@tomei/sso 0.33.7 → 0.33.8

package/src/components/group/group.ts

@@ -1,747 +1,1456 @@
-import { ClassError, ObjectBase } from '@tomei/general';
-import { GroupRepository } from './group.repository';
-import { IGroupAttr } from '../../interfaces/group.interface';
-import { GroupTypeEnum } from 'enum';
-import { LoginUser } from '../login-user/login-user';
-import { IGroupSearchAttr } from '../../interfaces/group-search-attr.interface';
-import { ApplicationConfig } from '@tomei/config';
-import { Op } from 'sequelize';
-import { ActionEnum, Activity } from '@tomei/activity-history';
-import { GroupSystemAccessRepository } from '../group-system-access/group-system-access.repository';
-import SystemModel from '../../models/system.entity';
-import { GroupSystemAccess } from '../group-system-access';
-import { RedisService } from '../../redis-client/redis.service';
-
-export class Group extends ObjectBase {
-  ObjectId: string;
-  ObjectName: string;
-  TableName: 'sso_Group';
-  ObjectType = 'Group';
-
-  Name: string;
-  Description: string;
-  Type: GroupTypeEnum;
-  ParentGroupCode: string;
-  InheritParentPrivilegeYN: string;
-  InheritParentSystemAccessYN: string;
-  Status: string;
-  ParentGroup?: any;
-  private _CreatedById: number;
-  private _CreatedAt: Date;
-  private _UpdatedById: number;
-  private _UpdatedAt: Date;
-  private static _Repo = new GroupRepository();
-  private static _GroupSystemAccessRepo = new GroupSystemAccessRepository();
-  private static _RedisService: RedisService;
-  get GroupCode(): string {
-    return this.ObjectId;
-  }
-
-  set GroupCode(value: string) {
-    this.ObjectId = value;
-  }
-
-  get CreatedById(): number {
-    return this._CreatedById;
-  }
-
-  get CreatedAt(): Date {
-    return this._CreatedAt;
-  }
-
-  get UpdatedById(): number {
-    return this._UpdatedById;
-  }
-
-  get UpdatedAt(): Date {
-    return this._UpdatedAt;
-  }
-
-  private constructor(groupAttr?: IGroupAttr) {
-    super();
-    if (groupAttr) {
-      this.GroupCode = groupAttr.GroupCode;
-      this.Name = groupAttr.Name;
-      this.Description = groupAttr?.Description;
-      this.Type = groupAttr?.Type;
-      this.ParentGroupCode = groupAttr?.ParentGroupCode;
-      this.InheritParentPrivilegeYN = groupAttr?.InheritParentPrivilegeYN;
-      this.InheritParentSystemAccessYN = groupAttr?.InheritParentSystemAccessYN;
-      this.Status = groupAttr?.Status;
-      this._CreatedById = groupAttr.CreatedById;
-      this._CreatedAt = groupAttr.CreatedAt;
-      this._UpdatedById = groupAttr.UpdatedById;
-      this._UpdatedAt = groupAttr.UpdatedAt;
-    }
-  }
-
-  public static async init(dbTransaction: any, GroupCode?: string) {
-    try {
-      Group._RedisService = await RedisService.init();
-      if (GroupCode) {
-        const group = await Group._Repo.findByPk(GroupCode, {
-          transaction: dbTransaction,
-        });
-        if (group) {
-          return new Group(group);
-        } else {
-          throw Error('Group not found');
-        }
-      }
-      return new Group();
-    } catch (error) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg01',
-        'Failed To Initialize Group',
-      );
-    }
-  }
-
-  public static async findAll(
-    page: number,
-    row: number,
-    dbTransaction: any,
-    loginUser: LoginUser,
-    search?: IGroupSearchAttr,
-  ) {
-    //This method will list all group based on the query params.
-    //Part 1: Privilege Checking
-    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
-    const isPrivileged = await loginUser.checkPrivileges(
-      systemCode,
-      'GROUP_LIST',
-    );
-
-    if (!isPrivileged) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg04',
-        'User is not privileged to list group',
-      );
-    }
-
-    //Part 2: Retrieve listing
-    const queryObj: any = {};
-
-    let options: any = {
-      transaction: dbTransaction,
-    };
-
-    if (page && row) {
-      options = {
-        ...options,
-        limit: row,
-        offset: row * (page - 1),
-        order: [['CreatedAt', 'DESC']],
-      };
-    }
-
-    if (search) {
-      Object.entries(search).forEach(([key, value]) => {
-        queryObj[key] = {
-          [Op.substring]: value,
-        };
-      });
-
-      options = {
-        ...options,
-        where: queryObj,
-      };
-
-      const result = await Group._Repo.findAllWithPagination(options);
-
-      //Map the result to Group instance
-      return {
-        Count: result.count,
-        Groups: result.rows.map(
-          (group) => new Group(group.get({ plain: true })),
-        ),
-      };
-    }
-  }
-
-  public static async create(
-    loginUser: LoginUser,
-    dbTransaction: any,
-    group: Group,
-  ) {
-    try {
-      //Part 1: Privilege Checking
-      const systemCode =
-        ApplicationConfig.getComponentConfigValue('system-code');
-      const isPrivileged = await loginUser.checkPrivileges(
-        systemCode,
-        'GROUP_CREATE',
-      );
-      if (!isPrivileged) {
-        throw new Error('You do not have permission to create group');
-      }
-
-      //Part 2: Validation
-      if (!group.GroupCode) {
-        throw new ClassError(
-          'Group',
-          'GroupErrMsg02',
-          'Group Code is required',
-        );
-      }
-
-      if (!group.Name) {
-        throw new ClassError(
-          'Group',
-          'GroupErrMsg02',
-          'Group Name is required',
-        );
-      }
-
-      if (!group.Type) {
-        throw new ClassError(
-          'Group',
-          'GroupErrMsg02',
-          'Group Type is required',
-        );
-      }
-
-      //Check if group code is unique
-      const existingGroupCode = await Group._Repo.findByPk(group.GroupCode, {
-        transaction: dbTransaction,
-      });
-
-      if (existingGroupCode) {
-        throw new ClassError(
-          'Group',
-          'GroupErrMsg03',
-          'Duplicate GroupCode found.',
-        );
-      }
-
-      //Validate parent group code if passed. Call Group._Repo.findByPk
-      if (group.ParentGroupCode) {
-        const parentGroup = await Group._Repo.findByPk(group.ParentGroupCode, {
-          transaction: dbTransaction,
-        });
-
-        if (!parentGroup) {
-          throw new ClassError(
-            'Group',
-            'GroupErrMsg04',
-            'ParentGroupCode is not found.',
-          );
-        }
-
-        //If Params.group.GroupCode = Params.group?.ParentGroupCode, throw new ClassError
-        if (group.GroupCode === group.ParentGroupCode) {
-          throw new ClassError(
-            'Group',
-            'GroupErrMsg05',
-            'GroupCode and ParentGroupCode cannot be the same.',
-          );
-        }
-      }
-
-      //Part 3: Create Group
-      //Initialise new Group instance and populate
-      const newGroup = new Group(group);
-      newGroup.ObjectId = group.GroupCode;
-      newGroup.Name = group.Name;
-      newGroup.Type = group.Type;
-      newGroup.Description = group.Description;
-      newGroup.ParentGroupCode = group.ParentGroupCode;
-      newGroup.InheritParentPrivilegeYN = group.InheritParentPrivilegeYN;
-      newGroup.InheritParentSystemAccessYN = group.InheritParentSystemAccessYN;
-      newGroup.Status = 'Active';
-      newGroup._CreatedById = loginUser.UserId;
-      newGroup._UpdatedById = loginUser.UserId;
-
-      //Call Group._Repo create method
-      const entityGroupAfter = {
-        GroupCode: newGroup.ObjectId,
-        Name: newGroup.Name,
-        Type: newGroup.Type,
-        Description: newGroup.Description,
-        ParentGroupCode: newGroup.ParentGroupCode,
-        InheritParentPrivilegeYN: newGroup.InheritParentPrivilegeYN,
-        InheritParentSystemAccessYN: newGroup.InheritParentSystemAccessYN,
-        Status: newGroup.Status,
-        CreatedById: newGroup._CreatedById,
-        UpdatedById: newGroup._UpdatedById,
-        CreatedAt: newGroup._CreatedAt,
-        UpdatedAt: newGroup._UpdatedAt,
-      };
-
-      await Group._Repo.create(entityGroupAfter, {
-        transaction: dbTransaction,
-      });
-
-      //Part 4: Record Create Group Activity and return newGroup
-
-      const entityValueBefore = {};
-
-      //Instantiate new activity
-      const activity = new Activity();
-      activity.ActivityId = activity.createId();
-      activity.Action = ActionEnum.ADD;
