Add admin authorization check for regenerate cycles button

Restrict UI access to cycle regeneration to administrators only
to prevent policy bypass via user interface

lib/mv_web/live/member_live/show/membership_fees_component.ex

@@ -554,6 +554,11 @@ defmodule MvWeb.MemberLive.Show.MembershipFeesComponent do
   end
 
   def handle_event("regenerate_cycles", _params, socket) do
+    actor = current_actor(socket)
+
+    # SECURITY: Only admins can manually regenerate cycles via UI
+    # Cycle generation itself uses system actor, but UI access should be restricted
+    if actor.role && actor.role.permission_set_name == "admin" do
       socket = assign(socket, :regenerating, true)
       member = socket.assigns.member
 
@@ -594,6 +599,11 @@ defmodule MvWeb.MemberLive.Show.MembershipFeesComponent do
            |> assign(:regenerating, false)
            |> put_flash(:error, format_error(error))}
       end
+    else
+      {:noreply,
+       socket
+       |> put_flash(:error, gettext("Only administrators can regenerate cycles"))}
+    end
   end
 
   def handle_event("edit_cycle_amount", %{"cycle_id" => cycle_id}, socket) do