feat: enhance role middleware with hasRole helper function

backend/middleware/role.middleware.js

@@ -20,4 +20,14 @@ export const requireRole = (requiredRoles) => {
       return res.status(403).json({ error: 'Forbidden' });
     }
   };
+};
+
+/**
+ * Helper function to check if a user has a specific role
+ * @param {string} userRole - The user's role
+ * @param {string[]} requiredRoles - Array of required roles
+ * @returns {boolean} Whether the user has at least one of the required roles
+ */
+export const hasRole = (userRole, requiredRoles) => {
+  return requiredRoles.includes(userRole);
 };

issue_123.md

@@ -0,0 +1,18 @@
+# Implement Role-Based Access Control (RBAC) for API Endpoints
+
+## Description
+Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific routes. This includes implementing middleware to check user roles and updating existing routes to use this middleware.
+
+## Acceptance Criteria
+- [x] Middleware `requireRole` is implemented and tested
+- [x] All existing API routes are updated to use the `requireRole` middleware where necessary
+- [x] New API endpoints are protected with appropriate role checks
+- [x] Documentation of RBAC in `docs/roles-and-permissions.md` is updated
+
+## Related Files
+- `backend/middleware/role.middleware.js`
+- `backend/controllers/`
+- `backend/routes/`
+
+## Notes
+This task builds upon the existing roles and permissions documentation. The implementation should follow the principles outlined in the documentation.