From 1d315c081143a6f7343ff9b303074236fb108d2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veronika=20Feh=C3=A9rv=C3=ADziov=C3=A1?=
 <128744051+VeronikaFeherviziova@users.noreply.github.com>
Date: Sat, 1 Nov 2025 16:25:53 +0100
Subject: [PATCH] feat: add API for getting internship status history on
 backend

---
 .../InternshipStatusController.php            | 24 +++++++++++++++++++
 backend/routes/api.php                        |  2 ++
 2 files changed, 26 insertions(+)

diff --git a/backend/app/Http/Controllers/InternshipStatusController.php b/backend/app/Http/Controllers/InternshipStatusController.php
index 597c6bb..2c81c41 100644
--- a/backend/app/Http/Controllers/InternshipStatusController.php
+++ b/backend/app/Http/Controllers/InternshipStatusController.php
@@ -2,11 +2,35 @@
 
 namespace App\Http\Controllers;
 
+use App\Models\Internship;
 use App\Models\InternshipStatus;
+use App\Models\User;
 use Illuminate\Http\Request;
 
 class InternshipStatusController extends Controller
 {
+    public function get(int $id) {
+        $user = auth()->user();
+        $internship_statuses = InternshipStatus::whereInternshipId($id)->get()->makeHidden(['created_at', 'updated_at', 'id']);
+
+        if(!$internship_statuses) {
+            return response()->json([
+                'message' => 'No such internship exists.'
+            ], 400);
+        }
+
+        $internship = Internship::where($id);
+        if ($user->role !== 'ADMIN' && $internship->user_id !== $user->id) {
+            abort(403, 'Unauthorized');
+        }
+
+        $internship_statuses->each(function ($internship_status) {
+            $internship_status->modified_by = User::find($internship_status->modified_by)->makeHidden(['created_at', 'updated_at', 'email_verified_at']);
+        });
+
+        return response()->json($internship_statuses);
+    }
+
     /**
      * Display a listing of the resource.
      */
diff --git a/backend/routes/api.php b/backend/routes/api.php
index d1a3354..fd1e876 100644
--- a/backend/routes/api.php
+++ b/backend/routes/api.php
@@ -3,6 +3,7 @@
 use App\Http\Controllers\Auth\RegisteredUserController;
 use App\Http\Controllers\CompanyController;
 use App\Http\Controllers\InternshipController;
+use App\Http\Controllers\InternshipStatusController;
 use App\Models\Company;
 use App\Models\StudentData;
 use Illuminate\Http\Request;
@@ -31,6 +32,7 @@ Route::prefix('/internships')->group(function () {
     Route::middleware("auth:sanctum")->group(function () {
         Route::prefix('/{id}')->group(function () {
             Route::get("/", [InternshipController::class, 'get'])->name("api.internships.get");
+            Route::get("/statuses", [InternshipStatusController::class, 'get'])->name("api.internships.get");
             Route::post("/basic", [InternshipController::class, 'update_basic'])->name("api.internships.update.basic");
         });