update method for statuses

app/controllers/api/v1/statuses_controller.rb

@@ -3,10 +3,10 @@
 class Api::V1::StatusesController < Api::BaseController
   include Authorization
 
-  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
-  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :destroy]
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
+  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :update, :destroy]
   before_action :require_user!, except:  [:show, :context, :card]
-  before_action :set_status, only:       [:show, :context, :card]
+  before_action :set_status, only:       [:show, :context, :card, :update]
 
   respond_to :json
 
@@ -61,6 +61,21 @@ class Api::V1::StatusesController < Api::BaseController
     render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
   end
 
+  def update
+    authorize @status, :update?
+    
+    @status = EditStatusService.new.call(@status,
+                                         text: status_params[:status],
+                                         media_ids: status_params[:media_ids],
+                                         sensitive: status_params[:sensitive],
+                                         spoiler_text: status_params[:spoiler_text],
+                                         visibility: status_params[:visibility],
+                                         application: doorkeeper_token.application,
+                                         idempotency: request.headers['Idempotency-Key'])
+
+    render json: @status, serializer: REST::StatusSerializer
+  end
+
   def destroy
     @status = Status.where(account_id: current_user.account).find(params[:id])
     authorize @status, :destroy?