Check if user has role (checks both token and authorization service)
bool hasRole(String role) => tokenRoles.contains(role) || authorization.hasRole(role);
