the idea would be to use the reflection API to determine which permissions to check, and then check them for the specific user