Apply UI authorization to User LiveViews (Index and Show)

Gate New User button, Edit and Delete links with can?/3.
Edit button on User Show visible only when user can update the user.

lib/mv_web/live/user_live/index.html.heex

@@ -2,9 +2,11 @@
   <.header>
     {gettext("Listing Users")}
     <:actions>
+      <%= if can?(@current_user, :create, Mv.Accounts.User) do %>
         <.button variant="primary" navigate={~p"/users/new"}>
           <.icon name="hero-plus" /> {gettext("New User")}
         </.button>
+      <% end %>
     </:actions>
   </.header>
 
@@ -62,16 +64,20 @@
         <.link navigate={~p"/users/#{user}"}>{gettext("Show")}</.link>
       </div>
 
+      <%= if can?(@current_user, :update, user) do %>
         <.link navigate={~p"/users/#{user}/edit"}>{gettext("Edit")}</.link>
+      <% end %>
     </:action>
 
     <:action :let={user}>
+      <%= if can?(@current_user, :destroy, user) do %>
         <.link
           phx-click={JS.push("delete", value: %{id: user.id}) |> hide("#row-#{user.id}")}
           data-confirm={gettext("Are you sure?")}
         >
           {gettext("Delete")}
         </.link>
+      <% end %>
     </:action>
   </.table>
 </Layouts.app>

lib/mv_web/live/user_live/show.ex

@@ -41,9 +41,11 @@ defmodule MvWeb.UserLive.Show do
             <.icon name="hero-arrow-left" />
             <span class="sr-only">{gettext("Back to users list")}</span>
           </.button>
+          <%= if can?(@current_user, :update, @user) do %>
             <.button variant="primary" navigate={~p"/users/#{@user}/edit?return_to=show"}>
               <.icon name="hero-pencil-square" /> {gettext("Edit User")}
             </.button>
+          <% end %>
         </:actions>
       </.header>