Add editing for published statuses (mastodon#17320)

Author: Gargron

app/controllers/api/v1/media_controller.rb

@@ -20,7 +20,7 @@ def show
   end
 
   def update
-    @media_attachment.update!(media_attachment_params)
+    @media_attachment.update!(updateable_media_attachment_params)
     render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
   end
 
@@ -42,6 +42,10 @@ def media_attachment_params
     params.permit(:file, :thumbnail, :description, :focus)
   end
 
+  def updateable_media_attachment_params
+    params.permit(:thumbnail, :description, :focus)
+  end
+
   def file_type_error
     { error: 'File type of uploaded media could not be verified' }
   end

app/controllers/api/v1/statuses_controller.rb

@@ -3,8 +3,8 @@
 class Api::V1::StatusesController < Api::BaseController
   include Authorization
 
-  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
-  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :destroy]
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
+  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :update, :destroy]
   before_action :require_user!, except:      [:index, :show, :context, :updated]
   before_action :set_statuses, only:         [:index]
   before_action :set_updated_statuses, only: [:updated]
@@ -83,11 +83,27 @@ def create
                                          status_reference_urls: status_params[:status_reference_urls] || [],
                                          searchability: status_params[:searchability]
     )
-                                         
 
     render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
   end
 
+  def update
+    @status = Status.where(account: current_account).find(params[:id])
+    authorize @status, :update?
+
+    UpdateStatusService.new.call(
+      @status,
+      current_account.id,
+      text: status_params[:status],
+      media_ids: status_params[:media_ids],
+      sensitive: status_params[:sensitive],
+      spoiler_text: status_params[:spoiler_text],
+      poll: status_params[:poll]
+    )
+
+    render json: @status, serializer: REST::StatusSerializer
+  end
+
   def destroy
     @status = Status.include_expired.where(account_id: current_account.id).find(status_params[:id])
     authorize @status, :destroy?