fix: security tab visibility

.changeset/afraid-poets-sparkle.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixing Security tab visibility to allow password changes when 2FA/E2E is disabled.

apps/meteor/client/views/account/security/AccountSecurityPage.tsx

@@ -30,10 +30,11 @@ const AccountSecurityPage = (): ReactElement => {
 	const twoFactorTOTP = useSetting('Accounts_TwoFactorAuthentication_By_TOTP_Enabled');
 	const twoFactorByEmailEnabled = useSetting('Accounts_TwoFactorAuthentication_By_Email_Enabled');
 	const e2eEnabled = useSetting('E2E_Enable');
+	const allowPasswordChange = useSetting('Accounts_AllowPasswordChange');
 
 	const passwordFormId = useUniqueId();
 
-	if (!twoFactorEnabled && !e2eEnabled) {
+	if (!twoFactorEnabled && !e2eEnabled && !allowPasswordChange) {
 		return <NotAuthorizedPage />;
 	}
 
@@ -42,13 +43,15 @@ const AccountSecurityPage = (): ReactElement => {
 			<PageHeader title={t('Security')} />
 			<PageScrollableContentWithShadow>
 				<Box maxWidth='x600' w='full' alignSelf='center' color='default'>
-					<FormProvider {...methods}>
-						<Accordion>
-							<Accordion.Item title={t('Password')} defaultExpanded>
-								<ChangePassword id={passwordFormId} />
-							</Accordion.Item>
-						</Accordion>
-					</FormProvider>
+					{allowPasswordChange && (
+						<FormProvider {...methods}>
+							<Accordion>
+								<Accordion.Item title={t('Password')} defaultExpanded>
+									<ChangePassword id={passwordFormId} />
+								</Accordion.Item>
+							</Accordion>
+						</FormProvider>
+					)}
 					<Accordion>
 						{(twoFactorTOTP || twoFactorByEmailEnabled) && twoFactorEnabled && (
 							<Accordion.Item title={t('Two Factor Authentication')}>

apps/meteor/client/views/account/security/AccountSecurityRoute.tsx

@@ -8,7 +8,9 @@ import AccountSecurityPage from './AccountSecurityPage';
 const AccountSecurityRoute = (): ReactElement => {
 	const isTwoFactorEnabled = useSetting('Accounts_TwoFactorAuthentication_Enabled');
 	const isE2EEnabled = useSetting('E2E_Enable');
-	const canViewSecurity = isTwoFactorEnabled || isE2EEnabled;
+	const allowPasswordChange = useSetting('Accounts_AllowPasswordChange');
+
+	const canViewSecurity = isTwoFactorEnabled || isE2EEnabled || allowPasswordChange;
 
 	if (!canViewSecurity) {
 		return <NotAuthorizedPage />;

apps/meteor/client/views/account/sidebarItems.tsx

@@ -27,7 +27,10 @@ export const {
 		href: '/account/security',
 		i18nLabel: 'Security',
 		icon: 'lock',
-		permissionGranted: (): boolean => settings.get('Accounts_TwoFactorAuthentication_Enabled') || settings.get('E2E_Enable'),
+		permissionGranted: (): boolean =>
+			settings.get('Accounts_TwoFactorAuthentication_Enabled') ||
+			settings.get('E2E_Enable') ||
+			settings.get('Accounts_AllowPasswordChange'),
 	},
 	{
 		href: '/account/integrations',