/**
* Denies access to the user.
* This method is invoked when the access check fails
* @throws CHttpException if no user is logged in
* @param IWebUser $user the web user
* @param string $message the message to display
*/
protected function accessDenied(IWebUser $user, $message)
{
if ($user->getIsGuest()) {
$user->loginRequired();
} else {
throw new CHttpException(403, $message);
}
}
