Fix RestrictedResource.is_owned_by for group owner and member accessing user
Previusly a case where the accessing user was a member of an owning group was not handled. Now a resource.is_owned_by(user) returns true when user is a member of resource.group.