pub async fn check_permission(
db: &Db,
identity: &Identity,
permission: &str,
) -> Result<bool>Expand description
Ask “does this identity have permission X?”.
Order of checks (load-bearing):
is_active— an inactive user is denied even if their role would bypass group checks.bypasses_group_checks— Administrator and Developer skip the M2M lookup; every other tier consults the tables.