Recently I ran into a situation where I had to do some permission check inside a model. So, I am doing that check in model inside defaultScope. So, is it right or OK to throw CHttpException inside defaultScope or is there a better place where I can place this code? Any suggestion or advice?
public function defaultScope()
{
$user_permissions = Yii::app()->user->getState('permissions');
if(empty($user_permissions['has_read_access']))
{
throw new CHttpException(403,'Sorry you do not enough privilege to perform this action');
}
}