core: don't set guard on edit_action

This action is typically used to add notes in history in scripts,
including in cases where user does not have modify portal content
permission on the document.

bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testERP5Base.py

@@ -1150,6 +1150,15 @@ class TestERP5Base(ERP5TypeTestCase):
     # workflow is affected
     self.assertTrue(comment in [q['comment'] for q in workflow_history ])
 
+  def test_comment_edit_workflow_edit_action_permission(self):
+    # no special permission is needed to programatically use edit_action from edit_workflow
+    comment = 'some comment'
+    person = self.portal.person_module.newContent(portal_type='Person')
+    self.logout()
+    self.portal.portal_workflow.doActionFor(person, 'edit_action', comment=comment)
+    workflow_history = self.getWorkflowHistory(person, 'edit_workflow')
+    self.assertIn(('Anonymous User', comment), [(q['actor'], q['comment']) for q in workflow_history ])
+
   def test_comment_validation_workflow(self):
     comment = 'some comment'
     person = self.portal.person_module.newContent(portal_type='Person')

product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/edit_workflow/transition_edit_action.xml

@@ -39,9 +39,7 @@
         <item>
             <key> <string>guard_permission</string> </key>
             <value>
-              <tuple>
-                <string>Modify portal content</string>
-              </tuple>
+              <tuple/>
             </value>
         </item>
         <item>

product/ERP5/tests/testSecurity.py

@@ -42,6 +42,7 @@ from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
 
 class TestSecurityMixin(ERP5TypeTestCase):
   workflow_transition_protection_ignored_workflow_id_list = (
+      'edit_workflow',
   )
 
   def _prepareDocumentList(self):