feat: create issue #5 for RBAC implementation

Created issue #5 to track the implementation of role-based access control for API endpoints as per the documented roles and permissions.

issues/5.md

@@ -12,22 +12,17 @@ This includes:
 
 ## Acceptance Criteria
 
-- [ ] All API endpoints properly validate user roles
-- [ ] JWT middleware extracts and validates the `role` claim
-- [ ] Role-checking middleware (`requireRole`) is implemented and used
-- [ ] Sensitive actions are logged with audit events
-- [ ] Unit tests cover role-based access for all endpoints
-- [ ] Documentation updated to reflect new RBAC implementation
+- [ ] JWT middleware extracts user role from token claims
+- [ ] Middleware `requireRole([...])` is implemented and used for all protected endpoints
+- [ ] Role checks are enforced for all API endpoints (auth, requests, offers, deals, contacts, disputes)
+- [ ] Audit logging is implemented for sensitive actions (e.g., user suspension, dispute decisions)
+- [ ] Unit tests cover role-based access control logic
+- [ ] Documentation updated with RBAC implementation details
 
 ## Tasks
 
-1. Implement JWT middleware to extract `role` claim
-2. Create `requireRole` middleware
-3. Apply role checks to existing API endpoints
-4. Add audit logging for sensitive actions
-5. Write unit tests
-6. Update documentation
-
-## Notes
-
-This is a follow-up to the roles and permissions documentation in `docs/roles-and-permissions.md`.
+1. Implement `requireRole` middleware in `backend/middleware/role.middleware.js`
+2. Integrate role checking into existing API routes
+3. Add audit logging for sensitive actions
+4. Write unit tests for role checks
+5. Update documentation (`docs/roles-and-permissions.md`)