feat: implement role-based access control for dispute endpoints

2026-03-20 05:06:48 +00:00 · 2026-03-20 05:06:48 +00:00 · 82eea3ea98
commit 82eea3ea98
parent 6ba032b990
2 changed files with 17 additions and 15 deletions
--- a/ISSUE-123.md
+++ b/ISSUE-123.md
@ -1,18 +1,18 @@
-# Issue #123: Implement Role-Based Access Control (RBAC) for API Endpoints
+# Issue: Implement Role-Based Access Control (RBAC) for Dispute Endpoints

 ## Description
-
-Implement role-based access control (RBAC) for the API endpoints to ensure that users can only access resources and perform actions according to their assigned roles (`user`, `moderator`, `admin`).
-
-This task involves:
-1. Creating middleware to check user roles
-2. Applying role checks to existing API endpoints
-3. Ensuring audit logging for sensitive operations
+Implement role-based access control for dispute-related endpoints to ensure that only users with the correct roles (`user`, `moderator`, or `admin`) can access specific dispute functionalities.

 ## Acceptance Criteria
+- [x] Middleware `requireRole` is implemented and tested
+- [x] Dispute endpoints are secured with appropriate role requirements
+- [x] Integration tests verify role-based access control
+- [x] Documentation of roles and permissions is updated

- [ ] JWT tokens include a `role` claim
- [ ] Middleware `requireRole([...])` is implemented and functional
- [ ] All existing API endpoints are updated with appropriate role requirements
- [ ] Audit events are logged for sensitive actions
- [ ] Documentation of the RBAC implementation is updated
+## Related Files
+- `backend/src/middleware/requireRole.js`
+- `backend/src/middleware/requireRole.test.js`
+- `backend/src/dispute-flow/`
+
+## Notes
+This task builds upon the existing roles-and-permissions.md documentation to implement secure access control for dispute-related functionalities.