2 files changed, 9 insertions, 2 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index da82d1c..b4c98a0 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -31,6 +31,12 @@ class UsersController < ApplicationController
   def edit
   end
 
+  def update
+    @user.update_attributes user_params
+    flash[:notice] = I18n.t(:changes_saved) if @user.valid?
+    respond_with @user, location: edit_user_path(@user)
+  end
+
   def deactivate
     @user.account.disable
     flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
@@ -62,7 +68,7 @@ class UsersController < ApplicationController
     if admin?
       params.require(:user).permit(:effective_service_level)
     else
-      params.require(:user).permit(:password, :password_confirmation)
+      params.require(:user).permit(:contact_email)
     end
   end
 
diff --git a/app/views/users/_edit.html.haml b/app/views/users/_edit.html.haml
index 1d2b68a..8662979 100644
--- a/app/views/users/_edit.html.haml
+++ b/app/views/users/_edit.html.haml
@@ -2,12 +2,13 @@
 -# edit user form, used by both show and edit actions.
 -#
 -# We render a bunch of forms here. Which we use depends upon config settings
--# user_actions and admin_actions. They both include an array of actions 
+-# user_actions and admin_actions. They both include an array of actions
 -# allowed to users and admins.
 -# Possible forms are:
 -#  'change_password'
 -#  'change_pgp_key'
 -#  'change_service_level'
+-#  'contact_email'
 -#  'destroy_account'
 - actions = APP_CONFIG[admin? ? :admin_actions : :user_actions] || []
 - actions.each do |action|