From b6ec9feeaecaf365c8e1e04ded2e6961b6fd23eb Mon Sep 17 00:00:00 2001
From: Joakim Olsson <joakim@unbound.se>
Date: Sat, 6 Sep 2025 14:49:56 +0200
Subject: [PATCH] feat: add salary privilege to privilege management system

Add support for the salary privilege in the privilege handler.
Implement associated logic to process and validate the
salary privilege in the test cases. Update the data
structures to include the new privilege and ensure
correct functionality in the privilege processing flow.
---
 client.go      |  3 +++
 client_test.go | 16 +++++++++++++++-
 events.go      |  4 +++-
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/client.go b/client.go
index eca9526..e18f558 100644
--- a/client.go
+++ b/client.go
@@ -20,6 +20,7 @@ type CompanyPrivileges struct {
 	Invoicing  bool `json:"invoicing"`
 	Accounting bool `json:"accounting"`
 	Supplier   bool `json:"supplier"`
+	Salary     bool `json:"salary"`
 }
 
 // PrivilegeHandler processes PrivilegeAdded-events and fetches the initial set of privileges from an authz-service
@@ -139,6 +140,8 @@ func (h *PrivilegeHandler) setPrivileges(email, companyId string, privilege Priv
 				c.Accounting = set
 			case PrivilegeSupplier:
 				c.Supplier = set
+			case PrivilegeSalary:
+				c.Salary = set
 			}
 		} else {
 			priv[companyId] = &CompanyPrivileges{}
diff --git a/client_test.go b/client_test.go
index f40bf7f..5ceca6b 100644
--- a/client_test.go
+++ b/client_test.go
@@ -236,6 +236,18 @@ func TestPrivilegeHandler_IsAllowed_Return_True_If_Privilege_Exists(t *testing.T
 	})
 
 	assert.True(t, result)
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeSalary,
+	}, goamqp.Headers{})
+
+	result = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Salary
+	})
+
+	assert.True(t, result)
 }
 
 func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) {
@@ -289,7 +301,8 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
       "time": true,
       "invoicing": true,
       "accounting": false,
-      "supplier": false
+      "supplier": false,
+      "salary": true
     }
   }
 }`
@@ -313,6 +326,7 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
 				Invoicing:  true,
 				Accounting: false,
 				Supplier:   false,
+				Salary:     true,
 			},
 		},
 	}
diff --git a/events.go b/events.go
index be2f331..7241616 100644
--- a/events.go
+++ b/events.go
@@ -23,6 +23,7 @@ const (
 	PrivilegeInvoicing  = "INVOICING"
 	PrivilegeAccounting = "ACCOUNTING"
 	PrivilegeSupplier   = "SUPPLIER"
+	PrivilegeSalary     = "SALARY"
 )
 
 var AllPrivilege = []Privilege{
@@ -33,11 +34,12 @@ var AllPrivilege = []Privilege{
 	PrivilegeInvoicing,
 	PrivilegeAccounting,
 	PrivilegeSupplier,
+	PrivilegeSalary,
 }
 
 func (e Privilege) IsValid() bool {
 	switch e {
-	case PrivilegeAdmin, PrivilegeCompany, PrivilegeConsumer, PrivilegeTime, PrivilegeInvoicing, PrivilegeAccounting, PrivilegeSupplier:
+	case PrivilegeAdmin, PrivilegeCompany, PrivilegeConsumer, PrivilegeTime, PrivilegeInvoicing, PrivilegeAccounting, PrivilegeSupplier, PrivilegeSalary:
 		return true
 	}
 	return false
-- 
2.52.0