* Modifies ``create_role_auth_claim_for_user`` to return a list of *unique* (role:context) entries, so that the JWT does not become too large to fit in cookies/headers.
1.4.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Add a ``UserRoleAssignment.applies_to_all`` field, because explicit is better than implicit. See the ADR at `docs/decisions/0002-explicit-role-assignment-wildcard.rst`.
* ``PermissionRequiredForListingMixin.get_queryset()`` should allow falsey ``base_queryset`` properties, like an empty ``QuerySet`` object. Adds tests to verify that this is the case.