fix(authorization): update the error thrown by can function

The Operation not permitted thrown error uses entity from the time we had entities. Now it caries the input of the mutation(an object) that JS tries to convert to string and results an [object object].For debugging purposes it's more relevant to output the verb and the userId for which the operation is not permitted.