Index: /trunk/cgi-bin/admin.cgi
===================================================================
--- /trunk/cgi-bin/admin.cgi	(revision 788)
+++ /trunk/cgi-bin/admin.cgi	(revision 789)
@@ -349,4 +349,5 @@
 	can_del => ($acl =~ /d/ ? 1 : 0),
 	sysnet => ($acl =~ /s/ ? 1 : 0),
+	can_merge => ($acl =~ /m/ ? 1 : 0),
 	is_admin => ($acl =~ /A/ ? 1 : 0),
 	acl => $acl
@@ -361,10 +362,15 @@
   my $acl = 'b';
   if ($webvar{admin} eq 'on') {
+    # as per request "admin" users do not automatically get merge permission.  Networkz iz hard.
+    # Admin users that add the priviledge and then shoot everybody in all the feet probably
+    # shouldn't have had admin access in the first place.
     $acl .= "acdsA";
+    $acl .= 'm' if $webvar{merge} eq 'on';
   } else {
     $acl .= ($webvar{add} eq 'on' ? 'a' : '').
 	($webvar{change} eq 'on' ? 'c' : '').
 	($webvar{del} eq 'on' ? 'd' : '').
-	($webvar{sysnet} eq 'on' ? 's' : '');
+	($webvar{sysnet} eq 'on' ? 's' : '').
+	($webvar{merge} eq 'on' ? 'm' : '');
   }
   $page->param(acl => $acl);
Index: /trunk/cgi-bin/main.cgi
===================================================================
--- /trunk/cgi-bin/main.cgi	(revision 788)
+++ /trunk/cgi-bin/main.cgi	(revision 789)
@@ -1063,5 +1063,6 @@
 
   # Need to find internal knobs to twist to actually vary these.  (Ab)use "change" flag for now
-  $page->param(maymerge => ($IPDBacl{$authuser} =~ /c/ && $blockinfo->{type} !~ /^.i$/));
+  $page->param(maymerge => ($IPDBacl{$authuser} =~ /m/ && $blockinfo->{type} !~ /^.i$/));
+
   if ($IPDBacl{$authuser} =~ /c/ && $blockinfo->{type} !~ /^.i$/) {
     if ($blockinfo->{type} =~ /^.p$/) {
@@ -1323,4 +1324,9 @@
 # Set up for merge
 sub prepMerge {
+  if ($IPDBacl{$authuser} !~ /m/) {
+    $aclerr = 'mergeblock';
+    return;
+  }
+
   my $binfo = getBlockData($ip_dbh, $webvar{block});
 
@@ -1348,4 +1354,9 @@
 # Show what will be merged, present warnings about data loss
 sub confMerge {
+  if ($IPDBacl{$authuser} !~ /m/) {
+    $aclerr = 'mergeblock';
+    return;
+  }
+
   if (!$webvar{newmask} || $webvar{newmask} !~ /^\d+$/) {
     $page->param(err => 'New netmask required');
@@ -1387,4 +1398,9 @@
 # Make it so
 sub doMerge {
+  if ($IPDBacl{$authuser} !~ /m/) {
+    $aclerr = 'mergeblock';
+    return;
+  }
+
   if (!$webvar{newmask} || $webvar{newmask} !~ /^\d+$/) {
     $page->param(err => 'New netmask required');
Index: /trunk/templates/admin/showusers.tmpl
===================================================================
--- /trunk/templates/admin/showusers.tmpl	(revision 788)
+++ /trunk/templates/admin/showusers.tmpl	(revision 789)
@@ -1,5 +1,5 @@
 Notes:
 <ul>
-<li>Admin users automatically get all other priviledges.
+<li>Admin users automatically get all other priviledges except "merge".
 <li>Everyone has basic read access.
 </ul>
@@ -15,5 +15,5 @@
 <table border="1">
 <tr><td></td><td align="center" colspan="3">General access</td></tr>
-<tr><td>Username</td><td>Add new</td><td>Change</td><td>Delete</td><td>Systems/Networking</td><td>Admin user</td></tr>
+<tr><td>Username</td><td>Add new</td><td>Change</td><td>Delete</td><td>Systems/Networking</td><td>Merge</td><td>Admin user</td></tr>
 
 <TMPL_LOOP name=userlist>
@@ -27,4 +27,5 @@
 <td><input type=checkbox name="del"<TMPL_IF can_del> checked="checked"</TMPL_IF>></td>
 <td><input type=checkbox name="sysnet"<TMPL_IF sysnet> checked="checked"</TMPL_IF>></td>
+<td><input type=checkbox name="merge"<TMPL_IF can_merge> checked="checked"</TMPL_IF>></td>
 <td><input type=checkbox name="admin"<TMPL_IF is_admin> checked="checked"</TMPL_IF>></td>
 <td><input type=submit value="Update"></td>