diff --git a/server/portfolio/mutations.py b/server/portfolio/mutations.py
index b363e88d..8ee1cdfd 100644
--- a/server/portfolio/mutations.py
+++ b/server/portfolio/mutations.py
@@ -62,7 +62,8 @@ class UpdateProject(MutateProject):
         cls.user_is_owner(data, info.context.user)
         data['student'] = info.context.user.id
 
-        serializer = ProjectSerializer(data=data)
+        entity = get_object(Project, data['id'])
+        serializer = ProjectSerializer(entity, data=data)
         if serializer.is_valid():
             serializer.save()
             props = {
@@ -76,7 +77,7 @@ class UpdateProject(MutateProject):
     @classmethod
     def user_is_owner(cls, data, user):
         project = get_object(Project, data['id'])
-        if not project or not project.student == user.id:
+        if not project or not project.student == user:
             raise PermissionDenied('not allowed')
 
 
diff --git a/server/portfolio/tests/test_project_mutations.py b/server/portfolio/tests/test_project_mutations.py
index ce370a60..7008a521 100644
--- a/server/portfolio/tests/test_project_mutations.py
+++ b/server/portfolio/tests/test_project_mutations.py
@@ -94,6 +94,32 @@ mutation UpdateProjectMutation($input: UpdateProjectInput!){
         self.assertTrue('message' in result.errors[0])
         self.assertEqual(result.errors[0]['message'], 'not allowed')
 
+    def test_owner_can_edit(self):
+        self.assertEqual(Project.objects.count(), 1)
+        request = RequestFactory().get('/')
+        request.user = self.student
+        self.client = Client(schema=schema, context_value=request)
+        mutation = '''
+mutation UpdateProjectMutation($input: UpdateProjectInput!){
+  updateProject(input: $input) {
+    project {
+      id
+    }
+  }
+}
+'''
+
+        input = {
+            'project': {
+                'id': self.project1.graphql_id,
+                'title': 'Good! THIS IS good!'
+            }
+        }
+        result = self.get_client(self.student).get_result(mutation, variables={
+            'input': input
+        })
+        self.assertIsNone(result.errors)
+
 
 class ProjectMutationsTestCase(DefaultUserTestCase):
     def test_add_project(self):
diff --git a/server/portfolio/tests/test_project_query.py b/server/portfolio/tests/test_project_query.py
index b26e19d0..9c66de0c 100644
--- a/server/portfolio/tests/test_project_query.py
+++ b/server/portfolio/tests/test_project_query.py
@@ -117,12 +117,12 @@ class ProjectQueryTestCase(SkillboxTestCase):
         # non-owner can't access project
         self._test_direct_project_access(self.student2, False)
 
-    def test_project_owner(self):
+    def test_project_owner_can_view(self):
         query = """
 query ProjectQuery($id: ID!) {
   project(id: $id) {
     id
-    owner {
+    student {
         email
     }
   }
@@ -131,4 +131,4 @@ query ProjectQuery($id: ID!) {
         result = self.get_client(self.student1).get_result(query, variables={
             'id': self.project1.graphql_id
         })
-        self.assertIsNotNone(result.errors)
+        self.assertEqual(result.data['project']['student']['email'], self.student1.email)