passbolt-browser-extension 5.6.0 → 5.8.0

package/CHANGELOG.md

@@ -4,6 +4,128 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [5.8.0] - 2025-12-16
+### Added
+- PB-46646 Reduce accidental destructive actions by moving Delete user and Disable MFA into a More menu in Users and groups
+- PB-28298 Add users to groups by dragging and dropping
+- PB-47198 Add exception to allow users to autofill workbench.cisecurity.org
+- PB-46997 DR - WP1.1 Update RbacsCollection to EntityV2Collection and add new methods
+- PB-46999 DR - WP1.2 Update RoleEntity schema and add new methods
+- PB-47000 DR - WP1.3 Update RolesCollection to EntityV2Collection and add new methods
+- PB-47002 DR - WP2.1 Update of RoleService to a RoleApiService
+- PB-47003 DR - WP2.2 Update of RoleModel to a RoleService
+- PB-47003 DR - WP2.3 Update of RbacService to a RbacApiService
+- PB-47014 DR - WP2.4 Update of RbacModel to a RbacService
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47017 DR - WP3.2 Update the FindMeController into a FindMeRbacController
+- PB-47088 DR - WP3.3 Create the FindAndUpdateRolesLocalStorageController
+- PB-47018 DR - WP4.1 Create RoleServiceWorkerService to get the roles
+- PB-47019 DR - WP4.2 Create RbacServiceWorkerService to get the RBAC permissions of a signed-in user
+- PB-47021 DR - WP4.3 Add the method canRoleUseAction in CanUseService
+- PB-47089 DR - WP4.4 Add a method to find and update roles in local storage
+- PB-47022 DR - WP5.1 Add the method canIUseAction in RbacContext
+- PB-47023 DR - WP5.2 Verify the signed-in user's RBAC privileges before allowing access to the FilterUsersByGroup functionality
+- PB-47024 DR - WP5.3 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceMainActions functionality
+
+- PB-47023 DR - WP5.4 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceActions functionality
+- PB-47036 DR - WP5.5 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsersWorkspaceFilterBar functionality
+- PB-47037 DR - WP5.6 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsers functionality
+- PB-47039 DR - WP5.7 Update CreateUser to select role in a dropdown component
+- PB-47042 DR - WP5.8 Update EditUser to select role in a dropdown component
+- PB-47027 DR - WP5.9 Create the component CreateRoleDialog
+- PB-47028 DR - WP5.10 Create the component EditRoleDialog
+- PB-47029 DR - WP5.11 Create the component DeleteRoleDialog
+- PB-47030 DR - WP5.12 Update the style of DisplayRbacAdministration to match current design
+- PB-47031 DR - WP5.13 Add create role in DisplayRbacAdministration
+- PB-47032 DR - WP5.14 Display all roles in DisplayRbacAdministration
+- PB-47033 DR - WP5.15 Add menu item to update the name of new role
+- PB-47016 DR - WP5.16 Add menu item to delete new role
+- PB-47090 DR - WP5.17 Update ManageAccountRecoveryUserSettings to use roles from context
+- PB-47091 DR - WP5.18 Update ReviewAccountRecoveryRequest to use roles from context
+- PB-47092 DR - WP5.19 Update DisplayScimSettingsAdministration to use roles from context
+- PB-47093 DR - WP5.20 Update DisplayUserDetailsInformation to use roles from context
+- PB-47094 DR - WP5.21 Update DisplayAccountRecoveryUserSettings to use roles from context
+- PB-47095 DR - WP5.22 Update UserWorkspaceContext to use roles from context
+- PB-47096 DR - WP5.23 Create the RoleContextProvider and add it on ExtAppContext
+- PB-47214 DR - WP5.24 Update the RoleEntity to avoid name bypass
+- PB-47215 DR - WP5.25 Update RolesCollection to filter out Guest role
+- PB-47216 DR - WP5.26 Update FindRolesService to filter out guest role
+- PB-47231 DR - WP5.27 Create component DeleteRoleNotAllowed
+
+### Fixed
+- PB-46180 Incorrect folder name encoding in sharing progress dialog
+- PB-46612 Add missing border radius to secret history selected revision
+- PB-45978 Resize bar continues dragging after mouse release
+- PB-46905 Display the "Remove from group" action button to group managers
+- PB-46627 Fix missing space in the “Advanced settings” of the password generator tabs between the last component and the CTA
+- PB-46930 Secret history review should display an unknown user when creator does not exists
+- PB-47298 KDBX not set expiry if never is set
+
+### Maintenance
+- PB-46636 Remove eslint v8 compatibility
+- PB-46890 Small upgrade for js-yaml (Medium)
