/** * Denies access to the user. * This method is invoked when the access check fails * @throws CHttpException if no user is logged in * @param IWebUser $user the web user * @param string $message the message to display */ protected function accessDenied(IWebUser $user, $message) { if ($user->getIsGuest()) { $user->loginRequired(); } else { throw new CHttpException(403, $message); } }