19 lines
1 KiB
Markdown
19 lines
1 KiB
Markdown
|
# Issue: Implement Role-Based Access Control (RBAC) for API Endpoints
|
||
|
|
|
||
|
|
## Description
|
||
|
|
Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific resources. This includes implementing middleware to check user roles and updating existing routes to use this middleware.
|
||
|
|
|
||
|
|
## Acceptance Criteria
|
||
|
|
- [x] Middleware `requireRole` is implemented and tested
|
||
|
|
- [x] All existing API routes are updated to use the `requireRole` middleware where necessary
|
||
|
|
- [x] The middleware correctly checks if the user has at least one of the required roles
|
||
|
|
- [x] Unauthorized access attempts return a 403 Forbidden status
|
||
|
|
- [x] The implementation is consistent with the documented roles and permissions
|
||
|
|
|
||
|
|
## Related Files
|
||
|
|
- `backend/middleware/role.middleware.js`
|
||
|
|
- `backend/controllers/`
|
||
|
|
- `backend/routes/`
|
||
|
|
|
||
|
|
## Notes
|
||
|
|
This task builds upon the existing role definitions in `docs/roles-and-permissions.md` and ensures that the backend enforces these permissions correctly.
|