DRY & KISS Principles

How does this implementation of permission checks violate the KISS principle?
function checkPermission(user, action, resource) {
  if (!user || !user.roles) return false;

  const roleHierarchy = {
    admin: ['manager', 'editor', 'user'],
    manager: ['editor', 'user'],
    editor: ['user'],
    user: []
  };

  const permissionMatrix = {
    user: {
      read: ['post', 'comment'],
      write: ['comment']
    },
    editor: {
      read: ['post', 'comment', 'draft'],
      write: ['post', 'comment']
    },
    manager: {
      read: ['post', 'comment', 'draft', 'user'],
      write: ['post', 'comment', 'draft'],
      delete: ['post', 'comment']
    },
    admin: {
      read: ['*'],
      write: ['*'],
      delete: ['*']
    }
  };

  return user.roles.some(role => {
    const roles = [role, ...roleHierarchy[role]];
    return roles.some(r => {
      const permissions = permissionMatrix[r];
      if (!permissions) return false;
      
      const allowedResources = permissions[action];
      if (!allowedResources) return false;
      
      return allowedResources.includes('*') || 
             allowedResources.includes(resource);
    });
  });
}
Next Question (19/20)