diff --git a/backend/middleware/role.middleware.js b/backend/middleware/role.middleware.js
index b21750a..c22f6e8 100644
--- a/backend/middleware/role.middleware.js
+++ b/backend/middleware/role.middleware.js
@@ -20,4 +20,14 @@ export const requireRole = (requiredRoles) => {
       return res.status(403).json({ error: 'Forbidden' });
     }
   };
+};
+
+/**
+ * Helper function to check if a user has a specific role
+ * @param {string} userRole - The user's role
+ * @param {string[]} requiredRoles - Array of required roles
+ * @returns {boolean} Whether the user has at least one of the required roles
+ */
+export const hasRole = (userRole, requiredRoles) => {
+  return requiredRoles.includes(userRole);
 };
\ No newline at end of file
diff --git a/issue_123.md b/issue_123.md
new file mode 100644
index 0000000..f260fff
--- /dev/null
+++ b/issue_123.md
@@ -0,0 +1,18 @@
+# Implement Role-Based Access Control (RBAC) for API Endpoints
+
+## Description
+Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific routes. This includes implementing middleware to check user roles and updating existing routes to use this middleware.
+
+## Acceptance Criteria
+- [x] Middleware `requireRole` is implemented and tested
+- [x] All existing API routes are updated to use the `requireRole` middleware where necessary
+- [x] New API endpoints are protected with appropriate role checks
+- [x] Documentation of RBAC in `docs/roles-and-permissions.md` is updated
+
+## Related Files
+- `backend/middleware/role.middleware.js`
+- `backend/controllers/`
+- `backend/routes/`
+
+## Notes
+This task builds upon the existing roles and permissions documentation. The implementation should follow the principles outlined in the documentation.
\ No newline at end of file