diff --git a/code/AssetAdmin.php b/code/AssetAdmin.php
index 6bb7eb35..1ec4bada 100755
--- a/code/AssetAdmin.php
+++ b/code/AssetAdmin.php
@@ -13,6 +13,21 @@
  */
 class AssetAdmin extends LeftAndMain {
 	static $tree_class = "File";
+	
+	static $allowed_actions = array(
+		'addfolder',
+		'deletefolder',
+		'deletemarked',
+		'deleteUnusedThumbnails',
+		'doUpload',
+		'getfile',
+		'getsubtree',
+		'movemarked',
+		'removefile',
+		'save',
+		'savefile',
+		'uploadiframe',
+	);
 
 	public function Link($action=null) {
 		if(!$action) $action = "index";
diff --git a/code/CMSMain.php b/code/CMSMain.php
index a066a911..ba0f0186 100644
--- a/code/CMSMain.php
+++ b/code/CMSMain.php
@@ -13,11 +13,41 @@
  * @todo Create some base classes to contain the generic functionality that will be replicated.
  */
 class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionProvider {
-		
+	
 	static $tree_class = "SiteTree";
 	
 	static $subitem_class = "Member";
 	
+	static $allowed_actions = array(
+		'addmember',
+		'addpage',
+		'buildbrokenlinks',
+		'canceldraftchangesdialog',
+		'compareversions',
+		'createtranslation',
+		'delete',
+		'deletefromlive',
+		'deleteitems',
+		'dialog',
+		'duplicate',
+		'duplicatewithchildren',
+		'getpagecount',
+		'getpagemembers',
+		'getversion',
+		'publishall',
+		'publishitems',
+		'restorepage',
+		'revert',
+		'rollback',
+		'sidereport',
+		'submit',
+		'switchlanguage',
+		'tasklist',
+		'unpublish',
+		'versions',
+		'waitingon',		
+	);
+	
 	/**
 	 * SiteTree Columns that can be filtered using the the Site Tree Search button
 	 */
@@ -1324,29 +1354,6 @@ JS
 		return $this->returnItemToUser($newrecord);
 	}
 
-	// HACK HACK HACK - Dont remove without telling simon ;-)
-
-	/**
-	 * This is only used by parents inc.
-	 * TODO Work out a better way of handling control to the individual page objects.
-	 */
-	function sethottip($data,$form) {
-		$page = DataObject::get_by_id("SiteTree", $_REQUEST['ID']);
-		return $page->sethottip($data,$form);
-	}
-	/**
-	 * This is only used by parents inc.
-	 * TODO Work out a better way of handling control to the individual page objects.
-	 */
-	function notifyInvitation($data,$form) {
-		$page = DataObject::get_by_id("SiteTree", $_REQUEST['ID']);
-		return $page->notifyInvitation($data,$form);
-	}
-	function testInvitation($data,$form) {
-		$page = DataObject::get_by_id("SiteTree", $_REQUEST['ID']);
-		return $page->testInvitation($data,$form);
-	}
-
 	/**
 	 * Provide the permission codes used by LeftAndMain.
 	 * Can't put it on LeftAndMain since that's an abstract base class.
diff --git a/code/CommentAdmin.php b/code/CommentAdmin.php
index 277d0813..1a2a551c 100644
--- a/code/CommentAdmin.php
+++ b/code/CommentAdmin.php
@@ -11,6 +11,14 @@
  * @subpackage comments
  */
 class CommentAdmin extends LeftAndMain {
+	static $allowed_actions = array(
+		'approvedmarked',
+		'deleteall',
+		'deletemarked',
+		'hammarked',
+		'showtable',
+		'spammarked',
+	);
 	
 	public function init() {
 		parent::init();
diff --git a/code/GenericDataAdmin.php b/code/GenericDataAdmin.php
index e448c30a..2b28afb9 100755
--- a/code/GenericDataAdmin.php
+++ b/code/GenericDataAdmin.php
@@ -13,6 +13,14 @@
  * @subpackage core
  */
 abstract class GenericDataAdmin extends LeftAndMain {
+	static $allowed_actions = array(
+		'createRecord',
+		'delete',
+		'export',
+		'getResults',
+		'save',
+		'show',
+	);
 
 	public $filter;
 	
diff --git a/code/LeftAndMain.php b/code/LeftAndMain.php
index b46e9179..4107c5e8 100644
--- a/code/LeftAndMain.php
+++ b/code/LeftAndMain.php
@@ -16,6 +16,19 @@ abstract class LeftAndMain extends Controller {
 	static $extra_menu_items = array(), $removed_menu_items = array(), $replaced_menu_items = array();
 	static $ForceReload;
 
+	static $allowed_actions = array(
+		'ajaxupdateparent',
+		'ajaxupdatesort',
+		'callPageMethod',
+		'deleteitems',
+		'getitem',
+		'getsubtree',
+		'myprofile',
+		'printable',
+		'save',
+		'show',
+	);
+
 	function init() {
 		Director::set_site_mode('cms');
 		
diff --git a/code/NewsletterAdmin.php b/code/NewsletterAdmin.php
index 9a5ddd50..44526e67 100755
--- a/code/NewsletterAdmin.php
+++ b/code/NewsletterAdmin.php
@@ -14,6 +14,31 @@ class NewsletterAdmin extends LeftAndMain {
 	static $subitem_class = "Member";
 
 	static $template_path = null; // defaults to (project)/templates/email
+	
+	static $allowed_actions = array(
+		'adddraft',
+		'addgroup',
+		'addtype',
+		'autocomplete',
+		'displayfilefield',
+		'getformcontent',
+		'getsentstatusreport',
+		'getsitetree',
+		'memberblacklisttoggle',
+		'newmember',
+		'remove',
+		'removebouncedmember',
+		'removenewsletter',
+		'save',
+		'savemember',
+		'savenewsletter',
+		'sendnewsletter',
+		'showdrafts',
+		'showmailtype',
+		'shownewsletter',
+		'showrecipients',
+		'showsent',
+	);
 
 	public function init() {
 		// Check permissions
diff --git a/code/SecurityAdmin.php b/code/SecurityAdmin.php
index 06205446..04d56902 100644
--- a/code/SecurityAdmin.php
+++ b/code/SecurityAdmin.php
@@ -13,6 +13,17 @@
 class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 	static $tree_class = "Group";
 	static $subitem_class = "Member";
+	
+	static $allowed_actions = array(
+		'addgroup',
+		'addmember',
+		'autocomplete',
+		'getmember',
+		'listmembers',
+		'newmember',
+		'removememberfromgroup',
+		'savemember',
+	);
 
 	public function init() {
 		// Check permissions