See PHI1291. To reproduce:
- View a task you have permission to see, but do not have permission to edit.
- Add a comment and try to sign your comment with MFA.
- You can explicitly "Sign with MFA" even if you can't edit.
- You can not "Sign with MFA" unless you can edit.
The "Sign with MFA" action is an interaction (like a comment), not an edit, so it shouldn't require edit permission.