Hello everyone 
I have some question about my app. How can I prevent a user from viewing another user profile?
I mean, a user can only view their own profile. If user 123 is logged in, he is allowed in ‘view&id=123’ but denied in ‘view&id=234’ etc.
I know how to do this from the view page, but, am I able to deny it from my Controller? I’m thinking to use expression but I can’t get it right. Here is my code
array('deny',
'actions'=>array('view'),
'expression'=>'$user->getName()!=??',
),
What is the right expression to replace the ‘??’ part?
I tried to use $id (the actionView parameter) but it showed me an error 
Here are two ways you can do it:
First way:In your controller’s action you can add the following code:
public function actionView($id){
if(Yii::app()->user->id != $id)//If these IDs are different, throw exception
throw new CHttpException(401, 'You are not authorized to see this page!');
}
Second way:
Create a function inside your controller
function checkAuthorization(){
$id = Yii::app()->request->getParam("id");//Get id from GET array
if($id == Yii::app()->user->id)//Check if id's are the same
return true;
return false;
}
And call this action in the action filter like the following code demonstrates:
array('allow',
'actions'=>array("view"),
'users' => array('@'),//Only logged in users can access view action
'expression'=>array("YOURController","checkAuthorization")),//Logged in user must also satisfy the rules in checkAuthorization function
