Merge pull request dmstr#17 from handcode/master

access_owner check in ActiveRecordAccessTrait::find only if user is logged in

Author: handcode

db/traits/ActiveRecordAccessTrait.php

@@ -66,14 +66,16 @@ public static function find()
 
         if (self::$activeAccessTrait) {
 
-            // access owner check
-            if ($accessOwner) {
+            // access owner check only if attribute exists and user is logged in
+            $accessOwnerCheck = false;
+            if ($accessOwner && !\Yii::$app->user->isGuest) {
+                $accessOwnerCheck = true;
                 $query->where([$accessOwner => \Yii::$app->user->id]);
             }
 
             // access read check
             if ($accessRead) {
-                $queryType = ($accessOwner) ? 'orWhere' : 'where';
+                $queryType = ($accessOwnerCheck) ? 'orWhere' : 'where';
                 $authItems = implode(',', array_keys(self::getUsersAuthItems()));
                 $checkInSetQuery = self::getInSetQueryPart($accessRead, $authItems);
                 $query->$queryType($checkInSetQuery);