I think if there is no API method what you have there is fine.
Depending on the logic you want to do to prevent users doing the action, you can either unregister it globally for everyone, or put that in an if statement where you weed out who's not allowed to do it.
Or you can return false in the 'action',[action] plugin hook
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.