diff --git a/server/controllers/users/profile.js b/server/controllers/users/profile.js
index 13227ecc..53754b14 100644
--- a/server/controllers/users/profile.js
+++ b/server/controllers/users/profile.js
@@ -32,6 +32,8 @@ export const getById = async function(req, res) {
  */
 export const update = async function(req, res) {
   let user = req.user
+  if (user._id !== req.body._id)
+    user = await User.findById(req.body._id).lean()
 
   // For security measurement we remove the roles from the req.body object
   delete req.body.roles