNING);
-      $account = $user;
-    }
+  else {
+    $account = $user;
+    $box = arg(1);
   }
-  // By this point we have figured out for which user we are listing messages and now it is safe to use $account->uid in the listing query.
 
 //  drupal_set_message('<pre>'. print_r($uid, 1) .'</pre>');
-  switch (arg(1)) {
+  switch ($box) {
     case 'sent':
       $query = _privatemsg_assemble_query('privatemsg_list_sent', $account);
       break;
@@ -266,22 +262,22 @@ function privatemsg_list($uid = NULL) {
           $col = 'to';
           break;
         case 'timestamp':
-          $col = arg(1) == 'sent' ? 'sent' : 'received';
+          $col = $box == 'sent' ? 'sent' : 'received';
           break;
         default:
           $col = $index;
       }
       $head[$index] =  array('data' => t($col), 'field' => $index, 'sort'=> 'desc');
     }
-    if (arg(1) == 'inbox') {
+    if ($box == 'inbox') {
       $query = _privatemsg_assemble_query('privatemsg_list', $account);
     }
-    else if (arg(1) == 'sent') {
+    else if ($box == 'sent') {
       $query = _privatemsg_assemble_query('privatemsg_list_sent', $account);
     }
 
     $result = db_query($query);
-    if (arg(1) != 'sent') {
+    if ($box != 'sent') {
       unset($head['new']);
     }
 
@@ -301,7 +297,7 @@ function privatemsg_list($uid = NULL) {
       if ($row['timestamp']) {
         $row['timestamp'] = '<span class="privatemsg-list-date' .  $unread.'">' . format_date($row['timestamp'],'small') . '</span>';
       }
-      if (arg(1) != 'sent') {
+      if ($box != 'sent') {
         unset($row['new']);
       }
       unset($row['id']);
@@ -797,6 +793,22 @@ function disallow_anon_access() {
   }
 }
 
+function privatemsg_access () {
+  global $user;
+  if (!$user->uid) { // Disallow anonymous access, regardless of permissions
+    return FALSE;
+  }
+  elseif (arg(0) == 'user' && is_numeric(arg(1))) {
+    if (!user_access('read all private messages')) {
+      return FALSE;
+    }
+  }
+  elseif (!user_access('read privatemsg')) {
+    return FALSE;
+  }
+  return TRUE;
+}
+
 function privatemsg_user($op, &$edit, &$account, $category = NULL) {
   global $user;