From 32b6903475e74ad22653da6c862765617404cda4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Germ=C3=A1n=20Mart=C3=ADn?= <github@gmartin.net>
Date: Mon, 3 Nov 2025 22:20:10 +0100
Subject: [PATCH] feat(auth): conditionally enable user signup and access token
 generation based on access token login status

---
 .../admin-overview/admin-overview.html        | 28 +++++++++++--------
 .../components/admin-users/admin-users.html   |  1 +
 .../user-account-access.component.ts          | 15 ++++++----
 3 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/apps/client/src/app/components/admin-overview/admin-overview.html b/apps/client/src/app/components/admin-overview/admin-overview.html
index c47387f37..624ca7115 100644
--- a/apps/client/src/app/components/admin-overview/admin-overview.html
+++ b/apps/client/src/app/components/admin-overview/admin-overview.html
@@ -30,19 +30,23 @@
               }
             </div>
           </div>
-          <div class="d-flex my-3">
-            <div class="w-50" i18n>User Signup</div>
-            <div class="w-50">
-              <mat-slide-toggle
-                color="primary"
-                hideIcon="true"
-                [checked]="
-                  info.globalPermissions.includes(permissions.createUserAccount)
-                "
-                (change)="onEnableUserSignupModeChange($event)"
-              />
+          @if (info?.isAccessTokenLoginEnabled !== false) {
+            <div class="d-flex my-3">
+              <div class="w-50" i18n>User Signup</div>
+              <div class="w-50">
+                <mat-slide-toggle
+                  color="primary"
+                  hideIcon="true"
+                  [checked]="
+                    info.globalPermissions.includes(
+                      permissions.createUserAccount
+                    )
+                  "
+                  (change)="onEnableUserSignupModeChange($event)"
+                />
+              </div>
             </div>
-          </div>
+          }
           @if (hasPermissionToToggleReadOnlyMode) {
             <div class="d-flex my-3">
               <div class="w-50" i18n>Read-only Mode</div>
diff --git a/apps/client/src/app/components/admin-users/admin-users.html b/apps/client/src/app/components/admin-users/admin-users.html
index e802e3272..a04fd5680 100644
--- a/apps/client/src/app/components/admin-users/admin-users.html
+++ b/apps/client/src/app/components/admin-users/admin-users.html
@@ -235,6 +235,7 @@
                 }
                 <button
                   mat-menu-item
+                  [disabled]="info?.isAccessTokenLoginEnabled === false"
                   (click)="onGenerateAccessToken(element.id)"
                 >
                   <span class="align-items-center d-flex">
diff --git a/apps/client/src/app/components/user-account-access/user-account-access.component.ts b/apps/client/src/app/components/user-account-access/user-account-access.component.ts
index afcb9d9c8..bd7f32901 100644
--- a/apps/client/src/app/components/user-account-access/user-account-access.component.ts
+++ b/apps/client/src/app/components/user-account-access/user-account-access.component.ts
@@ -5,7 +5,7 @@ import { NotificationService } from '@ghostfolio/client/core/notification/notifi
 import { DataService } from '@ghostfolio/client/services/data.service';
 import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service';
 import { UserService } from '@ghostfolio/client/services/user/user.service';
-import { Access, User } from '@ghostfolio/common/interfaces';
+import { Access, InfoItem, User } from '@ghostfolio/common/interfaces';
 import { hasPermission, permissions } from '@ghostfolio/common/permissions';
 import { GfPremiumIndicatorComponent } from '@ghostfolio/ui/premium-indicator';
 
@@ -59,6 +59,7 @@ export class GfUserAccountAccessComponent implements OnDestroy, OnInit {
   public hasPermissionToCreateAccess: boolean;
   public hasPermissionToDeleteAccess: boolean;
   public hasPermissionToUpdateOwnAccessToken: boolean;
+  public info: InfoItem;
   public isAccessTokenHidden = true;
   public updateOwnAccessTokenForm = this.formBuilder.group({
     accessToken: ['', Validators.required]
@@ -79,7 +80,8 @@ export class GfUserAccountAccessComponent implements OnDestroy, OnInit {
     private tokenStorageService: TokenStorageService,
     private userService: UserService
   ) {
-    const { globalPermissions } = this.dataService.fetchInfo();
+    this.info = this.dataService.fetchInfo();
+    const { globalPermissions } = this.info;
 
     this.hasPermissionToDeleteAccess = hasPermission(
       globalPermissions,
@@ -102,10 +104,11 @@ export class GfUserAccountAccessComponent implements OnDestroy, OnInit {
             permissions.deleteAccess
           );
 
-          this.hasPermissionToUpdateOwnAccessToken = hasPermission(
-            this.user.permissions,
-            permissions.updateOwnAccessToken
-          );
+          this.hasPermissionToUpdateOwnAccessToken =
+            hasPermission(
+              this.user.permissions,
+              permissions.updateOwnAccessToken
+            ) && this.info?.isAccessTokenLoginEnabled !== false;
 
           this.changeDetectorRef.markForCheck();
         }