-      activity.Description = 'Create Group';
-      activity.EntityType = 'Group';
-      activity.EntityId = newGroup.ObjectId;
-      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
-      activity.EntityValueAfter = JSON.stringify(entityGroupAfter);
-
-      //Call Activity.create method
-      await activity.create(loginUser.ObjectId, dbTransaction);
-
-      return newGroup;
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  protected static async checkDuplicateGroupCode(
-    dbTransaction: any,
-    GroupCode,
-  ) {
-    const isGroupCodeExist = await Group._Repo.findOne({
-      where: { GroupCode },
-      transaction: dbTransaction,
-    });
-
-    if (isGroupCodeExist) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg07',
-        'GroupCode already exists.',
-      );
-    }
-  }
-
-  public async update(
-    loginUser: LoginUser,
-    dbTransaction: any,
-    group: {
-      GroupCode: string;
-      NewGroupCode?: string;
-      Name?: string;
-      Description?: string;
-      Type?: GroupTypeEnum;
-      ParentGroupCode?: string;
-      InheritParentPrivilegeYN?: string;
-      InheritParentSystemAccessYN?: string;
-      Status?: string;
-    },
-  ) {
-    //Part 1: Privilege Checking
-    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
-    const isPrivileged = await loginUser.checkPrivileges(
-      systemCode,
-      'GROUP_UPDATE',
-    );
-
-    if (!isPrivileged) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg06',
-        'You do not have the privilege to update Group',
-      );
-    }
-    try {
-      const currentGroup = await Group.init(dbTransaction, group.GroupCode);
-      if (group.NewGroupCode) {
-        await Group.checkDuplicateGroupCode(dbTransaction, group.NewGroupCode);
-      }
-
-      if (
-        group.ParentGroupCode &&
-        currentGroup.ParentGroupCode !== group.ParentGroupCode
-      ) {
-        const parentGroup = await Group.init(
-          dbTransaction,
-          group.ParentGroupCode,
-        );
-        if (!parentGroup) {
-          throw new ClassError(
-            'Group',
-            'GroupErrMsg08',
-            'Parent Group Code not found',
-          );
-        }
-      }
-
-      const entityValueBefore = {
-        GroupCode: currentGroup.GroupCode,
-        Name: currentGroup.Name,
-        Type: currentGroup.Type,
-        Description: currentGroup.Description,
-        ParentGroupCode: currentGroup.ParentGroupCode,
-        InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
-        InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
-        Status: currentGroup.Status,
-        CreatedById: currentGroup._CreatedById,
-        UpdatedById: currentGroup._UpdatedById,
-        CreatedAt: currentGroup._CreatedAt,
-        UpdatedAt: currentGroup._UpdatedAt,
-      };
-
-      currentGroup.GroupCode = group?.NewGroupCode || currentGroup.GroupCode;
-      currentGroup.Name = group?.Name || currentGroup.Name;
-      currentGroup.Type = group?.Type || currentGroup.Type;
-      currentGroup.Description = group?.Description || currentGroup.Description;
-      currentGroup.ParentGroupCode =
-        group?.ParentGroupCode || currentGroup.ParentGroupCode;
-      currentGroup.InheritParentPrivilegeYN =
-        group?.InheritParentPrivilegeYN ||
-        currentGroup.InheritParentPrivilegeYN;
-      currentGroup.InheritParentSystemAccessYN =
-        group?.InheritParentSystemAccessYN ||
-        currentGroup.InheritParentSystemAccessYN;
-      currentGroup.Status = group?.Status || currentGroup.Status;
-      currentGroup._UpdatedById = loginUser.UserId;
-      currentGroup._UpdatedAt = new Date();
-
-      await Group._Repo.update(
-        {
-          GroupCode: currentGroup.GroupCode,
-          Name: currentGroup.Name,
-          Type: currentGroup.Type,
-          Description: currentGroup.Description,
-          ParentGroupCode: currentGroup.ParentGroupCode,
-          InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
-          InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
-          Status: currentGroup.Status,
-          UpdatedById: currentGroup._UpdatedById,
-          UpdatedAt: currentGroup._UpdatedAt,
-        },
-        {
-          where: {
-            GroupCode: group.GroupCode,
-          },
-          transaction: dbTransaction,
-        },
-      );
-
-      const entityValueAfter = {
-        GroupCode: currentGroup.GroupCode,
-        Name: currentGroup.Name,
-        Type: currentGroup.Type,
-        Description: currentGroup.Description,
-        ParentGroupCode: currentGroup.ParentGroupCode,
-        InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
-        InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
-        Status: currentGroup.Status,
-        CreatedById: currentGroup._CreatedById,
-        UpdatedById: currentGroup._UpdatedById,
-        CreatedAt: currentGroup._CreatedAt,
-        UpdatedAt: currentGroup._UpdatedAt,
-      };
-
-      const activity = new Activity();
-      activity.ActivityId = activity.createId();
-      activity.Action = ActionEnum.UPDATE;
-      activity.Description = `Update Group ${group.Type}`;
-      activity.EntityType = 'Group';
-      activity.EntityId = group.GroupCode;
-      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
-      activity.EntityValueAfter = JSON.stringify(entityValueAfter);
-      await activity.create(loginUser.ObjectId, dbTransaction);
-
-      return currentGroup;
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  public static async getSystemAccesses(
-    loginUser: LoginUser,
-    dbTransaction: any,
-    GroupCode: string,
-    Page: number,
-    Rows: number,
-    Search: {
-      SystemCode?: string;
-      Status?: string;
-    },
-  ) {
-    // Part 1: Privilege Checking
-    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
-    const isPrivileged = await loginUser.checkPrivileges(
-      systemCode,
-      'SYSTEM_ACCESS_VIEW',
-    );
-
-    if (!isPrivileged) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg06',
-        'You do not have the privilege to view system access',
-      );
-    }
-
-    try {
-      // Part 2: Validation
-      await Group.init(dbTransaction, GroupCode);
-
-      // Part 3: Retrieve System Access and returns
-      const queryObj: any = { GroupCode: GroupCode };
-
-      if (Search) {
-        Object.entries(Search).forEach(([key, value]) => {
-          queryObj[key] = value;
-        });
-      }
-
-      let options: any = {
-        where: queryObj,
-        distinct: true,
-        transaction: dbTransaction,
-      };
-
-      if (Page && Rows) {
-        options = {
-          ...options,
-          limit: Rows,
-          offset: Rows * (Page - 1),
-          order: [['CreatedAt', 'DESC']],
-        };
-      }
-
-      const systemAccess = await Group._GroupSystemAccessRepo.findAndCountAll(
-        options,
-      );
-      return systemAccess;
-    } catch (error) {
-      return error;
-    }
-  }
-
-  private static async getInheritedSystemAccess(
-    dbTransaction: any,
-    group: Group,
-  ): Promise<any[]> {
-    const options: any = {
-      where: {
-        GroupCode: group.GroupCode,
-        Status: 'Active',
-      },
-      include: [
-        {
-          model: SystemModel,
-        },
-      ],
-      transaction: dbTransaction,
-    };
-    let systemAccess = await Group._GroupSystemAccessRepo.findAll(options);
-
-    if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
-      const parentGroup = await Group.init(
-        dbTransaction,
-        group.ParentGroupCode,
-      );
-      const parentSystemAccesses = await this.getInheritedSystemAccess(
-        dbTransaction,
-        parentGroup,
-      );
-      systemAccess = systemAccess.concat(parentSystemAccesses);
-    }
-    return systemAccess;
-  }
-
-  public static async getParentSystemAccesses(
-    loginUser: LoginUser,
-    dbTransaction: any,
-    GroupCode: string,
-  ) {
-    // Part 1: Privilege Checking
-    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
-    const isPrivileged = await loginUser.checkPrivileges(
-      systemCode,
-      'SYSTEM_ACCESS_VIEW',
-    );
-
-    if (!isPrivileged) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg06',
-        'You do not have the privilege to view system access',
-      );
-    }
-
-    try {
