This issue has been addressed in the commit: feat: implement role-based access control middleware and update routes

The implementation includes:
- Middleware `requireRole` to check user roles
- Updated API routes to use the middleware where necessary
- Consistent enforcement of roles and permissions as documented in `docs/roles-and-permissions.md`

The changes have been committed and pushed to the main branch.