helpyourneighbour/ISSUE-12.md

# Issue #12: Implement Role-Based Access Control (RBAC) for Dispute Endpoints

## Description
Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles (`user`, `moderator`, or `admin`) can access specific dispute functionalities.

## Acceptance Criteria
- [x] Dispute creation endpoint is accessible only to `user` role
- [x] Dispute status change endpoint is accessible only to `moderator` and `admin` roles
- [x] Dispute final decision endpoint is accessible only to `admin` role
- [x] Integration tests are added to verify the role-based access control
- [x] Documentation is updated to reflect the new RBAC implementation

## Related Files
- `backend/src/routes/disputes.js`
- `backend/src/middleware/requireRole.js`
- `backend/src/controllers/dispute.controller.js`

## Notes
This issue builds upon the existing roles and permissions defined in `docs/roles-and-permissions.md`.