-      const group = await Group.init(dbTransaction, GroupCode);
-      if (group.InheritParentSystemAccessYN !== 'Y' && !group.ParentGroupCode) {
-        return [];
-      } else {
-        const parentGroup = await Group.init(
-          dbTransaction,
-          group.ParentGroupCode,
-        );
-        const inheritSystemAccess = await Group.getInheritedSystemAccess(
-          dbTransaction,
-          parentGroup,
-        );
-        return inheritSystemAccess;
-      }
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  public static async addSystemAccesses(
-    loginUser: LoginUser,
-    dbTransaction: any,
-    GroupCode: string,
-    SystemCodes: string[],
-  ) {
-    // Part 1: Privilege Checking
-    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
-    const isPrivileged = await loginUser.checkPrivileges(
-      systemCode,
-      'SYSTEM_ACCESS_CREATE',
-    );
-
-    if (!isPrivileged) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg07',
-        'You do not have the privilege to create system access',
-      );
-    }
-
-    try {
-      if (SystemCodes.length > 0) {
-        for (let i = 0; i < SystemCodes.length; i++) {
-          const CurrentGroupSystemAccess = await Group.getSystemAccesses(
-            loginUser,
-            dbTransaction,
-            GroupCode,
-            1,
-            Number.MAX_SAFE_INTEGER,
-            { SystemCode: SystemCodes[i] },
-          );
-
-          if (CurrentGroupSystemAccess?.count > 0) {
-            throw new ClassError(
-              'Group',
-              'GroupErrMsg08',
-              'System access already exists',
-            );
-          }
-
-          const groupSystemAccess = await GroupSystemAccess.init(dbTransaction);
-          groupSystemAccess.createId();
-          groupSystemAccess.GroupCode = GroupCode;
-          groupSystemAccess.SystemCode = SystemCodes[i];
-          groupSystemAccess.Status = 'Active';
-          groupSystemAccess.CreatedById = +loginUser.ObjectId;
-          groupSystemAccess.CreatedAt = new Date();
-          groupSystemAccess.UpdatedById = +loginUser.ObjectId;
-          groupSystemAccess.UpdatedAt = new Date();
-
-          const EntityValueAfter = {
-            GroupCode: groupSystemAccess.GroupCode,
-            SystemCode: groupSystemAccess.SystemCode,
-            Status: groupSystemAccess.Status,
-            CreatedById: groupSystemAccess.CreatedById,
-            CreatedAt: groupSystemAccess.CreatedAt,
-            UpdatedById: groupSystemAccess.UpdatedById,
-            UpdatedAt: groupSystemAccess.UpdatedAt,
-          };
-
-          const systemAccess = await Group._GroupSystemAccessRepo.create(
-            EntityValueAfter,
-            {
-              transaction: dbTransaction,
-            },
-          );
-
-          const activity = new Activity();
-          activity.ActivityId = activity.createId();
-          activity.Action = ActionEnum.ADD;
-          activity.Description = 'Create Group System Access';
-          activity.EntityType = 'GroupSystemAccess';
-          activity.EntityId = systemAccess.GroupSystemAccessId?.toString();
-          activity.EntityValueBefore = JSON.stringify({});
-          activity.EntityValueAfter = JSON.stringify(EntityValueAfter);
-
-          await activity.create(loginUser.ObjectId, dbTransaction);
-        }
-
-        return { Message: 'Successfully added.' };
-      }
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  public static async deleteSystemAccess(
-    loginUser: LoginUser,
-    dbTransaction: any,
-    GroupCode: string,
-    SystemCode: string,
-  ) {
-    // Part 1: Privilege Checking
-    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
-    const isPrivileged = await loginUser.checkPrivileges(
-      systemCode,
-      'SYSTEM_ACCESS_DELETE',
-    );
-
-    if (!isPrivileged) {
-      throw new ClassError(
-        'Group',
-        'GroupErrMsg08',
-        'You do not have the privilege to delete system access',
-      );
-    }
-
-    try {
-      const currentGroupSystemAccess = await Group.getSystemAccesses(
-        loginUser,
-        dbTransaction,
-        GroupCode,
-        1,
-        Number.MAX_SAFE_INTEGER,
-        { SystemCode: SystemCode },
-      );
-
-      if (currentGroupSystemAccess.count < 1) {
-        throw new ClassError(
-          'Group',
-          'GroupErrMsg10',
-          'No associated system access found.',
-        );
-      }
-
-      await Group._GroupSystemAccessRepo.delete(
-        GroupCode,
-        SystemCode,
-        dbTransaction,
-      );
-
-      const EntityValueBefore = {
-        GroupCode: currentGroupSystemAccess?.rows[0]?.GroupCode,
-        SystemCode: currentGroupSystemAccess?.rows[0]?.SystemCode,
-        Status: currentGroupSystemAccess?.rows[0]?.Status,
-        CreatedById: currentGroupSystemAccess?.rows[0]?.CreatedById,
-        CreatedAt: currentGroupSystemAccess?.rows[0]?.CreatedAt,
-        UpdatedById: currentGroupSystemAccess?.rows[0]?.UpdatedById,
-        UpdatedAt: currentGroupSystemAccess?.rows[0]?.UpdatedAt,
-      };
-
-      const activity = new Activity();
-      activity.ActivityId = activity.createId();
-      activity.Action = ActionEnum.DELETE;
-      activity.Description = 'Delete Group System Access';
-      activity.EntityType = 'GroupSystemAccess';
-      activity.EntityId =
-        currentGroupSystemAccess?.rows[0]?.GroupSystemAccessId?.toString();
-      activity.EntityValueBefore = JSON.stringify(EntityValueBefore);
-      activity.EntityValueAfter = JSON.stringify({});
-
-      await activity.create(loginUser.ObjectId, dbTransaction);
-
-      return { Message: 'System access removed.', SystemCode: SystemCode };
-    } catch (error) {
-      throw error;
-    }
-  }
-}
+import { ClassError, ObjectBase } from '@tomei/general';
+import { GroupRepository } from './group.repository';
+import { IGroupAttr } from '../../interfaces/group.interface';
+import { GroupTypeEnum } from 'enum';
+import { LoginUser } from '../login-user/login-user';
+import { IGroupSearchAttr } from '../../interfaces/group-search-attr.interface';
+import { ApplicationConfig } from '@tomei/config';
+import { Op } from 'sequelize';
+import { ActionEnum, Activity } from '@tomei/activity-history';
+import { GroupSystemAccessRepository } from '../group-system-access/group-system-access.repository';
+import SystemModel from '../../models/system.entity';
+import { GroupSystemAccess } from '../group-system-access';
+import { RedisService } from '../../redis-client/redis.service';
+import SystemPrivilegeModel from '../../models/system-privilege.entity';
+import { GroupPrivilegeRepository } from '../group-privilege/group-privilege.repository';
+import { SystemPrivilege } from '../system-privilege/system-privilege';
+import GroupPrivilegeModel from '../../models/group-privilege.entity';
+import { GroupObjectPrivilegeRepository } from '../group-object-privilege/group-object-privilege.repository';
+import { GroupObjectPrivilege } from '../group-object-privilege/group-object-privilege';
+import { GroupPrivilege } from '../group-privilege/group-privilege';
+
+export class Group extends ObjectBase {
+  ObjectId: string;
+  ObjectName: string;
+  TableName: 'sso_Group';
+  ObjectType = 'Group';
+
+  Name: string;
+  Description: string;
+  Type: GroupTypeEnum;
+  ParentGroupCode: string;
+  InheritParentPrivilegeYN: string;
+  InheritParentSystemAccessYN: string;
+  Status: string;
+  ParentGroup?: any;
+  private _CreatedById: number;
+  private _CreatedAt: Date;
+  private _UpdatedById: number;
+  private _UpdatedAt: Date;
+  private static _Repo = new GroupRepository();
+  private static _GroupSystemAccessRepo = new GroupSystemAccessRepository();
+  private static _GroupPrivilegeRepo = new GroupPrivilegeRepository();
+  private static _GroupObjectPrivilegeRepo = new GroupObjectPrivilegeRepository();
+  private static _RedisService: RedisService;
+  get GroupCode(): string {
+    return this.ObjectId;
+  }
+
+  set GroupCode(value: string) {
+    this.ObjectId = value;
+  }
+
+  get CreatedById(): number {
+    return this._CreatedById;
+  }
+
+  get CreatedAt(): Date {
+    return this._CreatedAt;
+  }
+
+  get UpdatedById(): number {
+    return this._UpdatedById;
+  }
+
+  get UpdatedAt(): Date {
+    return this._UpdatedAt;
+  }
+
+  private constructor(groupAttr?: IGroupAttr) {
