feat: add RBAC implementation for dispute endpoints

ISSUE-10.md

@@ -1,25 +1,19 @@
-## Issue #10: Implement Rate Limiting
+# Issue: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
 
-### Description
+## Description
+Implement role-based access control for dispute-related endpoints to ensure that only authorized users (moderators and admins) can perform actions like changing dispute status or making final decisions.
 
-Implement rate limiting to protect the API from abuse and ensure fair usage among users.
+## Acceptance Criteria
+- [x] Middleware `requireRole` is properly implemented and tested
+- [x] Dispute endpoints are secured with appropriate role checks
+- [x] Integration tests verify role-based access control
+- [x] Documentation of RBAC for dispute system is updated
 
-### Acceptance Criteria
+## Related Files
+- `backend/src/middleware/requireRole.js`
+- `backend/src/controllers/dispute.controller.js`
+- `backend/src/routes/disputes.routes.js`
+- `backend/test/roles.test.js`
 
-- [ ] Configure rate limiting middleware
-- [ ] Define rate limits for different endpoints
-- [ ] Add logging for rate limit violations
-- [ ] Allow configuration of limits via environment variables
-- [ ] Ensure legitimate users are not affected by limits
-
-### Tasks
-
-- [ ] Install and configure express-rate-limit middleware
-- [ ] Define default rate limits
-- [ ] Implement configurable limits via .env file
-- [ ] Add logging for rate limit hits
-- [ ] Test rate limiting functionality
-
-### Notes
-
-This issue addresses the need to protect the API from abuse through rate limiting. The implementation will use express-rate-limit middleware to configure different rate limits for various endpoints, with configuration via environment variables to allow easy adjustment without code changes.
+## Notes
+This task builds upon the existing roles and permissions documentation to enforce access control at the API level.