Make the user admin interfaces
-
user/
id/groups: to modify a user's groups -
user/
id/edit: to modify a user's profile -
user/
id/password: to modify a user's password -
user/
id/email: to modify a user's email
All those views must have different output whether the logged user is the concerned user, or the logged user is an admin, or the logged user has no rights