Do not allow normal admins to impersonate superadmins

src/views/users.html

@@ -667,7 +667,7 @@
                     <button ng-show="isMe(user) && userInfo.isAtLeastOwner && user.isAtLeastOwner && !config.features.userRoles" class="btn btn-xs btn-default" ng-click="transferOwnership.show()" uib-tooltip="{{ 'users.users.transferOwnershipTooltip' | tr }}"><i class="fas fa-random"></i></button>
                     <button ng-disabled="!canEdit(user)" ng-show="!user.inviteAccepted && !isMe(user)" class="btn btn-xs btn-default" ng-click="invitation.show(user)" uib-tooltip="{{ 'users.users.invitationTooltip' | tr }}"><i class="fas fa-paper-plane"></i></button>
                     <button ng-disabled="!canEdit(user) || user.source" ng-show="user.inviteAccepted" class="btn btn-xs btn-default" ng-click="passwordReset.show(user)" uib-tooltip="{{ 'users.users.resetPasswordTooltip' | tr }}"><i class="fas fa-key"></i></button>
-                    <button ng-disabled="!userInfo.isAtLeastAdmin || !user.username" class="btn btn-xs btn-default" ng-click="setGhost.show(user)" uib-tooltip="{{ 'users.users.setGhostTooltip' | tr }}"><i class="fas fa-user-secret"></i></button>
+                    <button ng-disabled="!canImpersonate(user)" class="btn btn-xs btn-default" ng-click="setGhost.show(user)" uib-tooltip="{{ 'users.users.setGhostTooltip' | tr }}"><i class="fas fa-user-secret"></i></button>
                     <button ng-disabled="!canEdit(user)" class="btn btn-xs btn-default" ng-click="useredit.show(user)" uib-tooltip="{{ 'users.users.editUserTooltip' | tr }}"><i class="fa fa-pencil-alt"></i></button>
                     <button ng-disabled="!canEdit(user) || isMe(user)" class="btn btn-xs btn-danger" ng-click="userremove.show(user)" uib-tooltip="{{ 'users.users.removeUserTooltip' | tr }}"><i class="far fa-trash-alt"></i></button>
                   </td>