can :read, User, [:first_name, :last_name]

can? :read, @user, :first_name

current_ability.permitted_attributes(:read, @user)
#=> [:first_name, :last_name]

current_ability.permitted_attributes(:read, @book).each do |attr|
  = form.input attr

params
  .require(:book)
  .permit(current_ability.permitted_attributes(:read, @book))