How to limit the search API to only those with which user have a relations?

how to limit the API so that the user cannot see something that is not in the relations?

I have created “projects” and how to limit the capabilities of the “find” API (/api/projects) to only those with which you have a relations?

I know there is an option to use “populate=*” but that is not the point. I would like that after using “/api/projects” the projects that are attached to the user are displayed…

Is this a possibility?