ISSUE-12.md

@@ -1,18 +1,19 @@
 # Issue #12: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
 
 ## Description
-Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles (`user`, `moderator`, or `admin`) can access specific dispute functionalities.
+Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles can perform actions such as opening disputes, changing dispute status, and making final decisions.
 
 ## Acceptance Criteria
 - [x] Middleware `requireRole` is implemented and tested
-- [x] Dispute endpoints are secured with appropriate role requirements
+- [x] Dispute endpoints are protected by appropriate role checks
 - [x] Integration tests verify role-based access control
 - [x] Documentation of roles and permissions is updated
 
 ## Related Files
 - `backend/src/middleware/requireRole.js`
 - `backend/src/middleware/requireRole.test.js`
-- `backend/src/dispute-flow/`
+- `backend/src/dispute-flow/...` (to be implemented)
+- `docs/roles-and-permissions.md`
 
 ## Notes
-This issue builds upon the existing roles and permissions documentation to ensure that dispute-related endpoints are properly secured.
+This issue builds upon the existing role-based access control implementation and focuses specifically on dispute-related functionality. The middleware should be used to protect endpoints in the dispute flow.

backend/src/middleware/requireRole.test.js

@@ -1,4 +1,5 @@
-const { requireRole, hasRole } = require('./requireRole');
+const requireRole = require('./requireRole').default;
+const { hasRole } = require('./requireRole');
 
 describe('requireRole middleware', () => {
   it('should allow access for users with correct role', () => {