Throw error when user changes ID in the URL (Yii2 and PHP)

You could check if the logged in person has that ID, if yes they can do it and if not, error.

if($model->id == Yii::$app->user->identity->id){
    //Change Something
}else{ 
    throw new ForbiddenHttpException(/*Here explanation if needed*/);
 }

I hope i can help you.