diff --git a/app/controllers/v1/learning_objects/attachment_controller.rb b/app/controllers/v1/learning_objects/attachment_controller.rb
index 21c7b39256f101f86b2e02c25a5ffb2be290463e..b75dd85bfd4956688d2d876ae292389d5c3ce0c3 100644
--- a/app/controllers/v1/learning_objects/attachment_controller.rb
+++ b/app/controllers/v1/learning_objects/attachment_controller.rb
@@ -19,7 +19,9 @@
 
 class V1::LearningObjects::AttachmentController < ApplicationController
   before_action :set_objects
-  before_action :authorize!
+  before_action :authenticate_user!, only: :update
+  before_action :authorize!, only: :destroy
+  before_action :authorize_update_attachment!, only: :update
 
   # DELETE /learning_objects/:learning_object_id/attachments/:id
   def destroy
@@ -30,6 +32,16 @@ class V1::LearningObjects::AttachmentController < ApplicationController
 
     render status: :ok
   end
+  
+  # PUT /learning_objects/:learning_object_id/attachments/:id
+  def update
+    return render status: :not_found if @learning_object.nil? || @attachment.nil?
+    if @attachment.update(infohash: infohash_params[:infohash])
+      render status: :ok
+    else
+      render status: :unprocessable_entity
+    end
+  end
 
   private
 
@@ -37,6 +49,10 @@ class V1::LearningObjects::AttachmentController < ApplicationController
     params.permit(:learning_object_id, :id)
   end
 
+  def infohash_params
+    params.permit(:infohash)
+  end
+
   def set_objects
     @learning_object = LearningObject.find(attachment_params[:learning_object_id])
     @attachment = LearningObject::Attachment.find(attachment_params[:id])
@@ -47,4 +63,11 @@ class V1::LearningObjects::AttachmentController < ApplicationController
 
     authorize(@learning_object, :destroy?)
   end
+
+  def authorize_update_attachment!
+    return render status: :unauthorized unless @learning_object.attachments.include? @attachment
+
+    authorize(@learning_object, :add_infohash?)
+  end
+
 end
diff --git a/app/policies/learning_object_policy.rb b/app/policies/learning_object_policy.rb
index ff55dfcec746a90f337062a1fd627bb5c1c15103..1b06e4dd5b188748a706c480fc2475fa9308870b 100644
--- a/app/policies/learning_object_policy.rb
+++ b/app/policies/learning_object_policy.rb
@@ -61,6 +61,10 @@ class LearningObjectPolicy < ApplicationPolicy
     record if owns?
   end
 
+  def add_infohash?
+    record if user.is_admin?
+  end
+
   def show?
     return record if record.published? || ( !user.nil? && user_can_edit? )
     return record if user == record.publisher