public function beforeAction($action) { // check role if (!Yii::$app->user->isGuest) { $role = new Role(); if (!$role->hasRole($action)) { $this->permissionDeny(); } } return parent::beforeAction($action); }