+    super();
+    if (groupAttr) {
+      this.GroupCode = groupAttr.GroupCode;
+      this.Name = groupAttr.Name;
+      this.Description = groupAttr?.Description;
+      this.Type = groupAttr?.Type;
+      this.ParentGroupCode = groupAttr?.ParentGroupCode;
+      this.InheritParentPrivilegeYN = groupAttr?.InheritParentPrivilegeYN;
+      this.InheritParentSystemAccessYN = groupAttr?.InheritParentSystemAccessYN;
+      this.Status = groupAttr?.Status;
+      this._CreatedById = groupAttr.CreatedById;
+      this._CreatedAt = groupAttr.CreatedAt;
+      this._UpdatedById = groupAttr.UpdatedById;
+      this._UpdatedAt = groupAttr.UpdatedAt;
+    }
+  }
+
+  public static async init(dbTransaction: any, GroupCode?: string) {
+    try {
+      Group._RedisService = await RedisService.init();
+      if (GroupCode) {
+        const group = await Group._Repo.findByPk(GroupCode, {
+          transaction: dbTransaction,
+        });
+        if (group) {
+          return new Group(group);
+        } else {
+          throw Error('Group not found');
+        }
+      }
+      return new Group();
+    } catch (error) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg01',
+        'Failed To Initialize Group',
+      );
+    }
+  }
+
+  public static async findAll(
+    page: number,
+    row: number,
+    dbTransaction: any,
+    loginUser: LoginUser,
+    search?: IGroupSearchAttr,
+  ) {
+    //This method will list all group based on the query params.
+    //Part 1: Privilege Checking
+    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+    const isPrivileged = await loginUser.checkPrivileges(
+      systemCode,
+      'GROUP_LIST',
+    );
+
+    if (!isPrivileged) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg04',
+        'User is not privileged to list group',
+      );
+    }
+
+    //Part 2: Retrieve listing
+    const queryObj: any = {};
+
+    let options: any = {
+      transaction: dbTransaction,
+    };
+
+    if (page && row) {
+      options = {
+        ...options,
+        limit: row,
+        offset: row * (page - 1),
+        order: [['CreatedAt', 'DESC']],
+      };
+    }
+
+    if (search) {
+      Object.entries(search).forEach(([key, value]) => {
+        queryObj[key] = {
+          [Op.substring]: value,
+        };
+      });
+
+      options = {
+        ...options,
+        where: queryObj,
+      };
+
+      const result = await Group._Repo.findAllWithPagination(options);
+
+      //Map the result to Group instance
+      return {
+        Count: result.count,
+        Groups: result.rows.map(
+          (group) => new Group(group.get({ plain: true })),
+        ),
+      };
+    }
+  }
+
+  public static async create(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    group: Group,
+  ) {
+    try {
+      //Part 1: Privilege Checking
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_CREATE',
+      );
+      if (!isPrivileged) {
+        throw new Error('You do not have permission to create group');
+      }
+
+      //Part 2: Validation
+      if (!group.GroupCode) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg02',
+          'Group Code is required',
+        );
+      }
+
+      if (!group.Name) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg02',
+          'Group Name is required',
+        );
+      }
+
+      if (!group.Type) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg02',
+          'Group Type is required',
+        );
+      }
+
+      //Check if group code is unique
+      const existingGroupCode = await Group._Repo.findByPk(group.GroupCode, {
+        transaction: dbTransaction,
+      });
+
+      if (existingGroupCode) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg03',
+          'Duplicate GroupCode found.',
+        );
+      }
+
+      //Validate parent group code if passed. Call Group._Repo.findByPk
+      if (group.ParentGroupCode) {
+        const parentGroup = await Group._Repo.findByPk(group.ParentGroupCode, {
+          transaction: dbTransaction,
+        });
+
+        if (!parentGroup) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg04',
+            'ParentGroupCode is not found.',
+          );
+        }
+
+        //If Params.group.GroupCode = Params.group?.ParentGroupCode, throw new ClassError
+        if (group.GroupCode === group.ParentGroupCode) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg05',
+            'GroupCode and ParentGroupCode cannot be the same.',
+          );
+        }
+      }
+
+      //Part 3: Create Group
+      //Initialise new Group instance and populate
+      const newGroup = new Group(group);
+      newGroup.ObjectId = group.GroupCode;
+      newGroup.Name = group.Name;
+      newGroup.Type = group.Type;
+      newGroup.Description = group.Description;
+      newGroup.ParentGroupCode = group.ParentGroupCode;
+      newGroup.InheritParentPrivilegeYN = group.InheritParentPrivilegeYN;
+      newGroup.InheritParentSystemAccessYN = group.InheritParentSystemAccessYN;
+      newGroup.Status = 'Active';
+      newGroup._CreatedById = loginUser.UserId;
+      newGroup._UpdatedById = loginUser.UserId;
+
+      //Call Group._Repo create method
+      const entityGroupAfter = {
+        GroupCode: newGroup.ObjectId,
+        Name: newGroup.Name,
+        Type: newGroup.Type,
+        Description: newGroup.Description,
+        ParentGroupCode: newGroup.ParentGroupCode,
+        InheritParentPrivilegeYN: newGroup.InheritParentPrivilegeYN,
+        InheritParentSystemAccessYN: newGroup.InheritParentSystemAccessYN,
+        Status: newGroup.Status,
+        CreatedById: newGroup._CreatedById,
+        UpdatedById: newGroup._UpdatedById,
+        CreatedAt: newGroup._CreatedAt,
+        UpdatedAt: newGroup._UpdatedAt,
+      };
+
+      await Group._Repo.create(entityGroupAfter, {
+        transaction: dbTransaction,
+      });
+
+      //Part 4: Record Create Group Activity and return newGroup
+
+      const entityValueBefore = {};
+
+      //Instantiate new activity
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.ADD;
+      activity.Description = 'Create Group';
+      activity.EntityType = 'Group';
+      activity.EntityId = newGroup.ObjectId;
+      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+      activity.EntityValueAfter = JSON.stringify(entityGroupAfter);
+
+      //Call Activity.create method
+      await activity.create(loginUser.ObjectId, dbTransaction);
+
+      return newGroup;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  protected static async checkDuplicateGroupCode(
+    dbTransaction: any,
+    GroupCode,
+  ) {
+    const isGroupCodeExist = await Group._Repo.findOne({
+      where: { GroupCode },
+      transaction: dbTransaction,
+    });
+
+    if (isGroupCodeExist) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg07',
+        'GroupCode already exists.',
+      );
+    }
+  }
+
+  public async update(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    group: {
+      GroupCode: string;
+      NewGroupCode?: string;
+      Name?: string;
+      Description?: string;
+      Type?: GroupTypeEnum;
+      ParentGroupCode?: string;
+      InheritParentPrivilegeYN?: string;
+      InheritParentSystemAccessYN?: string;
+      Status?: string;
+    },
+  ) {
+    //Part 1: Privilege Checking
+    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+    const isPrivileged = await loginUser.checkPrivileges(
+      systemCode,
+      'GROUP_UPDATE',
+    );
+
+    if (!isPrivileged) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg06',
+        'You do not have the privilege to update Group',
+      );
+    }
+    try {
+      const currentGroup = await Group.init(dbTransaction, group.GroupCode);
+      if (group.NewGroupCode) {
+        await Group.checkDuplicateGroupCode(dbTransaction, group.NewGroupCode);
+      }
+
+      if (
+        group.ParentGroupCode &&
+        currentGroup.ParentGroupCode !== group.ParentGroupCode
+      ) {
+        const parentGroup = await Group.init(
+          dbTransaction,
+          group.ParentGroupCode,
+        );
+        if (!parentGroup) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg08',
+            'Parent Group Code not found',
+          );
+        }
+      }
+
+      const entityValueBefore = {
+        GroupCode: currentGroup.GroupCode,
+        Name: currentGroup.Name,
+        Type: currentGroup.Type,
