https://gerrit.wikimedia.org/r/#/c/114974/2/api/ApiGroupReview.php,unified seems to have a bad code smell to me. Do we really require every API module to define "isAllowed" and "isBlocked"? That seems like a flawed architectural design to me, if so. When being extended, it seems to me that the base MediaWiki API should be able to handle these checks implicitly, to avoid situations like this.
Or, alternately, perhaps we need to fail faster when these checks are missing.