Wrap a route handler with a decorator that enforces role-based access control without modifying the handler itself.