Thymleaf is good for injecting variables at generation time before the client recieves it. They don’t get passed to the user, but are instead used in the generation of the page. So for example “isAdmin” or “hasPermission” would be a great use of thymleaf to branch out various rendered areas of the page, and the areas that don’t qualify are never sent to the user. This is called server-side rendering, and these days is used sparingly because it’s much more efficient to render the DOM client-side.
Angular, VuejS, etc. are client-side DOM renderers. They typically take a data object, usually JSON, and make decisions based on that. The json could contain a list of saved servers or friends or whatever and generate HTML to display the list. This is what you should do as much as possible because it removes the generation burden from your server and pushes it to the client. If you have 100 users the server has to generate 100 seperate pages, but using the client-side approach means each client generates their own page on their own computer, thus “sharing the load”.
TLDR: Use thymleaf only when necessary to reduce server workload. For example to only send parts of a page that the user should see based on their permission level or something, or return a “forbidden” page instead of the admin login if the user is not an admin.