Right now it relies on resource objects being present in the context. You should be able to call the auth function with the same parameters as the action (ie just the resource view id). This is not an issue in core but it can be problematic when extending auth from extensions.