With a non manager user, the dialog was raising an UnauthorizedError
when accessing form properties like id or update_action.

With verbose security we had :
Unauthorized: Your user account does not have the required permission.
Access to 'update_action' of (ERP5Form at /erp5/person_module/Folder_viewSearchDialog)
denied. Your user account, [some account], exists at /erp5/acl_users. Access requires
one of the following roles: ['Assignee', 'Assignor', 'Associate', 'Auditor', 'Author',
'Manager']. Your roles in this context are ['Authenticated', 'Member'].

By looking further, this regression started with the introduction of erp5_hal_json_style
bt which install ERP5 Form portal type with "Acquire Local Roles" unchecked.

By looking also at aquisition chains of usual Form :

(Pdb) self.person_module.PersonModule_viewPersonList.aq_chain
[<ERP5 Form at /erp5/PersonModule_viewPersonList used for /erp5/person_module>,
 <Person Module at /erp5/person_module>, <ERP5Site at /erp5>, <Application at >,
 <ZPublisher.BaseRequest.RequestContainer object at 0x7f76305cae90>]

And at the one of Folder_viewSearchDialog:

(Pdb) self.person_module.Folder_viewSearchDialog().aq_chain
[<ERP5Form at /erp5/person_module/Folder_viewSearchDialog>,
 <Person Module at /erp5/person_module>, <ERP5Site at /erp5>, <Application at >,
 <ZPublisher.BaseRequest.RequestContainer object at 0x7f05f0751850>]

It seems fixing the acquisition chain is better option than allowing to Acquire Local
Roles on all forms. We now have following chain for this dialog:

After this patch, we have :
(Pdb) self.person_module.Folder_viewSearchDialog().aq_chain
[<ERP5Form at /erp5/Folder_viewSearchDialog used for /erp5/person_module>,
 <Person Module at /erp5/person_module>, <ERP5Site at /erp5>, <Application at >,
 <ZPublisher.BaseRequest.RequestContainer object at 0x7f76305cae90>]