@tomei/sso 0.33.7 → 0.34.0

package/src/components/group/group.ts

@@ -11,6 +11,13 @@ import { GroupSystemAccessRepository } from '../group-system-access/group-system
 import SystemModel from '../../models/system.entity';
 import { GroupSystemAccess } from '../group-system-access';
 import { RedisService } from '../../redis-client/redis.service';
+import SystemPrivilegeModel from '../../models/system-privilege.entity';
+import { GroupPrivilegeRepository } from '../group-privilege/group-privilege.repository';
+import { SystemPrivilege } from '../system-privilege/system-privilege';
+import GroupPrivilegeModel from '../../models/group-privilege.entity';
+import { GroupObjectPrivilegeRepository } from '../group-object-privilege/group-object-privilege.repository';
+import { GroupObjectPrivilege } from '../group-object-privilege/group-object-privilege';
+import { GroupPrivilege } from '../group-privilege/group-privilege';
 
 export class Group extends ObjectBase {
   ObjectId: string;
@@ -32,6 +39,9 @@ export class Group extends ObjectBase {
   private _UpdatedAt: Date;
   private static _Repo = new GroupRepository();
   private static _GroupSystemAccessRepo = new GroupSystemAccessRepository();
+  private static _GroupPrivilegeRepo = new GroupPrivilegeRepository();
+  private static _GroupObjectPrivilegeRepo =
+    new GroupObjectPrivilegeRepository();
   private static _RedisService: RedisService;
   get GroupCode(): string {
     return this.ObjectId;
@@ -567,7 +577,7 @@ export class Group extends ObjectBase {
 
     try {
       const group = await Group.init(dbTransaction, GroupCode);
-      if (group.InheritParentSystemAccessYN !== 'Y' && !group.ParentGroupCode) {
+      if (group.InheritParentSystemAccessYN !== 'Y' || !group.ParentGroupCode) {
         return [];
       } else {
         const parentGroup = await Group.init(
@@ -608,14 +618,14 @@ export class Group extends ObjectBase {
 
     try {
       if (SystemCodes.length > 0) {
-        for (let i = 0; i < SystemCodes.length; i++) {
+        for (const element of SystemCodes) {
           const CurrentGroupSystemAccess = await Group.getSystemAccesses(
             loginUser,
             dbTransaction,
             GroupCode,
             1,
             Number.MAX_SAFE_INTEGER,
-            { SystemCode: SystemCodes[i] },
+            { SystemCode: element },
           );
 
           if (CurrentGroupSystemAccess?.count > 0) {
@@ -629,7 +639,7 @@ export class Group extends ObjectBase {
           const groupSystemAccess = await GroupSystemAccess.init(dbTransaction);
           groupSystemAccess.createId();
           groupSystemAccess.GroupCode = GroupCode;
-          groupSystemAccess.SystemCode = SystemCodes[i];
+          groupSystemAccess.SystemCode = element;
           groupSystemAccess.Status = 'Active';
           groupSystemAccess.CreatedById = +loginUser.ObjectId;
           groupSystemAccess.CreatedAt = new Date();
@@ -744,4 +754,732 @@ export class Group extends ObjectBase {
       throw error;
     }
   }
+
+  public static async getSystemPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      SystemCode?: string;
+      Status?: string;
+    },
+  ) {
+    try {
+      //Part 1: Privilege Checking
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_VIEW',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg11',
+          'You do not have the privilege to view group privileges',
+        );
+      }
+
+      //Set group to instantiation of existing Group
+      await Group.init(dbTransaction, GroupCode);
+
+      //Part 3: Retrieve Group Own Privilege
+      //Retrieve group data and it's privileged by calling Group._Repo.findAll
+      let where: any = {
+        GroupCode,
+      };
+
+      let systemWhere: any = {};
+
+      if (search) {
+        if (search.Status) {
+          where = {
+            ...where,
+            Status: search.Status,
+          };
+        }
+
+        if (search.SystemCode) {
+          systemWhere = {
+            SystemCode: {
+              [Op.substring]: search.SystemCode,
+            },
+          };
+        }
+      }
+
+      const groupOwnPrivileges = await Group._GroupPrivilegeRepo.findAll({
+        where,
+        include: [
+          {
