When authorising update requests from the client, the authoriser requires access to what the client has sent (i.e. what the client is attempting to change). E.g. when authorising an update of a resource, the authorisation might be dependent on which resource attributes are being changed, as per this issue:
cloudcreativity/laravel-json-api#14

Two modifications are required to the AuthorizerInterface:

1. canUpdate needs to receive a ResourceInterface object as its second parameter.
2. canModifyRelationship needs to receive a RelationshipInterface object as its third parameter.

This is a breaking change so will have to be in v0.6

Closing as this is available via Componser on the v0.6.x-dev release