I guess I just wouldn't want to give the user an interface to modify a resource if they will fail the permission check on the API call.