diff --git a/core/Extension.php b/core/Extension.php
index 5152d6a35..c31227317 100644
--- a/core/Extension.php
+++ b/core/Extension.php
@@ -13,6 +13,12 @@
  * @subpackage core
  */
 abstract class Extension extends Object {
+	/**
+	 * This is used by extensions designed to be applied to controllers.
+	 * It works the same way as {@link Controller::$allowed_actions}.
+	 */
+	public static $allowed_actions = null;
+
 	/**
 	 * The DataObject that owns this decorator.
 	 * @var DataObject
diff --git a/core/control/Controller.php b/core/control/Controller.php
index 489696991..e3a36508b 100644
--- a/core/control/Controller.php
+++ b/core/control/Controller.php
@@ -547,6 +547,14 @@ class Controller extends ViewableData {
 			$className = get_parent_class($className);
 		}
 		
+		// Add $allowed_actions from extensions
+		if($this->extension_instances) {
+			foreach($this->extension_instances as $inst) {
+				$accessPart = $inst->stat('allowed_actions');
+				if($accessPart !== null) $access = array_merge((array)$access, $accessPart);
+			}
+		}
+		
 		if($access === null || $accessParts[0] === $accessParts[1]) {
 			// user_error("Deprecated: please define static \$allowed_actions on your Controllers for security purposes", E_USER_NOTICE);
 			return true;