restrict user editing

app/abilities/user_ability.rb

@@ -6,16 +6,16 @@ def initialize(user)
 
     can [:delete_account, :teacher], User
 
-    can [:index, :elevate, :destroy], User do
+    can [:index, :elevate, :destroy, :edit], User do
       user.admin?
     end
 
-    can [:edit, :update], User do |given_user|
+    can :update, User do |given_user|
       user.admin? || (!user.generic? && user == given_user)
     end
 
-    can [:fill_user_select, :list, :list_generic_users], User do
+    can [:fill_user_select, :list_generic_users], User do
       !user.generic?
     end
   end
-end
+end

app/controllers/users_controller.rb

@@ -95,7 +95,7 @@ def elevate_params
   end
 
   def user_params
-    params.require(:user).permit(:name, :email, :admin, :homepage,
+    params.require(:user).permit(:name, :email, :homepage,
                                  :current_lecture_id,:image)
   end
 
@@ -109,4 +109,4 @@ def set_elevated_users
     @elevated_users = User.where(admin: true).or(User.proper_editors)
                           .or(User.teachers)
   end
-end
+end

app/views/users/_basics.html.erb

@@ -16,20 +16,6 @@
        id="user-email-error">
   </div>
 </div>
-  <div class="form-group form-row"
-       style="display: <%= hide(profile) %>">
-    <div class="col-12">
-      <div class="custom-control custom-checkbox">
-        <%= f.check_box :admin,
-                        class: 'custom-control-input',
-                        disabled: user == current_user %>
-        <%= f.label :admin,
-                    t('basics.administrator'),
-                    { class: 'custom-control-label' } %>
-        <%= helpdesk(t('admin.user.info.administrator'), false) %>
-      </div>
-    </div>
-  </div>
 <div class="form-group">
   <%= f.label :current_lecture_id,
               t('admin.user.current_lecture') %>