/** * Users which have 'updateOwnProduct' permission can delete price only from Product models that have been created by their. * Users which have 'updateProduct' permission can delete price from all Product models. * * @param integer $priceId * @param integer $id * @param integer $languageId * @return mixed * @throws ForbiddenHttpException */ public function actionRemovePrice($priceId, $id, $languageId) { if (\Yii::$app->user->can('updateProduct', ['productOwner' => Product::findOne($id)->owner])) { ProductPrice::deleteAll(['id' => $priceId]); return $this->actionAddPrice($id, $languageId); } else { throw new ForbiddenHttpException(\Yii::t('shop', 'You have not permission to do this action.')); } }