/** * Denies the access of the user. * The default implementation will redirect the user to the login page if he is a guest; * if the user is already logged, a 403 HTTP exception will be thrown. * * @param User $user the current user * @throws HttpException if the user is already logged in. */ protected function denyAccess($user) { if ($user->getIsGuest()) { $user->loginRequired(); } else { throw new \yii\web\ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.')); } }