+            model: SystemPrivilegeModel,
+            where: systemWhere,
+          },
+        ],
+        transaction: dbTransaction,
+      });
+
+      //Create variable called privileges and Map the SystemPrivilege data retrieved from 3.1 into SystemPrivilege object and push it to the privileges variables
+      const privileges: SystemPrivilege[] = [];
+
+      for (const groupPrivilege of groupOwnPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction);
+        systemPrivilege.setAttributes(
+          groupPrivilege.Privilege.get({ plain: true }),
+        );
+        privileges.push(systemPrivilege);
+      }
+
+      return privileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getInheritedSystemPrivileges(
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      SystemCode?: string;
+      Status?: string;
+      PrivilegeCode?: string;
+    },
+  ): Promise<SystemPrivilege[]> {
+    try {
+      //Retrieve group data and it's privileges by calling Group._Repo.findAll
+      const where: any = {
+        GroupCode,
+      };
+
+      let groupPrivilegeWhere: any = {};
+      let systemPrivilegeWhere: any = {};
+
+      if (search) {
+        if (search.Status) {
+          groupPrivilegeWhere = {
+            Status: search.Status,
+          };
+        }
+
+        if (search.SystemCode) {
+          systemPrivilegeWhere = {
+            SystemCode: {
+              [Op.substring]: search.SystemCode,
+            },
+          };
+        }
+      }
+      const group = await Group._Repo.findOne({
+        where: where,
+        include: [
+          {
+            model: GroupPrivilegeModel,
+            where: groupPrivilegeWhere,
+            separate: true,
+            include: [
+              {
+                model: SystemPrivilegeModel,
+                where: systemPrivilegeWhere,
+              },
+            ],
+          },
+        ],
+        transaction: dbTransaction,
+      });
+
+      //Retrieve group object privileges by calling LoginUser._GroupObjectPrivilegeRepo.findAll
+      const objectWhere: any = {
+        GroupCode,
+      };
+      const systemWhere: any = {};
+      if (search) {
+        Object.entries(search).forEach(([key, value]) => {
+          if (key === 'SystemCode') {
+            systemWhere[key] = {
+              [Op.substring]: value,
+            };
+          } else {
+            objectWhere[key] = {
+              [Op.substring]: value,
+            };
+          }
+        });
+      }
+      const groupObjectPrivileges =
+        await Group._GroupObjectPrivilegeRepo.findAll({
+          where: objectWhere,
+          include: [
+            {
+              model: SystemPrivilegeModel,
+              where: systemWhere,
+            },
+          ],
+          transaction: dbTransaction,
+        });
+
+      //Map to SystemPrivilege object
+      let privileges: SystemPrivilege[] = [];
+      for (const groupPrivilege of group.GroupPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction);
+        systemPrivilege.setAttributes(
+          groupPrivilege.Privilege.get({ plain: true }),
+        );
+        privileges.push(systemPrivilege);
+      }
+
+      for (const groupObjectPrivilege of groupObjectPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction);
+        systemPrivilege.setAttributes(
+          groupObjectPrivilege.Privilege.get({ plain: true }),
+        );
+        privileges.push(systemPrivilege);
+      }
+
+      //Part 2: Retrieve Privileges Inherited from Parent Group
+      //if group data retrieved from 1.1 have InheritParentPrivilegeYN == "Y" and ParentGroupCode value is not empty. Call this method again
+      if (group.InheritParentPrivilegeYN === 'Y' && group.ParentGroupCode) {
+        const inheritedPrivileges = await Group.getInheritedSystemPrivileges(
+          dbTransaction,
+          group.ParentGroupCode,
+          search,
+        );
+        privileges = privileges.concat(inheritedPrivileges);
+      }
+
+      //format to make sure no duplicate
+      const uniquePrivileges = Array.from(
+        new Set(privileges.map((a) => a.PrivilegeCode)),
+      ).map((PrivilegeCode) => {
+        return privileges.find((a) => a.PrivilegeCode === PrivilegeCode);
+      });
+