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%, and verify no change occurs when the user selects the already-selected theme
+- PB-29338 React 18: upgrade changes with Legacy DOM renderer
+- PB-47057 React 18: Remove unused dev dependency jest-dom
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-47311 Major upgrade for serialize-javascript (Medium)
+- PB-46832 Increase coverage of ThemeEntity
+- PB-46833 Increase coverage of AccountSettingsService
+- PB-46834 Increase coverage of ThemeModel
+- PB-47011 ESLINT - WP1.1 Install phantom dependencies
+
+## [5.7.0] - 2025-11-12
+### Added
+- PB-17712 Focus should be put in the passphrase field when importing keepass file protected by passphrase
+- PB-33599 Allow users to access previous revisions of a resource’s secret
+- PB-33599 Allow administrators to configure how many secret revisions are retained
+- PB-44420 Allow administrators to download the Users Directory sync report for follow-up actions
+- PB-44434 As an administrator I can see encrypted metadata healthchecks from the administration workspace
+- PB-45249 Add “Attention required” filter in the “Users & groups” workspace to filter users by attention required
+- PB-45842 Add link to SCIM admin guide in the product
+- PB-46427 Add remove from group button in User & Group Workspace page
+
+### Fixed
+- PB-18497 Add loading spinner when submitting imported GPG key during account extension association (activation/recover)
+- PB-36183 Display UTC date in tooltip for relative “X days ago” timestamps
+- PB-42032 Fix: update passphrase help section link goes to the former help site
+- PB-43950 Add padding between fields and their description on the Users Directory administration page
+- PB-44603 Help link in administration internationalization page should target the contribute page of the help site
+- PB-44949 GITHUB#240 Inform menu crash on suggested resource icon
+- PB-45263 Enforce password expiry on imported resources when a password policy requires it
+- PB-45588 Extend metadata description textarea in resource creation dialog to use full available height
+- PB-45699 User without groups is not display correctly on the right sidebar
+- PB-45723 The in-form CTA is not visible since v5.5 for some web application
+- PB-45797 Fix typos in BExt
+- PB-45917 I can autofill my username in the login form of cryptpad in French
+- PB-45992 Keep selection of resources when collapsing the Workspace section
+- PB-46013 Empty Full Report textarea displayed in Users Directory dialogs when there are no resources to synchronize
+- PB-46065 Prevent re-encryption of metadata with personal user key when a resource is shared with a group
+- PB-46118 Import unexpected error handling on import
+- PB-46191 Update UserSettings validateDomain to make sure the issue cannot be exploited
+- PB-46372 As LU, I should see the content share dialog within the boundaries of the dialog
+- PB-46385 Fix auto-fill on OVH with custom selector field on username
+
+### Maintenance
+- PB-30373 Remove unused event passbolt.app-bootstrap.navigate-to-logout
+- PB-45099 Update: Regular expression on private key metadata validation
+- PB-45100 Update: Regular expression on GPG Message validation
+- PB-45585 Fix SCIM styleguide related unit tests error
+- PB-45589 Refactor resource favorite capability to use FavoriteServiceWorkerService instead of direct port requests
+- PB-45590 Migrate favorite logic from FavoriteModel to FavoriteResourceService and remove legacy model
+- PB-45591 Route passbolt.favorite.add/delete events through controllers instead of calling services directly
+- PB-45593 Add test coverage for FavoriteService API and rename class to align with Passbolt standard
+- PB-45678 Upgrade ESLint dependencies across both repositories
+- PB-45835 Migrate group (partially) related code to new architecture
+- PB-45894 Rename leftSideBar and rightSideBar classes to respect naming convention
+- PB-45963 Replace find-all with find-my-groups Port Requests
+- PB-45965 Rename groupService to groupApiService
+- PB-46127 Update i18next dependency
+- PB-46190 Update themeEntity to remove preview unused field
+
 ## [5.6.0] - 2025-10-08
 ### Added
 - PB-39068 WP5-5.6 - Implement a Service RotateResourcesMetadataKeyService that proceed with the rotation of the key
@@ -2442,7 +2564,9 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
 
