The only way to know the user’s roles immediately would be to check against the management API. This could cause some issues with rate limits if you are expecting to do this a lot.
The recommended way to handle this type of requirement would be to use short lived tokens. You could make a token lifetime very short (5 minutes for example), which would mean that the user’s current permissions are within 5 minutes of the changes.