It should also return true when the role does not have permissions but the user has direct permissions