From eb8a04db9afcf61a47f2a1c928c4acd2233f208d Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Thu, 22 Jun 2023 14:56:14 +0200
Subject: [PATCH] Change /api/v1/statuses/:id/history to always return at least
 one item (#25510)

---
 .../api/v1/statuses/histories_controller.rb       | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/app/controllers/api/v1/statuses/histories_controller.rb b/app/controllers/api/v1/statuses/histories_controller.rb
index e381ea2c67..7fe73a6f54 100644
--- a/app/controllers/api/v1/statuses/histories_controller.rb
+++ b/app/controllers/api/v1/statuses/histories_controller.rb
@@ -1,16 +1,21 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::HistoriesController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::HistoriesController < Api::BaseController
+  include Authorization
+
   before_action -> { authorize_if_got_token! :read, :'read:statuses' }
+  before_action :set_status
 
   def show
-    cache_if_unauthenticated!
-    render json: status_edits, each_serializer: REST::StatusEditSerializer
+    render json: @status.edits.includes(:account, status: [:account]), each_serializer: REST::StatusEditSerializer
   end
 
   private
 
-  def status_edits
-    @status.edits.ordered.includes(:account, status: [:account]).to_a.presence || [@status.build_snapshot(at_time: @status.edited_at || @status.created_at)]
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
   end
 end