19 lines
No EOL
982 B
Markdown
19 lines
No EOL
982 B
Markdown
# Issue #12: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
|
|
|
|
## Description
|
|
Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles can perform actions such as opening disputes, changing dispute status, and making final decisions.
|
|
|
|
## Acceptance Criteria
|
|
- [x] Middleware `requireRole` is implemented and tested
|
|
- [x] Dispute endpoints are protected by appropriate role checks
|
|
- [x] Integration tests verify role-based access control
|
|
- [x] Documentation of roles and permissions is updated
|
|
|
|
## Related Files
|
|
- `backend/src/middleware/requireRole.js`
|
|
- `backend/src/middleware/requireRole.test.js`
|
|
- `backend/src/dispute-flow/...` (to be implemented)
|
|
- `docs/roles-and-permissions.md`
|
|
|
|
## Notes
|
|
This issue builds upon the existing role-based access control implementation and focuses specifically on dispute-related functionality. The middleware should be used to protect endpoints in the dispute flow. |