[ 'user' => Yii::$app->apiUser, ], 'access' => [ 'class' => AccessControl::class, 'rules' => [ [ 'actions' => ['ban'], 'allow' => true, 'roles' => [S::ACCOUNT_BLOCK], ], ], ], ]); } public function actionBan(int $accountId) { $account = $this->findAccount($accountId); $model = new BanForm($account); $model->load(Yii::$app->request->post()); if (!$model->ban()) { return [ 'success' => false, 'errors' => $model->getFirstErrors(), ]; } return [ 'success' => true, ]; } private function findAccount(int $accountId): Account { $account = Account::findOne($accountId); if ($account === null) { throw new NotFoundHttpException(); } return $account; } }