I am developing a vue frontend for a drupal powered website.
I choosed JSON:API because it works out of the box. Thanks for that.
But now I am near that point were I want to reenable the permission checks to limit users of certain roles / permissions to only perform actions they are allowed to.
We did forward the user permissions array (with all the text permissions, like 'can edit node X', 'can edit own node X' etc.), but this is very limited in beeing useful. For example if the right 'can edit own node' is in that array but the user sees a list of node X items, were only a few are from him, I don't want to let him edit all and only on 'save' he gets the permission denied error.
Therefore my question, to Drupal community members, who faced that problem also:
- are there things in core, which will help me with that, which I may have not discovered yet?
- are there any vue libraries, which will forward Drupals permissions along with entities in question, which can be used?
- are there any other solution to that problem, which I may cannot think of?
I know it's not really a Drupal core question, but as far as I know there is no dedicated Drupal Discord, were I could ask this and get a faster response.
---
My current thought process would be, that I can fire a REST request to Drupal along with zero, one or more entity in question and an endpoint will tell me for each or given combination if that right is granted or not. I do understand, that this is far from secure, because it will travel over the wire, but all I want to do is hide or show buttons for user roles, IF the action is available. If the user will somehow be able to give themself a true, were a false was reported, he'll later on save get the correct response anyways.