getUser()->isAdmin() && !$this->getUser()->isApi()) { throw new Forbidden(); } } public function actionCreate($params, $data, $request, $response = null) { $result = parent::actionCreate($params, $data, $request, $response); if ($response) $response->setStatus(201); return $result; } }