+      return uniquePrivileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getParentSystemPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      SystemCode?: string;
+      Status?: string;
+      PrivilegeCode?: string;
+    },
+  ): Promise<SystemPrivilege[]> {
+    try {
+      //Part 1: Privilege Checking
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_VIEW',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg11',
+          'You do not have the privilege to view group privileges',
+        );
+      }
+
+      //Part 2: Validation
+      //Set group to instantiation of existing Group
+      const group = await Group.init(dbTransaction, GroupCode);
+      //Check if group.InheritParentPrivilegeYN == "Y" and ParentGroupCode value is not empty. if no then return an empty array
+      if (group.InheritParentPrivilegeYN !== 'Y' || !group.ParentGroupCode) {
+        return [];
+      }
+
+      //Part 3: Retrieve Group Own Privilege
+      //Retrieve group data and it's privileged by calling Group.getIheritedSystemPrivileges
+      const privileges = await Group.getInheritedSystemPrivileges(
+        dbTransaction,
+        group.ParentGroupCode,
+        search,
+      );
+
+      return privileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async assignGroupObjectPrivilege(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    GroupObjectPrivileges: GroupObjectPrivilege[],
+  ): Promise<string> {
+    try {
+      //Part 1: Privilege Checking
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_OBJECT_PRIVILEGE_ASSIGN',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg12',
+          'You do not have the privilege to assign group object privilege',
+        );
+      }
+
+      //Part 2: Validation
+      //Initialise group with group init
+      const group = await Group.init(dbTransaction, GroupCode);
+      //Retrieve all group system access by calling Group.getSystemAccesses
+      const groupSystemAccesses = await Group.getSystemAccesses(
+        loginUser,
+        dbTransaction,
+        GroupCode,
+        1,
+        Number.MAX_SAFE_INTEGER,
+        {},
+      );
+
+      //If Group.InheritParentSystemAccess == "Y" and Group.ParentGroupCode exist, initialise parent group
+      let parentGroupSystemAccesses: any = {};
+      if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
+        //Retrieve all parent group system access by calling Group.getSystemAccesses
+        parentGroupSystemAccesses = await Group.getSystemAccesses(
+          loginUser,
+          dbTransaction,
+          group.ParentGroupCode,
+          1,
+          Number.MAX_SAFE_INTEGER,
+          {},
+        );
+      }
+
+      // For each Params.GroupObjectPrivileges.
+      for (const groupObjectPrivilege of GroupObjectPrivileges) {
+        //Initialise existing System privilege
+        const systemPrivilege = await SystemPrivilege.init(
+          dbTransaction,
+          groupObjectPrivilege.PrivilegeCode,
+        );
+        //Check whether the system codes used by that privilege is exist inside the group system access
+        const combinedSystemAccesses = {
+          ...groupSystemAccesses.rows,
+          ...parentGroupSystemAccesses.rows,
+        };
+        const systemAccess = combinedSystemAccesses.find(
+          (systemAccess) =>
+            systemAccess.SystemCode === systemPrivilege.SystemCode,
+        );
+        if (!systemAccess) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg13',
+            'Failed to assign privilege ' +
+              groupObjectPrivilege.PrivilegeCode +
+              ' due to non-existent system access.',
+          );
+        }
+
+        //Check whether the group object privilege already exist by using Group._GroupObjectPrivilegesRepo.findOne
+        const groupObjectPrivilegeData =
+          await Group._GroupObjectPrivilegeRepo.findOne({
+            where: {
+              GroupCode,
+              PrivilegeCode: groupObjectPrivilege.PrivilegeCode,
+              ObjectId: groupObjectPrivilege.ObjectId,
+              ObjectType: groupObjectPrivilege.ObjectType,
+            },
+            transaction: dbTransaction,
+          });
+        //If GroupObjectPrivilege record exist.  Skip this loop and proceed to the next privilege code
