and then the client would make a single checkPermission request for that permission