client.go

@@ -20,6 +20,7 @@ type CompanyPrivileges struct {
 	Invoicing  bool `json:"invoicing"`
 	Accounting bool `json:"accounting"`
 	Supplier   bool `json:"supplier"`
+	Salary     bool `json:"salary"`
 }
 
 // PrivilegeHandler processes PrivilegeAdded-events and fetches the initial set of privileges from an authz-service
@@ -139,6 +140,8 @@ func (h *PrivilegeHandler) setPrivileges(email, companyId string, privilege Priv
 				c.Accounting = set
 			case PrivilegeSupplier:
 				c.Supplier = set
+			case PrivilegeSalary:
+				c.Salary = set
 			}
 		} else {
 			priv[companyId] = &CompanyPrivileges{}

client_test.go

@@ -236,6 +236,18 @@ func TestPrivilegeHandler_IsAllowed_Return_True_If_Privilege_Exists(t *testing.T
 	})
 
 	assert.True(t, result)
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeSalary,
+	}, goamqp.Headers{})
+
+	result = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Salary
+	})
+
+	assert.True(t, result)
 }
 
 func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) {
@@ -289,7 +301,8 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
       "time": true,
       "invoicing": true,
       "accounting": false,
-      "supplier": false
+      "supplier": false,
+      "salary": true
     }
   }
 }`
@@ -313,6 +326,7 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
 				Invoicing:  true,
 				Accounting: false,
 				Supplier:   false,
+				Salary:     true,
 			},
 		},
 	}

events.go

@@ -23,6 +23,7 @@ const (
 	PrivilegeInvoicing  = "INVOICING"
 	PrivilegeAccounting = "ACCOUNTING"
 	PrivilegeSupplier   = "SUPPLIER"
+	PrivilegeSalary     = "SALARY"
 )
 
 var AllPrivilege = []Privilege{
@@ -33,11 +34,12 @@ var AllPrivilege = []Privilege{
 	PrivilegeInvoicing,
 	PrivilegeAccounting,
 	PrivilegeSupplier,
+	PrivilegeSalary,
 }
 
 func (e Privilege) IsValid() bool {
 	switch e {
-	case PrivilegeAdmin, PrivilegeCompany, PrivilegeConsumer, PrivilegeTime, PrivilegeInvoicing, PrivilegeAccounting, PrivilegeSupplier:
+	case PrivilegeAdmin, PrivilegeCompany, PrivilegeConsumer, PrivilegeTime, PrivilegeInvoicing, PrivilegeAccounting, PrivilegeSupplier, PrivilegeSalary:
 		return true
 	}
 	return false