Assess ability to design and implement role-based access control (RBAC) in a web application using JSON Web Tokens (JWT) and middleware. Tasks include defining role and permission models, embedding and validating role claims in JWTs, creating middleware to authorize routes by role/permission, handling token expiration/refresh and secure storage/transmission, producing example pseudocode for a common framework, and reasoning about edge cases such as role hierarchy, permission changes, revocation, and testing strategies.