+        if (groupObjectPrivilegeData) {
+          continue;
+        } else {
+          //Call GroupObjectPrivilege.create
+          await GroupObjectPrivilege.create(
+            loginUser,
+            dbTransaction,
+            groupObjectPrivilege,
+          );
+        }
+      }
+
+      return 'Successfully added.';
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async getGroubObjectPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    search?: {
+      PrivilegeCode?: string;
+      ObjectType?: string;
+      ObjectId?: string;
+      SystemCode?: string;
+    },
+  ): Promise<SystemPrivilege[]> {
+    try {
+      // Part 1: Privilege Checking
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_VIEW',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg11',
+          'You do not have the privilege to view group privileges',
+        );
+      }
+
+      // Part 2: Validation
+      // Set group to instantiation of existing Group
+      await Group.init(dbTransaction, GroupCode);
+
+      // Part 3: Retrieve Group Own Privilege
+      // Retrieve group object privileges by calling LoginUser._GroupObjectPrivilegeRepo.findAll
+      const where: any = {
+        GroupCode,
+      };
+
+      const systemWhere: any = {};
+
+      if (search) {
+        Object.entries(search).forEach(([key, value]) => {
+          if (key === 'SystemCode') {
+            systemWhere[key] = {
+              [Op.substring]: value,
+            };
+          } else {
+            where[key] = {
+              [Op.substring]: value,
+            };
+          }
+        });
+      }
+
+      const groupObjectPrivileges =
+        await Group._GroupObjectPrivilegeRepo.findAll({
+          where,
+          include: [
+            {
+              model: SystemPrivilegeModel,
+              where: systemWhere,
+            },
+          ],
+          transaction: dbTransaction,
+        });
+      // Create variable called privileges and Map the SystemPrivilege data retrieved from 3.1 into SystemPrivilege object and push it to the privileges variables
+      const privileges: SystemPrivilege[] = [];
+      for (const groupObjectPrivilege of groupObjectPrivileges) {
+        const systemPrivilege = await SystemPrivilege.init(dbTransaction);
+        systemPrivilege.setAttributes(
+          groupObjectPrivilege.Privilege.get({ plain: true }),
+        );
+        privileges.push(systemPrivilege);
+      }
+
+      //Remove duplicate
+      const uniquePrivileges = Array.from(
+        new Set(privileges.map((a) => a.PrivilegeCode)),
+      ).map((PrivilegeCode) => {
+        return privileges.find((a) => a.PrivilegeCode === PrivilegeCode);
+      });
+
+      // Create the result based on the spec on return then returns it.
+      return uniquePrivileges;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async assignGroupPrivileges(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    PrivilegeCodes: string[],
+  ) {
+    try {
+      // Part 1: Privilege Checking
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_ASSIGN',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg06',
+          'You do not have the privilege to assign group privileges',
+        );
+      }
+
+      // Part 2: Validation, Create and Record Activity
+      // Initialise group with group init
+
+      const group = await Group.init(dbTransaction, GroupCode);
+
+      // Retrieve all group system access by calling Group.getSystemAccess
+      const groupSystemAccesses = await Group.getSystemAccesses(
+        loginUser,
+        dbTransaction,
+        GroupCode,
+        1,
+        Number.MAX_SAFE_INTEGER,
+        {},
+      );
+
+      // If Group.InheritParentSystemAccess == "Y" and Group.ParentGroupCode exist
+      let parentGroupSystemAccesses: any = {};
+      if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
+        // Retrieve all parent group system access by calling Group.getSystemAccess
+        parentGroupSystemAccesses = await Group.getSystemAccesses(
+          loginUser,
+          dbTransaction,
+          group.ParentGroupCode,
+          1,
+          Number.MAX_SAFE_INTEGER,
+          {},
+        );
+      }
+
+      // For each Params.PrivilegesCodes.
