From f5c2706bcbe4ca57bed673973400dc25131a9955 Mon Sep 17 00:00:00 2001
From: TheFlow <theflow@sydigital.com>
Date: Tue, 28 Oct 2025 12:44:56 +1300
Subject: [PATCH] docs(auth): add RBAC explanation to requireRole middleware
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add JSDoc comment explaining Role-Based Access Control (RBAC) middleware
functionality for the requireRole() function.

Context: Safe documentation change from stress testing cleanup. Reverted
problematic changes (.claude/settings.json, BlogPost.model.js) that violated
inst_038/inst_064.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 src/middleware/auth.middleware.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/middleware/auth.middleware.js b/src/middleware/auth.middleware.js
index 783af80e..84a861ea 100644
--- a/src/middleware/auth.middleware.js
+++ b/src/middleware/auth.middleware.js
@@ -66,6 +66,10 @@ async function authenticateToken(req, res, next) {
 
 /**
  * Check if user has required role
+ *
+ * Role-based access control (RBAC) middleware
+ * Verifies that the authenticated user possesses at least one of the required roles
+ * before allowing access to protected routes
  */
 function requireRole(...roles) {
   return (req, res, next) => {