+        Description: currentGroup.Description,
+        ParentGroupCode: currentGroup.ParentGroupCode,
+        InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
+        InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
+        Status: currentGroup.Status,
+        CreatedById: currentGroup._CreatedById,
+        UpdatedById: currentGroup._UpdatedById,
+        CreatedAt: currentGroup._CreatedAt,
+        UpdatedAt: currentGroup._UpdatedAt,
+      };
+
+      currentGroup.GroupCode = group?.NewGroupCode || currentGroup.GroupCode;
+      currentGroup.Name = group?.Name || currentGroup.Name;
+      currentGroup.Type = group?.Type || currentGroup.Type;
+      currentGroup.Description = group?.Description || currentGroup.Description;
+      currentGroup.ParentGroupCode =
+        group?.ParentGroupCode || currentGroup.ParentGroupCode;
+      currentGroup.InheritParentPrivilegeYN =
+        group?.InheritParentPrivilegeYN ||
+        currentGroup.InheritParentPrivilegeYN;
+      currentGroup.InheritParentSystemAccessYN =
+        group?.InheritParentSystemAccessYN ||
+        currentGroup.InheritParentSystemAccessYN;
+      currentGroup.Status = group?.Status || currentGroup.Status;
+      currentGroup._UpdatedById = loginUser.UserId;
+      currentGroup._UpdatedAt = new Date();
+
+      await Group._Repo.update(
+        {
+          GroupCode: currentGroup.GroupCode,
+          Name: currentGroup.Name,
+          Type: currentGroup.Type,
+          Description: currentGroup.Description,
+          ParentGroupCode: currentGroup.ParentGroupCode,
+          InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
+          InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
+          Status: currentGroup.Status,
+          UpdatedById: currentGroup._UpdatedById,
+          UpdatedAt: currentGroup._UpdatedAt,
+        },
+        {
+          where: {
+            GroupCode: group.GroupCode,
+          },
+          transaction: dbTransaction,
+        },
+      );
+
+      const entityValueAfter = {
+        GroupCode: currentGroup.GroupCode,
+        Name: currentGroup.Name,
+        Type: currentGroup.Type,
+        Description: currentGroup.Description,
+        ParentGroupCode: currentGroup.ParentGroupCode,
+        InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
+        InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
+        Status: currentGroup.Status,
+        CreatedById: currentGroup._CreatedById,
+        UpdatedById: currentGroup._UpdatedById,
+        CreatedAt: currentGroup._CreatedAt,
+        UpdatedAt: currentGroup._UpdatedAt,
+      };
+
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.UPDATE;
+      activity.Description = `Update Group ${group.Type}`;
+      activity.EntityType = 'Group';
+      activity.EntityId = group.GroupCode;
+      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+      activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+      await activity.create(loginUser.ObjectId, dbTransaction);
+
+      return currentGroup;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getSystemAccesses(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    Page: number,
+    Rows: number,
+    Search: {
+      SystemCode?: string;
+      Status?: string;
+    },
+  ) {
+    // Part 1: Privilege Checking
+    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+    const isPrivileged = await loginUser.checkPrivileges(
+      systemCode,
+      'SYSTEM_ACCESS_VIEW',
+    );
+
+    if (!isPrivileged) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg06',
+        'You do not have the privilege to view system access',
+      );
+    }
+
+    try {
+      // Part 2: Validation
+      await Group.init(dbTransaction, GroupCode);
+
+      // Part 3: Retrieve System Access and returns
+      const queryObj: any = { GroupCode: GroupCode };
+
+      if (Search) {
+        Object.entries(Search).forEach(([key, value]) => {
+          queryObj[key] = value;
+        });
+      }
+
+      let options: any = {
+        where: queryObj,
+        distinct: true,
+        transaction: dbTransaction,
+      };
+
+      if (Page && Rows) {
+        options = {
+          ...options,
+          limit: Rows,
+          offset: Rows * (Page - 1),
+          order: [['CreatedAt', 'DESC']],
+        };
+      }
+
+      const systemAccess = await Group._GroupSystemAccessRepo.findAndCountAll(
+        options,
+      );
+      return systemAccess;
+    } catch (error) {
+      return error;
+    }
+  }
+
+  private static async getInheritedSystemAccess(
+    dbTransaction: any,
+    group: Group,
+  ): Promise<any[]> {
+    const options: any = {
+      where: {
+        GroupCode: group.GroupCode,
+        Status: 'Active',
+      },
+      include: [
+        {
+          model: SystemModel,
+        },
+      ],
+      transaction: dbTransaction,
+    };
+    let systemAccess = await Group._GroupSystemAccessRepo.findAll(options);
+
+    if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
+      const parentGroup = await Group.init(
+        dbTransaction,
+        group.ParentGroupCode,
+      );
+      const parentSystemAccesses = await this.getInheritedSystemAccess(
+        dbTransaction,
+        parentGroup,
+      );
+      systemAccess = systemAccess.concat(parentSystemAccesses);
+    }
+    return systemAccess;
+  }
+
+  public static async getParentSystemAccesses(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+  ) {
+    // Part 1: Privilege Checking
+    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+    const isPrivileged = await loginUser.checkPrivileges(
+      systemCode,
+      'SYSTEM_ACCESS_VIEW',
+    );
+
+    if (!isPrivileged) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg06',
+        'You do not have the privilege to view system access',
+      );
+    }
+
+    try {
+      const group = await Group.init(dbTransaction, GroupCode);
+      if (group.InheritParentSystemAccessYN !== 'Y' && !group.ParentGroupCode) {
+        return [];
+      } else {
+        const parentGroup = await Group.init(
+          dbTransaction,
+          group.ParentGroupCode,
+        );
+        const inheritSystemAccess = await Group.getInheritedSystemAccess(
+          dbTransaction,
+          parentGroup,
+        );
+        return inheritSystemAccess;
+      }
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async addSystemAccesses(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    SystemCodes: string[],
+  ) {
+    // Part 1: Privilege Checking
+    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+    const isPrivileged = await loginUser.checkPrivileges(
+      systemCode,
+      'SYSTEM_ACCESS_CREATE',
+    );
+
+    if (!isPrivileged) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg07',
+        'You do not have the privilege to create system access',
+      );
+    }
+
+    try {
+      if (SystemCodes.length > 0) {
+        for (const element of SystemCodes) {
+          const CurrentGroupSystemAccess = await Group.getSystemAccesses(
+            loginUser,
+            dbTransaction,
+            GroupCode,
+            1,
+            Number.MAX_SAFE_INTEGER,
+            { SystemCode: element },
+          );
+
+          if (CurrentGroupSystemAccess?.count > 0) {
+            throw new ClassError(
+              'Group',
+              'GroupErrMsg08',
+              'System access already exists',
+            );
+          }
+
+          const groupSystemAccess = await GroupSystemAccess.init(dbTransaction);
+          groupSystemAccess.createId();
+          groupSystemAccess.GroupCode = GroupCode;
+          groupSystemAccess.SystemCode = element;
+          groupSystemAccess.Status = 'Active';
+          groupSystemAccess.CreatedById = +loginUser.ObjectId;
+          groupSystemAccess.CreatedAt = new Date();
+          groupSystemAccess.UpdatedById = +loginUser.ObjectId;
+          groupSystemAccess.UpdatedAt = new Date();
+
+          const EntityValueAfter = {
+            GroupCode: groupSystemAccess.GroupCode,
+            SystemCode: groupSystemAccess.SystemCode,
+            Status: groupSystemAccess.Status,
+            CreatedById: groupSystemAccess.CreatedById,
+            CreatedAt: groupSystemAccess.CreatedAt,
+            UpdatedById: groupSystemAccess.UpdatedById,
+            UpdatedAt: groupSystemAccess.UpdatedAt,
