AccessControl.isAllowed = function (account, user, resource, action, context) {
    const acl = new AccessControl(account.acl);
    const permission = acl.permission({
        resource,
        action,