Security issue with users

Given an user id (lets say 1), just putting on the browser /users/1/edit , it will allow you to edit the user information even though you shouldn't be allowed to. I'm going to take care of this now
