diff --git a/functions/api/inactivity/[id].ts b/functions/api/inactivity/[id].ts
index ea46149..9d88ebd 100644
--- a/functions/api/inactivity/[id].ts
+++ b/functions/api/inactivity/[id].ts
@@ -1,19 +1,30 @@
+import validateInactivityNotice from "./validate.js";
+
+function jsonResponse(body: string, status = 200): Response {
+  return new Response(body, {
+    headers: {
+      "content-type": "application/json",
+    },
+    status,
+  });
+}
+
 export async function onRequestDelete(context: RequestContext) {
   const kvResult = await context.env.DATA.get(
     `inactivity_${context.params.id}`,
   );
 
+  if (!kvResult)
+    return jsonResponse('{"error":"No inactivity notice with that ID"}', 404);
+
   if (
-    !kvResult ||
-    (JSON.parse(kvResult).user.id !== context.data.current_user.id &&
-      !(context.data.current_user.permissions & (1 << 0)))
+    JSON.parse(kvResult).user.id !== context.data.current_user.id &&
+    !(context.data.current_user.permissions & (1 << 0))
   )
-    return new Response('{"error":"No inactivity notice with that ID"}', {
-      headers: {
-        "content-type": "application/json",
-      },
-      status: 404,
-    });
+    return jsonResponse(
+      '{"error":"You do not have permission to delete this inactivity notice"}',
+      403,
+    );
 
   await context.env.DATA.delete(`inactivity_${context.params.id}`);
   await context.env.D1.prepare("DELETE FROM inactivity_notices WHERE id = ?;")
@@ -24,3 +35,53 @@ export async function onRequestDelete(context: RequestContext) {
     status: 204,
   });
 }
+
+export async function onRequestPut(context: RequestContext) {
+  const kvResult: InactivityNoticeProps | null = await context.env.DATA.get(
+    `inactivity_${context.params.id}`,
+    { type: "json" },
+  );
+
+  if (!kvResult)
+    return jsonResponse('{"error":"No inactivity notice with that ID"}', 404);
+
+  if (kvResult.user.id !== context.data.current_user.id)
+    return jsonResponse(
+      '{"error":"You do not have permission to modify this inactivity notice"}',
+      403,
+    );
+
+  const d1entry = await context.env.D1.prepare(
+    "SELECT open FROM inactivity_notices WHERE id = ?;",
+  )
+    .bind(context.params.id)
+    .run();
+
+  if (!Boolean(d1entry.results.at(0)?.open))
+    return jsonResponse("Cannot modify a closed inactivity notice", 403);
+
+  const { departments, end, reason, start } = context.data.body;
+
+  const validationFailureResponse = validateInactivityNotice(
+    departments,
+    end,
+    reason,
+    start,
+    context.data.departments,
+  );
+
+  if (validationFailureResponse) return validationFailureResponse;
+
+  kvResult.departments = departments;
+  kvResult.end = end;
+  kvResult.reason = reason;
+  kvResult.start = start;
+
+  await context.env.DATA.put(
+    `inactivity_${context.params.id}`,
+    JSON.stringify(kvResult),
+    {
+      expirationTtl: 63072000,
+    },
+  );
+}