It should not be possible for an admin (without users.manage-admins permission) to manage other admins or superadmins (change their permissions, groups, etc.). This PR implements those safeguards at controller level and also at view level (so the unprivileged user is not given an incorrect impression of what he can do). The admin can still edit groups and permissions provided the ones he cannot manage have been set previously.
It should not be possible for an admin (without users.manage-admins permission) to manage other admins or superadmins (change their permissions, groups, etc.). This PR implements those safeguards at controller level and also at view level (so the unprivileged user is not given an incorrect impression of what he can do). The admin can still edit groups and permissions provided the ones he cannot manage have been set previously.