+          };
+
+          const systemAccess = await Group._GroupSystemAccessRepo.create(
+            EntityValueAfter,
+            {
+              transaction: dbTransaction,
+            },
+          );
+
+          const activity = new Activity();
+          activity.ActivityId = activity.createId();
+          activity.Action = ActionEnum.ADD;
+          activity.Description = 'Create Group System Access';
+          activity.EntityType = 'GroupSystemAccess';
+          activity.EntityId = systemAccess.GroupSystemAccessId?.toString();
+          activity.EntityValueBefore = JSON.stringify({});
+          activity.EntityValueAfter = JSON.stringify(EntityValueAfter);
+
+          await activity.create(loginUser.ObjectId, dbTransaction);
+        }
+
+        return { Message: 'Successfully added.' };
+      }
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async deleteSystemAccess(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    SystemCode: string,
+  ) {
+    // Part 1: Privilege Checking
+    const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+    const isPrivileged = await loginUser.checkPrivileges(
+      systemCode,
+      'SYSTEM_ACCESS_DELETE',
+    );
+
+    if (!isPrivileged) {
+      throw new ClassError(
+        'Group',
+        'GroupErrMsg08',
+        'You do not have the privilege to delete system access',
+      );
+    }
+
+    try {
+      const currentGroupSystemAccess = await Group.getSystemAccesses(
+        loginUser,
+        dbTransaction,
+        GroupCode,
+        1,
+        Number.MAX_SAFE_INTEGER,
+        { SystemCode: SystemCode },
+      );
+
+      if (currentGroupSystemAccess.count < 1) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg10',
+          'No associated system access found.',
+        );
+      }
+
+      await Group._GroupSystemAccessRepo.delete(
+        GroupCode,
+        SystemCode,
+        dbTransaction,
+      );
+
+      const EntityValueBefore = {
+        GroupCode: currentGroupSystemAccess?.rows[0]?.GroupCode,
+        SystemCode: currentGroupSystemAccess?.rows[0]?.SystemCode,
+        Status: currentGroupSystemAccess?.rows[0]?.Status,
+        CreatedById: currentGroupSystemAccess?.rows[0]?.CreatedById,
+        CreatedAt: currentGroupSystemAccess?.rows[0]?.CreatedAt,
+        UpdatedById: currentGroupSystemAccess?.rows[0]?.UpdatedById,
+        UpdatedAt: currentGroupSystemAccess?.rows[0]?.UpdatedAt,
+      };
+
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.DELETE;
+      activity.Description = 'Delete Group System Access';
+      activity.EntityType = 'GroupSystemAccess';
+      activity.EntityId =
+        currentGroupSystemAccess?.rows[0]?.GroupSystemAccessId?.toString();
+      activity.EntityValueBefore = JSON.stringify(EntityValueBefore);
+      activity.EntityValueAfter = JSON.stringify({});
+
+      await activity.create(loginUser.ObjectId, dbTransaction);
+
+      return { Message: 'System access removed.', SystemCode: SystemCode };
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getSystemPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      SystemCode?: string;
+      Status?: string;
+    },
+  ) {
+    try {
+      //Part 1: Privilege Checking
+      const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_VIEW',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg11',
+          'You do not have the privilege to view group privileges',
+        );
+      }
+
+      //Set group to instantiation of existing Group
+      await Group.init(dbTransaction, GroupCode);
+
+      //Part 3: Retrieve Group Own Privilege
+      //Retrieve group data and it's privileged by calling Group._Repo.findAll
+      let where: any = {
+        GroupCode,
+      };
+
+      let systemWhere: any = {};
+
+      if (search) {
+        if (search.Status) {
+          where = {
+            ...where,
+            Status: search.Status,
+          };
+        }
+
+        if (search.SystemCode) {
+          systemWhere = {
+            SystemCode: {
+              [Op.substring]: search.SystemCode,
+            },
+          };
+        }
+      }
+
+      const groupOwnPrivileges = await Group._GroupPrivilegeRepo.findAll({
+        where,
+        include: [
+          {
+            model: SystemPrivilegeModel,
+            where: systemWhere,
+          },
+        ],
+        transaction: dbTransaction,
+      });
+
+      //Create variable called privileges and Map the SystemPrivilege data retrieved from 3.1 into SystemPrivilege object and push it to the privileges variables
+      let privileges: SystemPrivilege[] = [];
+
+      for (const groupPrivilege of groupOwnPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(
+          dbTransaction,
+        );
+        systemPrivilege.setAttributes(groupPrivilege.Privilege.get({ plain: true }));
+        privileges.push(systemPrivilege);
+      }
+
+      return privileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getInheritedSystemPrivileges(
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      SystemCode?: string;
+      Status?: string;
+      PrivilegeCode?: string;
+    },
+  ): Promise<SystemPrivilege[]> {
+    try {
+      //Retrieve group data and it's privileges by calling Group._Repo.findAll
+      let where: any = {
+        GroupCode,
+      };
+
+      let groupPrivilegeWhere: any = {};
+      let systemPrivilegeWhere: any = {};
+
+      if (search) {
+        if (search.Status) {
+          groupPrivilegeWhere = {
+            Status: search.Status,
+          };
+        }
+
+        if (search.SystemCode) {
+          systemPrivilegeWhere = {
+            SystemCode: {
+              [Op.substring]: search.SystemCode,
+            },
+          };
+        }
+      }
+      const group = await Group._Repo.findOne({
+        where: where,
+        include: [
+          {
+            model: GroupPrivilegeModel,
+            where: groupPrivilegeWhere,
+            include: [
+              {
+                model: SystemPrivilegeModel,
+                where: systemPrivilegeWhere,
+              },
+            ],
+          },
+        ],
+        transaction: dbTransaction,
+      });
+
+      //Retrieve group object privileges by calling LoginUser._GroupObjectPrivilegeRepo.findAll
+      let objectWhere: any = {
+        GroupCode,
+      };
+      let systemWhere: any = {};
+      if (search) {
+        Object.entries(search).forEach(([key, value]) => {
+          if (key === 'SystemCode') {
+            systemWhere[key] = {
+              [Op.substring]: value,
+            };
+          } else {
+            objectWhere[key] = {
+              [Op.substring]: value,
+            };
+          }
+        });
+      }
+      const groupObjectPrivileges = await Group._GroupObjectPrivilegeRepo.findAll({
+        where: objectWhere,
+        include: [
+          {
+            model: SystemPrivilegeModel,
+            where: systemWhere,
+          },
+        ],
+        transaction: dbTransaction,
+      });
+
+      //Map to SystemPrivilege object
+      let privileges: SystemPrivilege[] = [];
+      for (const groupPrivilege of group.GroupPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction);
+        systemPrivilege.setAttributes(groupPrivilege.Privilege.get({ plain: true }));
+        privileges.push(systemPrivilege);
+      }
+
+      for (const groupObjectPrivilege of groupObjectPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction);
+        systemPrivilege.setAttributes(groupObjectPrivilege.Privilege.get({ plain: true }));
+        privileges.push(systemPrivilege);
+      }
+
+      //Part 2: Retrieve Privileges Inherited from Parent Group
+      //if group data retrieved from 1.1 have InheritParentPrivilegeYN == "Y" and ParentGroupCode value is not empty. Call this method again 
+      if (group.InheritParentPrivilegeYN === 'Y' && group.ParentGroupCode) {
+        const inheritedPrivileges = await Group.getInheritedSystemPrivileges(
+          dbTransaction,
+          group.ParentGroupCode,
+          search,
+        );
+        privileges = privileges.concat(inheritedPrivileges);
+      }
+
+      //format to make sure no duplicate
+      const uniquePrivileges = Array.from(new Set(privileges.map(a => a.PrivilegeCode)))
+        .map(PrivilegeCode => {
+          return privileges.find(a => a.PrivilegeCode === PrivilegeCode);
