use auth guard, fix edge case for guest

resources/views/Widgets/FeedbackOrderWidget.twig

@@ -17,7 +17,7 @@
             :item-images="{{ Twig.print("data.itemImages | json_encode") }}"
             :options="{{ options | json_encode }}"
             :split-item-bundles="{{ Twig.print("splitItemBundle | json_encode") }}"
-            access-key="{{ Twig.print("feedbackServices.feedback.getOrderAccessKey(data.order.id)") }}"
+            access-key="{{ Twig.print(Twig.call("feedbackServices.feedback.getOrderAccessKey", [Twig.var("data.order.id")])) }}"
             order-id="{{ Twig.print("data.order.id | json_encode") }}">
     </feedback-order-container>
 </div>

src/Services/FeedbackService.php

@@ -149,7 +149,7 @@ function () use ($accountService) {
 
         $allowGuestFeedbacks = $this->coreHelper->configValueAsBool(FeedbackCoreHelper::KEY_ALLOW_GUEST_FEEDBACKS);
 
-        if (!$allowGuestFeedbacks && $creatorContactId == 0) {
+        if (!$allowGuestFeedbacks && $creatorContactId == 0 && $order == null) {
             return 'Guests are not allowed to write feedbacks';
         }
 
@@ -485,7 +485,15 @@ public function getAuthenticatedUser($itemId, $variationId)
     public function getOrderAccessKey($orderId)
     {
         $orderRepository = pluginApp(OrderRepositoryContract::class);
-        return $orderRepository->generateAccessKey($orderId);
+        $authHelper = pluginApp(AuthHelper::class);
+
+        $accessKey = $authHelper->processUnguarded(
+            function () use ($orderRepository, $orderId) {
+                return $orderRepository->generateAccessKey($orderId);
+            }
+        );
+
+        return $accessKey;
     }
 
     /**