diff --git a/components/settings.vue b/components/settings.vue
index fda05e8..9d859a9 100644
--- a/components/settings.vue
+++ b/components/settings.vue
@@ -25,20 +25,20 @@
 <section class="form inputs special">
 <h3>Profile</h3>
 <label for="">First Name</label>
-<input type="text">
+<input type="text" v-model="user.firstName">
 <label for="">Last Name</label>
-<input type="text">
+<input type="text" :value="user.lastName">
 <label for="">NMLS ID</label>
 <input type="text">
 <label for="">Branch ID</label>
-<input type="text">
+<input type="text" :value="user.branchId">
 
-<select id="" name="" >
-	<option value="usa">USA</option>
-	<option value="canada">Canada</option>
+<select id="" name="" :value="user.country">
+	<option value="USA">USA</option>
+	<option value="Canada">Canada</option>
 </select>
 
-<button @click="check">Save</button>
+<button @click="saveProfile">Save</button>
 </section>
 
 <section class="form inputs special">
@@ -72,6 +72,7 @@ let letterHeadError = ref('')
 let letterheadError = ref('')
 const props = defineProps(['user', 'token'])
 const emit = defineEmits(['updateAvatar', 'updateLetterhead'])
+let user = Object.assign({}, props.user)
 
 function save() {
 }
@@ -164,7 +165,20 @@ function changeLetterhead(blob) {
         ctx.clearRect(0, 0, ctx.canvas.width, ctx.canvas.height)
         ctx.drawImage(img, 0, 0)
     })
+}
 
+function saveProfile() {
+    console.log(user.firstName)
+    fetch(`/api/user`,
+	    {method: 'PATCH',
+	        body: JSON.stringify(user),
+    		headers: {
+        	"Accept": "application/json",
+        	"Authorization": `Bearer ${props.token}`,
+    		},
+        }).then(resp => {
+            if (resp.ok) {}
+        })
 }
 
 watch(props.user, (u) => {
diff --git a/skouter.go b/skouter.go
index edca922..82456ae 100644
--- a/skouter.go
+++ b/skouter.go
@@ -889,24 +889,27 @@ func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) {
 }
 
 // Updates a user using only specified values in the JSON body
-func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {
-	var user User
-	err := json.NewDecoder(r.Body).Decode(&user)
-
-	_, err = mail.ParseAddress(user.Email)
-	if err != nil { http.Error(w, "Invalid email.", 422); return }
+func setUser(user User, db *sql.DB) error {
+	_, err := mail.ParseAddress(user.Email)
+	if err != nil { return err }
 
 	if roles[user.Role] == 0 {
-		http.Error(w, "Invalid role.", 422)
-		return
+		return errors.New("Invalid role")
 	}
 
 	err = updateUser(user, db)
-	if err != nil { http.Error(w, "Bad form values.", 422); return }
+	if err != nil { return err }
+	
+	return nil
+}
 
-	users, err := queryUsers(db, user.Id)
-	if err != nil { http.Error(w, "Bad form values.", 422); return }
-	json.NewEncoder(w).Encode(users[0])
+func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {
+	var user User
+	err := json.NewDecoder(r.Body).Decode(&user)
+	if err != nil { http.Error(w, "Invalid fields", 422); return }
+
+	err = setUser(user, db)
+	if err != nil { http.Error(w, err.Error(), 422); return }
 }
 
 // Update specified fields of the user specified in the claim
@@ -927,7 +930,8 @@ func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) {
 		return
 	}
 
-	patchUser(w, db, r)
+	err = setUser(user, db)
+	if err != nil { http.Error(w, err.Error(), 422); return }
 }
 
 func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {
@@ -1751,7 +1755,7 @@ func api(w http.ResponseWriter, r *http.Request) {
 		patchUser(w, db, r)
 	case match(p, "/api/user", &args) &&
 	r.Method == http.MethodPatch &&
-	guard(r, 2): // For employees to modify own accounts
+	guard(r, 1): // For employees to modify own accounts
 		patchSelf(w, db, r)
 	case match(p, "/api/user", &args) &&
 	r.Method == http.MethodDelete &&