+        });
+
+      return uniquePrivileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getParentSystemPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      SystemCode?: string;
+      Status?: string;
+      PrivilegeCode?: string;
+    },
+  ): Promise<SystemPrivilege[]> {
+    try {
+      //Part 1: Privilege Checking
+      const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_VIEW',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg11',
+          'You do not have the privilege to view group privileges',
+        );
+      }
+
+      //Part 2: Validation
+      //Set group to instantiation of existing Group
+      const group = await Group.init(dbTransaction, GroupCode);
+      //Check if group.InheritParentPrivilegeYN == "Y" and ParentGroupCode value is not empty. if no then return an empty array
+      if (group.InheritParentPrivilegeYN !== 'Y' && !group.ParentGroupCode) {
+        return [];
+      }
+
+      //Part 3: Retrieve Group Own Privilege
+      //Retrieve group data and it's privileged by calling Group.getIheritedSystemPrivileges
+      const privileges = await Group.getInheritedSystemPrivileges(
+        dbTransaction,
+        group.ParentGroupCode,
+        search,
+      );
+
+      return privileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async assignGroupObjectPrivilege(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    GroupObjectPrivileges: GroupObjectPrivilege[]
+  ): Promise<string> {
+    try {
+      //Part 1: Privilege Checking
+      const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_OBJECT_PRIVILEGE_ASSIGN',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg12',
+          'You do not have the privilege to assign group object privilege',
+        );
+      }
+
+      //Part 2: Validation
+      //Initialise group with group init
+      const group = await Group.init(dbTransaction, GroupCode);
+      //Retrieve all group system access by calling Group.getSystemAccesses
+      const groupSystemAccesses = await Group.getSystemAccesses(
+        loginUser,
+        dbTransaction,
+        GroupCode,
+        1,
+        Number.MAX_SAFE_INTEGER,
+        {},
+      );
+
+      //If Group.InheritParentSystemAccess == "Y" and Group.ParentGroupCode exist, initialise parent group 
+      let parentGroupSystemAccesses: any = {};
+      if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
+        //Retrieve all parent group system access by calling Group.getSystemAccesses
+        parentGroupSystemAccesses = await Group.getSystemAccesses(
+          loginUser,
+          dbTransaction,
+          group.ParentGroupCode,
+          1,
+          Number.MAX_SAFE_INTEGER,
+          {},
+        );
+      }
+
+      // For each Params.GroupObjectPrivileges. 
+      for (const groupObjectPrivilege of GroupObjectPrivileges) {
+        //Initialise existing System privilege
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction, groupObjectPrivilege.PrivilegeCode);
+        //Check whether the system codes used by that privilege is exist inside the group system access 
+        const combinedSystemAccesses = {
+          ...groupSystemAccesses.rows,
+          ...parentGroupSystemAccesses.rows,
+        };
+        const systemAccess = combinedSystemAccesses.find(
+          (systemAccess) => systemAccess.SystemCode === systemPrivilege.SystemCode,
+        );
+        if (!systemAccess) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg13',
+            'Failed to assign privilege ' + groupObjectPrivilege.PrivilegeCode + ' due to non-existent system access.',
+          );
+        }
+
+        //Check whether the group object privilege already exist by using Group._GroupObjectPrivilegesRepo.findOne
+        const groupObjectPrivilegeData = await Group._GroupObjectPrivilegeRepo.findOne({
+          where: {
+            GroupCode,
+            PrivilegeCode: groupObjectPrivilege.PrivilegeCode,
+            ObjectId: groupObjectPrivilege.ObjectId,
+            ObjectType: groupObjectPrivilege.ObjectType,
+          },
+          transaction: dbTransaction,
+        });
+        //If GroupObjectPrivilege record exist.  Skip this loop and proceed to the next privilege code
+        if (groupObjectPrivilegeData) {
+          continue;
+        } else {
+          //Call GroupObjectPrivilege.create
+          await GroupObjectPrivilege.create(
+            loginUser,
+            dbTransaction,
+            groupObjectPrivilege,
+          );
+        }
+      }
+
+      return 'Successfully added.';
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getGroubObjectPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      PrivilegeCode?: string;
+      ObjectType?: string;
+      ObjectId?: string;
+      SystemCode?: string;
+    }
+  ): Promise<SystemPrivilege[]> {
+    try {
+      // Part 1: Privilege Checking
+      const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_VIEW',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg11',
+          'You do not have the privilege to view group privileges',
+        );
+      }
+
+      // Part 2: Validation
+      // Set group to instantiation of existing Group
+      await Group.init(dbTransaction, GroupCode);
+
+      // Part 3: Retrieve Group Own Privilege
+      // Retrieve group object privileges by calling LoginUser._GroupObjectPrivilegeRepo.findAll
+      let where: any = {
+        GroupCode,
+      };
+
+      let systemWhere: any = {};
+
+      if (search) {
+        Object.entries(search).forEach(([key, value]) => {
+          if (key === 'SystemCode') {
+            systemWhere[key] = {
+              [Op.substring]: value,
+            };
+          } else {
+            where[key] = {
+              [Op.substring]: value,
+            };
+          }
+        });
+      }
+
+      const groupObjectPrivileges = await Group._GroupObjectPrivilegeRepo.findAll({
+        where,
+        include: [
+          {
+            model: SystemPrivilegeModel,
+            where: systemWhere,
+          },
+        ],
+        transaction: dbTransaction,
+      });
+      // Create variable called privileges and Map the SystemPrivilege data retrieved from 3.1 into SystemPrivilege object and push it to the privileges variables
+      let privileges: SystemPrivilege[] = [];
+      for (const groupObjectPrivilege of groupObjectPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(
+          dbTransaction,
+        );
+        systemPrivilege.setAttributes(groupObjectPrivilege.Privilege.get({ plain: true }));
+        privileges.push(systemPrivilege);
+      }
+
+      //Remove duplicate
+      const uniquePrivileges = Array.from(new Set(privileges.map(a => a.PrivilegeCode)))
+        .map(PrivilegeCode => {
+          return privileges.find(a => a.PrivilegeCode === PrivilegeCode);
+        });
+
+      // Create the result based on the spec on return then returns it.
+      return uniquePrivileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async assignGroupPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    PrivilegeCodes: string[],
+  ) {
+    try {
+      // Part 1: Privilege Checking
+      const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_ASSIGN',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg06',
+          'You do not have the privilege to assign group privileges',
+        );
+      }
+
+      // Part 2: Validation, Create and Record Activity
+      // Initialise group with group init
+
+      const group = await Group.init(dbTransaction, GroupCode);
+
+      // Retrieve all group system access by calling Group.getSystemAccess
+      const groupSystemAccesses = await Group.getSystemAccesses(
+        loginUser,
+        dbTransaction,
+        GroupCode,
+        1,
+        Number.MAX_SAFE_INTEGER,
+        {},
+      );
+
+      // If Group.InheritParentSystemAccess == "Y" and Group.ParentGroupCode exist
+      let parentGroupSystemAccesses: any = {};
+      if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
+        // Retrieve all parent group system access by calling Group.getSystemAccess
+        parentGroupSystemAccesses = await Group.getSystemAccesses(
+          loginUser,
+          dbTransaction,
+          group.ParentGroupCode,
+          1,
+          Number.MAX_SAFE_INTEGER,
+          {},
+        );
+      }
+
+      // For each Params.PrivilegesCodes.
