Given a list of internal API endpoints and their required permission scopes, write a function to determine if a specific user token has access.