Right now any user can be endorsed for any category that is accepting endorsements. This was nice because it didn’t require an extra call to the server, but of course cannot stand. This adds a new route that return categories that are accepting endorsements and both the logged in user, and endorsee have access to the category.
Could you use
requires_login only: ... here and
current_user instead of
I could do the first part, but the
@user is not the current user, its the user to be endorsed.