I tested this PR and still have the issue:
the check_access of RHRegistrationFormCheckEmail still calls RHRegistrationFormBase._check_access(self),
which still raise error because the form is private.

Did I miss sth ?

Did you rebuild the assets? RHRegistrationFormCheckEmail is no longer used in the management area, it uses the new RHRegistrationCheckEmail one instead (which is a management-only endpoint).

Ok for the email checker, but same error for RHUploadRegistrationFile:
the check access of this class refers to RHRegistrationFormBase._check_access(self) which requires token for private form.

Need to change check access of RHUploadRegistrationFile.

We should handle those in the same way as for the email checker, ie with a separate RH.

Doing that will require to duplicate RH (front-end, back-end) for each action on registration form,
why not implementing the logic in check_access following the context of the request ?

The logic can (and should) be moved to mixins to avoid duplicating it.

"Simply" putting the logic in _check_access is a bit of a mess because all the access checks usually already come from the RH's inheritance. So it's a single place and somewhat consistent logic, compared to suddenly having a second place that determines whether you're in management mode.

And more important (this is more applicable to the email check than the upload endpoints): Being a manager does not mean that you are working in management mode. If I, as a manager, register normally for an event, then the email check should behave like it does when a user registers, and not like it would for a manager registering someone else.