user merging should only be done by admins

src/tera/admin/user.rs

@@ -64,6 +64,7 @@ async fn index(
 
     let user: User = user.into_inner();
     let allowed_to_edit = ManageUserUser::new(db, &user).await.is_some();
+    let is_admin = AdminUser::new(db, &user).await.is_some();
 
     let users: Vec<UserWithRolesAndMembershipPdf> = join_all(user_futures).await;
     let financial = Role::all_cluster(db, "financial").await;
@@ -76,6 +77,7 @@ async fn index(
         context.insert("flash", &msg.into_inner());
     }
     context.insert("allowed_to_edit", &allowed_to_edit);
+    context.insert("is_admin", &is_admin);
     context.insert("users", &users);
     context.insert("roles", &roles);
     context.insert("financial", &financial);
@@ -110,6 +112,7 @@ async fn index_admin(
         context.insert("flash", &msg.into_inner());
     }
     context.insert("allowed_to_edit", &allowed_to_edit);
+    context.insert("is_admin", &true);
     context.insert("users", &users);
     context.insert("roles", &roles);
     context.insert("financial", &financial);

templates/admin/user/index.html.tera

@@ -4,9 +4,11 @@
     <div class="max-w-screen-lg w-full">
         <h1 class="h1">Users</h1>
         {% if allowed_to_edit %}
-            <div class="mt-5 flex gap-3">
-                <a href="/admin/user/merge" class="btn btn-dark">Benutzer zusammenführen</a>
-            </div>
+            {% if is_admin %}
+                <div class="mt-5 flex gap-3">
+                    <a href="/admin/user/merge" class="btn btn-dark">Benutzer zusammenführen</a>
+                </div>
+            {% endif %}
             <details class="mt-5 bg-gray-200 dark:bg-primary-600 p-3 rounded-md">
                 <summary class="px-3 cursor-pointer text-md font-bold text-primary-950 dark:text-white">
                     Neue Person hinzufügen