Steps to reproduce:
1. Create admin user
2. Login as admin user and create action
3. Open dev tools (F12 - Network - Preserve log)
4. Select action in list and choose mass enable
5. Select actionconf.php in dev tools, copy from headers form data
6. Paste into url and change action id. For example action id=3 (default disabled action for superadmin)
Result: action status changed
Expected result: error something like "No permissions to referred object"

Thanks for report vjaceslavs