19 lines
934 B
Markdown
19 lines
934 B
Markdown
|
# Issue: Implement Role-Based Access Control (RBAC) for API Endpoints
|
||
|
|
|
||
|
|
## Description
|
||
|
|
Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific resources. This includes creating middleware to check user roles and applying it to relevant routes.
|
||
|
|
|
||
|
|
## Acceptance Criteria
|
||
|
|
- [x] Create a `requireRole` middleware function in `backend/middleware/role.middleware.js`
|
||
|
|
- [x] Apply the middleware to existing API endpoints that require specific roles
|
||
|
|
- [x] Add tests for the role-based access control functionality
|
||
|
|
- [x] Update documentation to reflect the new RBAC implementation
|
||
|
|
|
||
|
|
## Related Files
|
||
|
|
- `backend/middleware/role.middleware.js`
|
||
|
|
- `backend/controllers/...` (to be updated)
|
||
|
|
- `backend/routes/...` (to be updated)
|
||
|
|
- `test/roles.test.js`
|
||
|
|
|
||
|
|
## Notes
|
||
|
|
This task builds upon the existing roles and permissions documentation in `docs/roles-and-permissions.md`.
|