+      for (const PrivilegeCode of PrivilegeCodes) {
+        // Initialise existing System privilege by calling SystemPrivilege.init
+        const systemPrivilege = await SystemPrivilege.init(
+          dbTransaction,
+          PrivilegeCode,
+        );
+        //Check whether the system codes used by that privilege is exist inside the group system access retrieved from step 2.2 & 2.4. If system code does not exist in group system access, throw a new ClassError by passing:
+        // Classname: "Group"
+        // MessageCode: "GroupErrMsg0X"
+        // Message: "Failed to assign privilege <PrivilegeCode> due to non-existent system access."
+        const combinedSystemAccesses = [
+          ...groupSystemAccesses.rows,
+          ...parentGroupSystemAccesses.rows,
+        ];
+        const systemAccess = combinedSystemAccesses.find(
+          (systemAccess) =>
+            systemAccess.SystemCode === systemPrivilege.SystemCode,
+        );
+        if (!systemAccess) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg13',
+            'Failed to assign privilege ' +
+              PrivilegeCode +
+              ' due to non-existent system access.',
+          );
+        }
+
+        //Check whether the group privilege exist by using Group._GroupPrivilegesRepo.findOne
+        const groupPrivilege = await Group._GroupPrivilegeRepo.findOne({
+          where: {
+            GroupCode,
+            PrivilegeCode,
+          },
+          transaction: dbTransaction,
+        });
+
+        //If GroupPrivilege record exist and status is "Active". Skip this loop and proceed to the next privilege code
+        if (groupPrivilege && groupPrivilege.Status === 'Active') {
+          continue;
+        }
+
+        let entityValueBefore = {};
+        let entityValueAfter = {};
+        let action = ActionEnum.ADD;
+        let description = 'Create Group Privilege';
+        let entityId = null;
+        //If GroupPrivilege record exist and status is not "Active" do the following:
+        if (groupPrivilege && groupPrivilege.Status !== 'Active') {
+          //Set this GroupPrivilege entity as EntityValueBefore
+          entityValueBefore = {
+            GroupCode: groupPrivilege.GroupCode,
+            PrivilegeCode: groupPrivilege.PrivilegeCode,
+            Status: groupPrivilege.Status,
+            CreatedById: groupPrivilege.CreatedById,
+            CreatedAt: groupPrivilege.CreatedAt,
+            UpdatedById: groupPrivilege.UpdatedById,
+            UpdatedAt: groupPrivilege.UpdatedAt,
+          };
+
+          //Update the status to active using Group._GroupPrivilegesRepo.Update.
+          const updatedPayload = {
+            Status: 'Active',
+            UpdatedById: loginUser.UserId,
+            UpdatedAt: new Date(),
+          };
+          await Group._GroupPrivilegeRepo.update(updatedPayload, {
+            where: {
+              GroupCode,
+              PrivilegeCode,
+            },
+            transaction: dbTransaction,
+          });
+
+          //Set updated GroupPrivilege as EntityValueAfter
+          entityValueAfter = {
+            GroupCode: groupPrivilege.GroupCode,
+            PrivilegeCode: groupPrivilege.PrivilegeCode,
+            Status: updatedPayload.Status,
+            CreatedById: groupPrivilege.CreatedById,
+            CreatedAt: groupPrivilege.CreatedAt,
+            UpdatedById: updatedPayload.UpdatedById,
+            UpdatedAt: updatedPayload.UpdatedAt,
+          };
+
+          //Instantiate new activity from Activity class
+          action = ActionEnum.UPDATE;
+          description = 'Update Group Privilege';
+          entityId = groupPrivilege.GroupPrivilegeId;
+        } else {
+          //If GroupPrivilege record does not exist, do the following:
+          //Initialise empty GroupPrivilege.
+          const newGroupPrivilege = await GroupPrivilege.init(dbTransaction);
+          //Set the attributes
+          newGroupPrivilege.setAttributes({
+            GroupCode,
+            PrivilegeCode,
+            Status: 'Active',
+            CreatedById: loginUser.UserId,
+            CreatedAt: new Date(),
+            UpdatedById: loginUser.UserId,
+            UpdatedAt: new Date(),
+          });
+
+          // Set EntityValueAfter to above instance.
