diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index a0aaae0313..2b02bb8faf 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -530,8 +530,6 @@ class UsersController extends Controller
      */
     public function update(SaveUserRequest $request, User $user): JsonResponse
     {
-        $this->authorize('update', User::class);
-
         $this->authorize('update', $user);
 
         /**
@@ -588,16 +586,24 @@ class UsersController extends Controller
         // if someone needs to null them out
 
         if ($request->has('permissions')) {
+
+
             $permissions_array = $request->input('permissions');
+            \Log::error(print_r($permissions_array, true));
 
             // Strip out the individual superuser permission if the API user isn't a superadmin
             if (!auth()->user()->isSuperUser()) {
-                unset($permissions_array['superuser']);
+                if (array_key_exists('superuser', $permissions_array)) {
+                    unset($permissions_array['superuser']);
+                }
             }
 
             // Strip out the individual admin permission if the API user isn't an admin
             if (!auth()->user()->isAdmin()) {
-                unset($permissions_array['admin']);
+                if ((is_array($permissions_array)) && (array_key_exists('admin', $permissions_array))) {
+                    unset($permissions_array['admin']);
+                }
+
             }
 
             $user->permissions = $permissions_array;
diff --git a/routes/web/fields.php b/routes/web/fields.php
index 6033d2630a..529842fdc9 100644
--- a/routes/web/fields.php
+++ b/routes/web/fields.php
@@ -41,10 +41,13 @@ Route::group([ 'prefix' => 'fields','middleware' => ['auth'] ], function () {
         'except' => ['show', 'view']
     ]);
 
+
+    // This is a shim to handle bootstrap tables
+    // @todo: normalize this in the JS
     Route::get(
         'fieldsets/{fieldset}/edit',
         [CustomFieldsetsController::class, 'show']
-    )->name('fieldsets.show');
+    )->name('fieldsets.edit.show');
 
     Route::get(
         'fieldsets/{fieldset}',
diff --git a/tests/Feature/Users/Api/UpdateUserTest.php b/tests/Feature/Users/Api/UpdateUserTest.php
index 93786bdd96..e08706a091 100644
--- a/tests/Feature/Users/Api/UpdateUserTest.php
+++ b/tests/Feature/Users/Api/UpdateUserTest.php
@@ -110,7 +110,7 @@ class UpdateUserTest extends TestCase
                 'username' => 'mabel',
                 'password' => 'super-secret',
                 'password_confirmation' => 'super-secret',
-                'email' => 'mabel@onlymurderspod.com',
+                'email' => 'mabel@example.org',
                 'permissions' => '{"a.new.permission":"1"}',
                 'activated' => true,
                 'phone' => '619-555-5555',
@@ -138,7 +138,7 @@ class UpdateUserTest extends TestCase
         $this->assertEquals('Mora', $user->last_name, 'Last name was not updated');
         $this->assertEquals('mabel', $user->username, 'Username was not updated');
         $this->assertTrue(Hash::check('super-secret', $user->password), 'Password was not updated');
-        $this->assertEquals('mabel@onlymurderspod.com', $user->email, 'Email was not updated');
+        $this->assertEquals('mabel@example.org', $user->email, 'Email was not updated');
         $this->assertArrayHasKey('a.new.permission', $user->decodePermissions(), 'Permissions were not updated');
         $this->assertTrue((bool) $user->activated, 'User not marked as activated');
         $this->assertEquals('619-555-5555', $user->phone, 'Phone was not updated');