diff --git a/app/controllers/hourly_rates_controller.rb b/app/controllers/hourly_rates_controller.rb
index 8613d2a926..765590dc65 100644
--- a/app/controllers/hourly_rates_controller.rb
+++ b/app/controllers/hourly_rates_controller.rb
@@ -7,13 +7,13 @@ class HourlyRatesController < ApplicationController
   helper :hourly_rates
   include HourlyRatesHelper
 
-  before_filter :find_user, :only => [:show, :edit, :set_rate]
+  before_filter :find_user, :only => [:show, :edit, :update, :set_rate]
 
-  before_filter :find_optional_project, :only => [:show, :edit]
+  before_filter :find_optional_project, :only => [:show, :edit, :update]
   before_filter :find_project, :only => [:set_rate]
 
   # #show, #edit have their own authorization
-  before_filter :authorize, :except => [:show, :edit]
+  before_filter :authorize, :except => [:show, :edit, :update]
 
   # TODO: this should be an index
   def show
@@ -82,17 +82,15 @@ class HourlyRatesController < ApplicationController
       return deny_access unless User.current.admin?
     end
 
-    if request.post?
-      if params[:user].is_a?(Hash)
-        new_attributes = params[:user][:new_rate_attributes]
-        existing_attributes = params[:user][:existing_rate_attributes]
-      end
-
-      @user.add_rates(@project, new_attributes)
-      @user.set_existing_rates(@project, existing_attributes)
+    if params[:user].is_a?(Hash)
+      new_attributes = params[:user][:new_rate_attributes]
+      existing_attributes = params[:user][:existing_rate_attributes]
     end
 
-    if request.post? && @user.save
+    @user.add_rates(@project, new_attributes)
+    @user.set_existing_rates(@project, existing_attributes)
+
+    if @user.save
       flash[:notice] = l(:notice_successful_update)
       if @project.nil?
         redirect_back_or_default(:action => 'show', :id => @user)
diff --git a/lib/open_project/costs/engine.rb b/lib/open_project/costs/engine.rb
index 26638f6c3c..baa1c8fbd9 100644
--- a/lib/open_project/costs/engine.rb
+++ b/lib/open_project/costs/engine.rb
@@ -98,9 +98,9 @@ module OpenProject::Costs
             permission :view_own_hourly_rate, {}
             permission :view_hourly_rates, {}
 
-            permission :edit_own_hourly_rate, {:hourly_rates => [:set_rate, :edit]},
+            permission :edit_own_hourly_rate, {:hourly_rates => [:set_rate, :edit, :update]},
                                               :require => :member
-            permission :edit_hourly_rates, {:hourly_rates => [:set_rate, :edit]},
+            permission :edit_hourly_rates, {:hourly_rates => [:set_rate, :edit, :update]},
                                            :require => :member
             permission :view_cost_rates, {} # cost item values