+      for (const PrivilegeCode of PrivilegeCodes) {
+        // Initialise existing System privilege by calling SystemPrivilege.init 
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction, PrivilegeCode);
+        //Check whether the system codes used by that privilege is exist inside the group system access retrieved from step 2.2 & 2.4. If system code does not exist in group system access, throw a new ClassError by passing:
+        // Classname: "Group"
+        // MessageCode: "GroupErrMsg0X"
+        // Message: "Failed to assign privilege <PrivilegeCode> due to non-existent system access."
+        const combinedSystemAccesses = {
+          ...groupSystemAccesses.rows,
+          ...parentGroupSystemAccesses.rows,
+        };
+        const systemAccess = combinedSystemAccesses.find(
+          (systemAccess) => systemAccess.SystemCode === systemPrivilege.SystemCode,
+        );
+        if (!systemAccess) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg13',
+            'Failed to assign privilege ' + PrivilegeCode + ' due to non-existent system access.',
+          );
+        }
+
+        //Check whether the group privilege exist by using Group._GroupPrivilegesRepo.findOne
+        const groupPrivilege = await Group._GroupPrivilegeRepo.findOne({
+          where: {
+            GroupCode,
+            PrivilegeCode,
+          },
+          transaction: dbTransaction,
+        });
+
+        //If GroupPrivilege record exist and status is "Active". Skip this loop and proceed to the next privilege code
+        if (groupPrivilege && groupPrivilege.Status === 'Active') {
+          continue;
+        }
+
+        let entityValueBefore = {};
+        let entityValueAfter = {};
+        let action = ActionEnum.ADD;
+        let description = 'Create Group Privilege';
+        let entityId = null;
+        //If GroupPrivilege record exist and status is not "Active" do the following: 
+        if (groupPrivilege && groupPrivilege.Status !== 'Active') {
+          //Set this GroupPrivilege entity as EntityValueBefore
+          entityValueBefore = {
+            GroupCode: groupPrivilege.GroupCode,
+            PrivilegeCode: groupPrivilege.PrivilegeCode,
+            Status: groupPrivilege.Status,
+            CreatedById: groupPrivilege.CreatedById,
+            CreatedAt: groupPrivilege.CreatedAt,
+            UpdatedById: groupPrivilege.UpdatedById,
+            UpdatedAt: groupPrivilege.UpdatedAt,
+          };
+
+          //Update the status to active using Group._GroupPrivilegesRepo.Update.
+          const updatedPayload = {
+            Status: 'Active',
+            UpdatedById: loginUser.UserId,
+            UpdatedAt: new Date(),
+          };
+          await Group._GroupPrivilegeRepo.update(
+            updatedPayload,
+            {
+              where: {
+                GroupCode,
+                PrivilegeCode,
+              },
+              transaction: dbTransaction,
+            },
+          );
+
+          //Set updated GroupPrivilege as EntityValueAfter
+          entityValueAfter = {
+            GroupCode: groupPrivilege.GroupCode,
+            PrivilegeCode: groupPrivilege.PrivilegeCode,
+            Status: updatedPayload.Status,
+            CreatedById: groupPrivilege.CreatedById,
+            CreatedAt: groupPrivilege.CreatedAt,
+            UpdatedById: updatedPayload.UpdatedById,
+            UpdatedAt: updatedPayload.UpdatedAt,
+          };
+
+          //Instantiate new activity from Activity class
+          action = ActionEnum.UPDATE;
+          description = 'Update Group Privilege';
+          entityId = groupPrivilege.GroupPrivilegeId;
+        } else {
+          //If GroupPrivilege record does not exist, do the following:
+          //Initialise empty GroupPrivilege.
+          const newGroupPrivilege = await GroupPrivilege.init(dbTransaction);
+          //Set the attributes 
+          newGroupPrivilege.setAttributes({
+            GroupCode,
+            PrivilegeCode,
+            Status: 'Active',
+            CreatedById: loginUser.UserId,
+            CreatedAt: new Date(),
+            UpdatedById: loginUser.UserId,
+            UpdatedAt: new Date(),
+          });
+
+          // Set EntityValueAfter to above instance.
+          entityValueAfter = {
+            GroupCode: newGroupPrivilege.GroupCode,
+            PrivilegeCode: newGroupPrivilege.PrivilegeCode,
+            Status: newGroupPrivilege.Status,
+            CreatedById: newGroupPrivilege.CreatedById,
+            CreatedAt: newGroupPrivilege.CreatedAt,
+            UpdatedById: newGroupPrivilege.UpdatedById,
+            UpdatedAt: newGroupPrivilege.UpdatedAt,
+          };
+
+          //Call Group._GroupPrivilegesRepo.create
+          const groupPrivilege = await Group._GroupPrivilegeRepo.create(entityValueAfter, {
+            transaction: dbTransaction,
+          });
+          action = ActionEnum.ADD;
+          description = 'Create Group Privilege';
+          entityId = groupPrivilege.GroupPrivilegeId;
+        }
+
+        //Instantiate new activity from Activity class, call createId() method, then set:
+        const activity = new Activity();
+        activity.ActivityId = activity.createId();
+        activity.Action = action;
+        activity.Description = description;
+        activity.EntityType = 'GroupPrivilege';
+        activity.EntityId = entityId;
+        activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+        activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+
+        //Call new activity create method
+        await activity.create(loginUser.ObjectId, dbTransaction);
+      }
+
+      return 'Successfully added.';
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async deleteGroupPrivilege(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    PrivilegeCodes: string[],
+  ) {
+    try {
+      // Part 1: Privilege Checking
+      const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_DELETE',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg06',
+          'You do not have the privilege to delete group privileges',
+        );
+      }
+
+      // Part 2: Validation, Create and Record Activity
+      // For each Params.PrivilegesCodes. 
+      for (const PrivilegeCode of PrivilegeCodes) {
+        //Check whether the record exist in database by calling Group._GroupPrivilegeRepo.findOne 
+        const groupPrivilege = await Group._GroupPrivilegeRepo.findOne({
+          where: {
+            GroupCode,
+            PrivilegeCode,
+          },
+          transaction: dbTransaction,
+        });
+
+        //If the record does not exist, throw a new ClassError
+        if (!groupPrivilege) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg14',
+            'GroupPrivilege not found.',
+          );
+        }
+
+        //Set the EntityValueBefore to the GroupPrivilegesValue from step 1.c.
+        const entityValueBefore = {
+          GroupCode: groupPrivilege.GroupCode,
+          PrivilegeCode: groupPrivilege.PrivilegeCode,
+          Status: groupPrivilege.Status,
+          CreatedById: groupPrivilege.CreatedById,
+          CreatedAt: groupPrivilege.CreatedAt,
+          UpdatedById: groupPrivilege.UpdatedById,
+          UpdatedAt: groupPrivilege.UpdatedAt,
+        };
+
+        //Call Group._GroupPrivilegeRepo.delete
+        await Group._GroupPrivilegeRepo.delete(
+          GroupCode,
+          PrivilegeCode,
+          dbTransaction,
+        );
+        // Instantiate new activity from Activity class, call createId() method, then set:
+        const activity = new Activity();
+        activity.ActivityId = activity.createId();
+        activity.Action = ActionEnum.DELETE;
+        activity.Description = 'DELETE Group Privilege';
+        activity.EntityType = 'GroupPrivilege';
+        activity.EntityId = groupPrivilege.GroupPrivilegeId.toString();
+        activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+        activity.EntityValueAfter = JSON.stringify({});
+        //Call new activity create method
+        await activity.create(loginUser.ObjectId, dbTransaction);
+      }
+      return 'Successfully deleted.';
+    } catch (error) {
+      throw error;
+    }
+  }
+}