Make the user admin interfaces
-
user/
id
/groups: to modify a user's groups -
user/
id
/edit: to modify a user's profile -
user/
id
/password: to modify a user's password -
user/
id
/email: to modify a user's email
All those views must have different output whether the logged user is the concerned user, or the logged user is an admin, or the logged user has no rights