Currently json-api-resources doesn't come with built-in primitives for authorization. However multiple users of the framework have come up with different approaches, check out:
Refer to the comments/discussion here for the differences between approaches