diff --git a/ibt2.py b/ibt2.py
index 0d1414e..4a90a28 100755
--- a/ibt2.py
+++ b/ibt2.py
@@ -351,7 +351,7 @@ class UsersHandler(BaseHandler):
         data['username'] = username
         data['email'] = email
         data['password'] = utils.hash_password(password)
-        if 'isAdmin' in data:
+        if 'isAdmin' in data and not self.current_user_info.get('isAdmin'):
             del data['isAdmin']
         doc = self.db.add(self.collection, data)
         if 'password' in doc:
@@ -369,6 +369,8 @@ class UsersHandler(BaseHandler):
             del data['_id']
         if 'username' in data:
             del data['username']
+        if 'isAdmin' in data and (str(self.current_user) == id_ or not self.current_user_info.get('isAdmin')):
+            del data['isAdmin']
         if 'password' in data:
             password = (data['password'] or '').strip()
             if password:
@@ -376,6 +378,8 @@ class UsersHandler(BaseHandler):
             else:
                 del data['password']
         merged, doc = self.db.update(self.collection, {'_id': id_}, data)
+        if 'password' in doc:
+            del doc['password']
         self.write(doc)
 
     @gen.coroutine
diff --git a/src/User.vue b/src/User.vue
index ceef0db..893e033 100644
--- a/src/User.vue
+++ b/src/User.vue
@@ -13,10 +13,13 @@
                 <div class="md-body-2">Change password</div>
                 <md-input-container id="password-input" md-has-password>
                     <label>New password</label>
-                    <md-input v-model="password" type="password" />
+                    <md-input v-model="user.password" type="password" />
                 </md-input-container>
 
-                <md-button class="md-raised md-primary" @click="save()">Save</md-button>
+                <md-switch v-if="loggedInUser.isAdmin" v-model="user.isAdmin" class="md-warn">is admin</md-switch>
+                <br />
+
+                <md-button id="save-button" class="md-raised md-primary" @click="save()">Save</md-button>
             </md-card-content>
         </md-card>
         <ibt-snackbar ref="snackbarObj" />
@@ -31,7 +34,7 @@ import IbtSnackbar from './IbtSnackbar.vue';
 export default {
     data () {
         return {
-            user: {},
+            user: {email: '', password: null, isAdmin: false},
             password: null
         }
     },
@@ -57,13 +60,13 @@ export default {
             }, (response) => {
                 this.$refs.dialogObj.show({text: 'unable to get user'});
             }).then((data) => {
+                console.log(data);
                 this.user = data || {};
             });
         },
 
         save() {
-            var user_data = {password: this.password, email: this.user.email};
-            this.usersUrl.update({id: this.user._id}, user_data).then((response) => {
+            this.usersUrl.update({id: this.user._id}, this.user).then((response) => {
                 return response.json();
             }, (response) => {
                 this.$refs.dialogObj.show({text: 'unable to save user settings'});
@@ -82,4 +85,8 @@ export default {
 #user {
     padding: 10px;
 }
+
+#save-button {
+    margin-top: 40px;
+}
 </style>