+          entityValueAfter = {
+            GroupCode: newGroupPrivilege.GroupCode,
+            PrivilegeCode: newGroupPrivilege.PrivilegeCode,
+            Status: newGroupPrivilege.Status,
+            CreatedById: newGroupPrivilege.CreatedById,
+            CreatedAt: newGroupPrivilege.CreatedAt,
+            UpdatedById: newGroupPrivilege.UpdatedById,
+            UpdatedAt: newGroupPrivilege.UpdatedAt,
+          };
+
+          //Call Group._GroupPrivilegesRepo.create
+          const groupPrivilege = await Group._GroupPrivilegeRepo.create(
+            entityValueAfter,
+            {
+              transaction: dbTransaction,
+            },
+          );
+          action = ActionEnum.ADD;
+          description = 'Create Group Privilege';
+          entityId = groupPrivilege.GroupPrivilegeId;
+        }
+
+        //Instantiate new activity from Activity class, call createId() method, then set:
+        const activity = new Activity();
+        activity.ActivityId = activity.createId();
+        activity.Action = action;
+        activity.Description = description;
+        activity.EntityType = 'GroupPrivilege';
+        activity.EntityId = entityId;
+        activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+        activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+
+        //Call new activity create method
+        await activity.create(loginUser.ObjectId, dbTransaction);
+      }
+
+      return 'Successfully added.';
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public static async deleteGroupPrivilege(
+    loginUser: LoginUser,
+    dbTransaction: any,
+    GroupCode: string,
+    PrivilegeCodes: string[],
+  ) {
+    try {
+      // Part 1: Privilege Checking
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'GROUP_PRIVILEGE_DELETE',
+      );
+
+      if (!isPrivileged) {
+        throw new ClassError(
+          'Group',
+          'GroupErrMsg06',
+          'You do not have the privilege to delete group privileges',
+        );
+      }
+
+      // Part 2: Validation, Create and Record Activity
+      // For each Params.PrivilegesCodes.
+      for (const PrivilegeCode of PrivilegeCodes) {
+        //Check whether the record exist in database by calling Group._GroupPrivilegeRepo.findOne
+        const groupPrivilege = await Group._GroupPrivilegeRepo.findOne({
+          where: {
+            GroupCode,
+            PrivilegeCode,
+          },
+          transaction: dbTransaction,
+        });
+
+        //If the record does not exist, throw a new ClassError
+        if (!groupPrivilege) {
+          throw new ClassError(
+            'Group',
+            'GroupErrMsg14',
+            'GroupPrivilege not found.',
+          );
+        }
+
+        //Set the EntityValueBefore to the GroupPrivilegesValue from step 1.c.
+        const entityValueBefore = {
+          GroupCode: groupPrivilege.GroupCode,
+          PrivilegeCode: groupPrivilege.PrivilegeCode,
+          Status: groupPrivilege.Status,
+          CreatedById: groupPrivilege.CreatedById,
+          CreatedAt: groupPrivilege.CreatedAt,
+          UpdatedById: groupPrivilege.UpdatedById,
+          UpdatedAt: groupPrivilege.UpdatedAt,
+        };
+
+        //Call Group._GroupPrivilegeRepo.delete
+        await Group._GroupPrivilegeRepo.delete(
+          GroupCode,
+          PrivilegeCode,
+          dbTransaction,
+        );
+        // Instantiate new activity from Activity class, call createId() method, then set:
+        const activity = new Activity();
+        activity.ActivityId = activity.createId();
+        activity.Action = ActionEnum.DELETE;
+        activity.Description = 'DELETE Group Privilege';
+        activity.EntityType = 'GroupPrivilege';
+        activity.EntityId = groupPrivilege.GroupPrivilegeId.toString();
+        activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+        activity.EntityValueAfter = JSON.stringify({});
+        //Call new activity create method
+        await activity.create(loginUser.ObjectId, dbTransaction);
+      }
+      return 'Successfully deleted.';
+    } catch (error) {
+      throw error;
+    }
+  }
 }