If we are using two separate identities (good idea!) we should allow to define the RoleClaimType in both identities, the original one and the volvoreta one.
This way we can slightly simplify the query for HasPermissions because we can do this query over the VolvoretaRoles, that include the roles for the source identity that match role, subject and mappings.
If we are using two separate identities (good idea!) we should allow to define the RoleClaimType in both identities, the original one and the volvoreta one.
This way we can slightly simplify the query for HasPermissions because we can do this query over the VolvoretaRoles, that include the roles for the source identity that match role, subject and mappings.