3 files changed, 43 insertions, 18 deletions

diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb
index a2a919a3e..72094790f 100644
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@@ -20,7 +20,7 @@ class Api::V1::MediaController < Api::BaseController
   end
 
   def update
-    @media_attachment.update!(media_attachment_params)
+    @media_attachment.update!(updateable_media_attachment_params)
     render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
   end
 
@@ -42,6 +42,10 @@ class Api::V1::MediaController < Api::BaseController
     params.permit(:file, :thumbnail, :description, :focus)
   end
 
+  def updateable_media_attachment_params
+    params.permit(:thumbnail, :description, :focus)
+  end
+
   def file_type_error
     { error: 'File type of uploaded media could not be verified' }
   end
diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb
index e10083d45..052d70cc8 100644
--- a/app/controllers/api/v1/reports_controller.rb
+++ b/app/controllers/api/v1/reports_controller.rb
@@ -33,6 +33,6 @@ class Api::V1::ReportsController < Api::BaseController
   end
 
   def report_params
-    params.permit(:account_id, :comment, :forward, status_ids: [])
+    params.permit(:account_id, :comment, :category, :forward, status_ids: [], rule_ids: [])
   end
 end
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index b1390ae48..c928a24de 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -3,8 +3,8 @@
 class Api::V1::StatusesController < Api::BaseController
   include Authorization
 
-  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
-  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :destroy]
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
+  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :update, :destroy]
   before_action :require_user!, except:  [:show, :context]
   before_action :set_status, only:       [:show, :context]
   before_action :set_thread, only:       [:create]
@@ -35,25 +35,45 @@ class Api::V1::StatusesController < Api::BaseController
   end
 
   def create
-    @status = PostStatusService.new.call(current_user.account,
-                                         text: status_params[:status],
-                                         thread: @thread,
-                                         media_ids: status_params[:media_ids],
-                                         sensitive: status_params[:sensitive],
-                                         spoiler_text: status_params[:spoiler_text],
-                                         visibility: status_params[:visibility],
-                                         scheduled_at: status_params[:scheduled_at],
-                                         application: doorkeeper_token.application,
-                                         poll: status_params[:poll],
-                                         content_type: status_params[:content_type],
-                                         idempotency: request.headers['Idempotency-Key'],
-                                         with_rate_limit: true)
+    @status = PostStatusService.new.call(
+      current_user.account,
+      text: status_params[:status],
+      thread: @thread,
+      media_ids: status_params[:media_ids],
+      sensitive: status_params[:sensitive],
+      spoiler_text: status_params[:spoiler_text],
+      visibility: status_params[:visibility],
+      language: status_params[:language],
+      scheduled_at: status_params[:scheduled_at],
+      application: doorkeeper_token.application,
+      poll: status_params[:poll],
+      content_type: status_params[:content_type],
+      idempotency: request.headers['Idempotency-Key'],
+      with_rate_limit: true
+    )
 
     render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
   end
 
+  def update
+    @status = Status.where(account: current_account).find(params[:id])
+    authorize @status, :update?
+
+    UpdateStatusService.new.call(
+      @status,
+      current_account.id,
+      text: status_params[:status],
+      media_ids: status_params[:media_ids],
+      sensitive: status_params[:sensitive],
+      spoiler_text: status_params[:spoiler_text],
+      poll: status_params[:poll]
+    )
+
+    render json: @status, serializer: REST::StatusSerializer
+  end
+
   def destroy
-    @status = Status.where(account_id: current_user.account).find(params[:id])
+    @status = Status.where(account: current_account).find(params[:id])
     authorize @status, :destroy?
 
     @status.discard
@@ -85,6 +105,7 @@ class Api::V1::StatusesController < Api::BaseController
       :sensitive,
       :spoiler_text,
       :visibility,
+      :language,
       :scheduled_at,
       :content_type,
       media_ids: [],