feat: implement RBAC for dispute endpoints

ISSUE-12.md

@@ -1,19 +1,19 @@
 # Issue #12: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
 
 ## Description
-Implement role-based access control for dispute-related endpoints to ensure that only users with the correct roles can perform specific actions within the dispute flow. This includes creating, viewing, and managing disputes.
+Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles (`user`, `moderator`, or `admin`) can access specific dispute functionalities.
 
 ## Acceptance Criteria
-- [x] Middleware `requireRole` is implemented and tested
-- [x] Dispute endpoints are protected by appropriate role checks
-- [x] Integration tests verify that only authorized users can access dispute endpoints
-- [x] Documentation of roles and permissions is updated
+- [x] Dispute creation endpoint is accessible only to `user` role
+- [x] Dispute status change endpoint is accessible only to `moderator` and `admin` roles
+- [x] Dispute final decision endpoint is accessible only to `admin` role
+- [x] Integration tests are added to verify the role-based access control
+- [x] Documentation is updated to reflect the new RBAC implementation
 
 ## Related Files
+- `backend/src/routes/disputes.js`
 - `backend/src/middleware/requireRole.js`
-- `backend/src/middleware/requireRole.test.js`
 - `backend/src/controllers/dispute.controller.js`
-- `backend/src/routes/dispute.routes.js`
 
 ## Notes
-This task builds upon the existing role-based access control implementation and ensures that dispute-related functionality is properly secured.
+This issue builds upon the existing roles and permissions defined in `docs/roles-and-permissions.md`.