Disable PUT /profile/ modifying Points (HackIllinois#398)

* Can't edit points in UpdateProfile

* emphasize in the docs

* Revert the tests

* Put logic in the controller

* err != nil check

Author: lauzadis

documentation/docs/reference/services/Profile.md

@@ -128,6 +128,7 @@ PUT /profile/
 
 Updates the profile for the user with the `id` in the JWT token provided in the Authorization header.
 This returns the updated profile information.
+Note you can not edit the ``points`` field through this.
 
 Request format:
 ```

services/profile/controller/controller.go

@@ -134,6 +134,17 @@ func UpdateProfile(w http.ResponseWriter, r *http.Request) {
 	var profile models.Profile
 	json.NewDecoder(r.Body).Decode(&profile)
 
+	old_profile, err := service.GetProfile(profile_id)
+
+	if err != nil {
+		errors.WriteError(w, r, errors.DatabaseError(err.Error(), "Could not get profile associated with this profile id."))
+		return
+	}
+
+	if profile.Points != old_profile.Points {
+		profile.Points = old_profile.Points
+	}
+
 	err = service.UpdateProfile(profile_id, profile)
 
 	if err != nil {