Feature/rbac auth

[jeba57]

Fixes #457

Description

This PR introduces role-based access control (RBAC) to the existing authentication system.

Previously, any logged-in user (ADMIN or STAFF) could access important actions like creating data.

Now, we have added a role check:

• ADMIN → allowed to perform the action
• STAFF → access is blocked

This ensures that only ADMIN users can perform sensitive operations.

---

Steps to Test

1. Login using valid credentials to obtain JWT token

2. Use the token in Postman (Authorization → Bearer Token)

3. Test protected endpoint:

   POST /api/client/create

4. Test with different roles:

   • Admin → Request succeeds
   • Staff → Access denied

---

Screenshots (if applicable)

• Admin access (success response)

• Staff access (access denied response)

---

Scope Note

This PR focuses on implementing role-based authorization (RBAC) using the existing authentication system.

User registration, login, and logout functionalities are already present in the project. Enhancements to those can be handled in a separate PR if needed.

---

Checklist

✔ I have tested these changes
✘ I have updated the relevant documentation (not done – this PR focuses on RBAC only)
✔ I have commented my code, particularly in hard-to-understand areas
✔ I have made corresponding changes to the codebase
✔ My changes generate no new warnings or errors
✔ The title of my pull request is clear and descriptive

[jeba57]

Hi, I have implemented RBAC so that admin users can access protected routes while staff users are restricted. Kindly review the changes. Thank you!