Only fetch user's OWN content from headless/decoupled drupal 8 json-api via simple oauth module

Question

After successfully configuring drupal 8 with json-api and "simple oauth module" as a headless instance for my react project, I am currently facing an issue regarding ONLY FETCHING A USER's OWN PUBLISHED CONTENT. Of course there are filter options like http://.../jsonapi/node/node?filter[uid.name][value]=userXYZ (https://www.drupal.org/docs/8/modules/jsonapi/filtering), but as the word "filter" indicates ... it is a filter ... not a restriction of access to other users.

PATCH request: The permission setting "editing only OWN published content" in drupal works fine as the PATCH request in the react project sends a Header with authorization data. In other words: in the react instance a logged in user can only edit his/her own published content. THAT WORKS.

GET request1: with the user permission setting in drupal that allows "view published content" for the oauth role for fetching data via GET request ---> all data from http://.../jsonapi/node/node is returned unless I add a filter (and a filter as url parameter based on username or userid is what I am trying to avoid).

GET request2: with the user permission setting in drupal that allows "view OWN published content" for the oauth role for fetching data via GET request ... returns no data.

Answer 1

I think what you may be looking for can be solved using the following module:

https://www.drupal.org/project/node_view_permissions

By default, JSON:API adheres to the native permissions in Drupal so using this module should allow you to simply log the user in and retrieve node without having to use filters.