Mining permissions are per-address, not per-node. When we talk about nodes with mining permission, this is a shortcut for: mean nodes that have the private key of an address which has mining permissions. The entire mining diversity consensus scheme is based on mining addresses, independent of how these are distributed between different nodes. But in common practice, each node participating in the consensus process will have one address with mining permissions, to ensure that the consensus is genuinely between nodes.
If mining-diversity=1.0 then the round-robin scheme is completely strict, i.e. every address with mining permissions has to take its turn before the first can mine another block. This is not recommended for production but it is the most secure against fraud, not the least.
All nodes in a network verify blocks, for (a) their internal validity, (b) no conflicts with earlier blocks, (c) mine permissions including applying the mining diversity rules.