fix(profile): restrict Create Account action to administrators only

Diogo-Ferraz · Diogo-Ferraz · commit a845f5655b06 · 2026-02-22T19:20:38.000Z
diff --git a/src/app/features/profile/components/user-profile-security/user-profile-security.component.html b/src/app/features/profile/components/user-profile-security/user-profile-security.component.html
@@ -21,7 +21,15 @@ <h2>User Profile & Security</h2>
       </div>
 
       <div class="profile-header__actions">
-        <button pButton type="button" label="Create Account" icon="pi pi-user-plus" class="p-button-outlined" (click)="register()"></button>
+        <button
+          *ngIf="canCreateAccount()"
+          pButton
+          type="button"
+          label="Create Account"
+          icon="pi pi-user-plus"
+          class="p-button-outlined"
+          (click)="register()">
+        </button>
         <button pButton type="button" label="Logout" icon="pi pi-sign-out" class="p-button-outlined" (click)="logout()"></button>
       </div>
     </div>
diff --git a/src/app/features/profile/components/user-profile-security/user-profile-security.component.ts b/src/app/features/profile/components/user-profile-security/user-profile-security.component.ts
@@ -23,6 +23,7 @@ export class UserProfileSecurityComponent {
   readonly claims = computed(() => this.authService.userClaims());
   readonly roles = computed(() => this.authService.userRoles());
   readonly currentUserId = computed(() => this.authService.currentUserId());
+  readonly canCreateAccount = computed(() => this.authService.hasRole('Administrator'));
 
   readonly userDisplayName = computed(() => {
     const claims = this.claims();
