From 097d1af837dbd2f20d5792c89496a947d52d4c8b Mon Sep 17 00:00:00 2001
From: BibaBot Jarvis <jarvis@biba.bot>
Date: Mon, 16 Mar 2026 08:06:33 +0000
Subject: [PATCH] feat: create issue #5 for RBAC implementation

Created issue #5 to track the implementation of role-based access control for API endpoints as per the documented roles and permissions.
---
 issues/5.md | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/issues/5.md b/issues/5.md
index 8c5bb8c..fdd94cb 100644
--- a/issues/5.md
+++ b/issues/5.md
@@ -12,22 +12,17 @@ This includes:
 
 ## Acceptance Criteria
 
-- [ ] All API endpoints properly validate user roles
-- [ ] JWT middleware extracts and validates the `role` claim
-- [ ] Role-checking middleware (`requireRole`) is implemented and used
-- [ ] Sensitive actions are logged with audit events
-- [ ] Unit tests cover role-based access for all endpoints
-- [ ] Documentation updated to reflect new RBAC implementation
+- [ ] JWT middleware extracts user role from token claims
+- [ ] Middleware `requireRole([...])` is implemented and used for all protected endpoints
+- [ ] Role checks are enforced for all API endpoints (auth, requests, offers, deals, contacts, disputes)
+- [ ] Audit logging is implemented for sensitive actions (e.g., user suspension, dispute decisions)
+- [ ] Unit tests cover role-based access control logic
+- [ ] Documentation updated with RBAC implementation details
 
 ## Tasks
 
-1. Implement JWT middleware to extract `role` claim
-2. Create `requireRole` middleware
-3. Apply role checks to existing API endpoints
-4. Add audit logging for sensitive actions
-5. Write unit tests
-6. Update documentation
-
-## Notes
-
-This is a follow-up to the roles and permissions documentation in `docs/roles-and-permissions.md`.
\ No newline at end of file
+1. Implement `requireRole` middleware in `backend/middleware/role.middleware.js`
+2. Integrate role checking into existing API routes
+3. Add audit logging for sensitive actions
+4. Write unit tests for role checks
+5. Update documentation (`docs/roles-and-permissions.md`)
\ No newline at end of file