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.6.0...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.8.0...HEAD
+[5.8.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.7.0...5.8.0
+[5.7.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.6.0...5.7.0
 [5.6.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.5.1...v5.6.0
 [5.5.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.5.0...v5.5.1
 [5.5.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.1...v5.5.0

package/RELEASE_NOTES.md

@@ -1,70 +1,102 @@
-Release song: https://www.youtube.com/watch?v=bu50DtPF1Ac
+Release song: https://www.youtube.com/watch?v=F5uXomY94w8
 
-Passbolt 5.6.0 introduces standalone notes, shared metadata key rotation, and resizable sidebars. As usual, this version also brings important security hardening through dependency updates as well as a series of bug fixes and maintenance improvements.
+Passbolt 5.8.0 introduces dynamic role management, allowing organizations to define additional roles that better align with internal policies, compliance requirements, and operational needs. This release also adds drag & drop user assignment to groups, simplifying day-to-day user and group management.
 
-## Standalone notes
+**Warning**: Ensure that all users have updated their browser extension to at least version 5.8 before assigning new roles. Otherwise, they will not be able to connect to Passbolt.
 
-It is now possible to create notes as a standalone resource type, without attaching them to credentials or other elements. Import and export processes have been updated to recognize and support this new type. Any imported resources that contain only a description will now be created as standalone notes.
+## Dynamic role management
 
-## Shared metadata key rotation
+As was already the case with the default User role, Passbolt allows administrators to restrict what users can do by limiting access to specific capabilities. With version 5.8, this model is extended beyond the default Admin and User roles, making it possible to create additional roles and assign them to users for more granular control.Default roles cannot be modified or deleted, while newly created roles (up to two per instance)  can copy permissions from existing roles and can be renamed or deleted.
 
-Administrators can now rotate the shared metadata key at any time from the organization settings. This improvement marks one of the final steps in meeting metadata encryption requirements. The rotation process can be performed while the instance remains operational, so availability is not disrupted.
+Dynamic roles also enable the delegation of administrative responsibilities. Rather than granting full administrative access, administrators can now assign selected capabilities to custom roles and distribute operational tasks across multiple users. Initial support covers group creation, as well as handling account recovery requests in Passbolt Pro.
 
-## Resizable sidebars
+At this stage, dynamic role management comes with a defined scope and set of constraints.
 
-Both main workspace and Users & Groups workspace now feature sidebars that can be resized. This allows users to improve readability when working with long folder names or deeply nested folder structures. After resizing, a double-click on the sidebar handle resets it to its default width.
+- The default Admin and User roles keep fixed names and cannot be renamed or deleted.
+- As before, the User role can be restricted, but it cannot be assigned delegated administrative responsibilities.
+- The Admin role, by contrast, always retains access to all capabilities and cannot be restricted.
+- Custom roles are currently limited to two per instance and support a first set of administrative capabilities.
 
-## Miscellaneous Improvements
+This scope will be expanded progressively as additional needs and use cases are identified by the community.
 
-The export of account kits is now compatible with larger private keys. The group membership update process has been optimized to reduce request payload size and to avoid certain size limitations. Sorting of folder names has also been improved with natural number ordering, meaning for example that “folder2” now correctly appears before “folder10.”
+## Drag & drop users to groups
 
-Many thanks to everyone who shared feedback, reported issues, and helped refine these features.
+Managing group membership often requires repetitive actions when working with large teams or frequently changing group structures. With Passbolt 5.8, administrators can now add users to a group by dragging them directly onto it from the Users & Groups workspace. This removes the need to open and edit each group individually and makes day-to-day group management faster and more fluid.
+
+## Miscellaneous improvements
+
+As usual, this release includes fixes and smaller improvements intended to improve the overall experience. For the full list of changes, please refer to the changelog.
+
+Many thanks to everyone who provided feedback and helped refine these features.
 
 ### Added
-- PB-39068 WP5-5.6 - Implement a Service RotateResourcesMetadataKeyService that proceed with the rotation of the key
-- PB-39069 WP5-5.8 - Implement a new method in MetadataKeysServiceWorkerService to call for  to expire a key
-- PB-39071 WP5-5.1 - Implement a new method in MetadataKeysApiService to expire a shared metadata key
-- PB-39072 WP5-5.4 - Implement a new Service UpdateMetadataKeysService to process with the expiration of a key
-- PB-39073 WP5-5.2 - Implement a new API service MetadataRotateKeysResourcesApiService to retrieve the first page of data to rotate
-- PB-39074 WP5-5.3 - Implement a new method in MetadataKeysApiService to register the rotated data on the API
-- PB-39075 WP5-5.7 - Implement a Controller RotateResourcesMetadataKeyController to run the rotation process
-- PB-39076 WP5-5.9 - Implement a new method in MetadataKeysServiceWorkerService to call passbolt.metadata.rotate-resources-metadata for  with the new Key
-- PB-39078 WP5-5.10 - Implement the ConfirmMetadataRotationDialog
-- PB-39094 WP5-6.2 - Display the rotate key button when multiple metadata key are active
-- PB-43253 Workspace resizable sidebars
-- PB-44582 lastpass example csv import with totp success
-- PB-45385 SN - WP1.1 Create the entity SecretDataV5StandaloneNoteEntity
-- PB-45389 SN - WP1.3 Update ResourceFormEntity to include secret SecretDataV5StandaloneNoteEntity
-- PB-45400 SN - WP2.1 Add new resource type in DisplayContentTypesAllowedContentTypesAdministration
-- PB-45404 SN - WP2.2 Add new resource type in DisplayResourcesWorkspaceMainMenu
-- PB-45406 SN - WP2.3 Update passbolt default resource type icons to include the new resource type icon
-- PB-45408 SN - WP2.4 Update DisplayResourcesListDetails to handle the correct subtitle for standalone note and add the same for standalone custom fields
-- PB-45412 SN - WP3.1 Apply a minimum height to the resource workspace ‘others’ dialog used to create other resource types
-- PB-45413 SN - WP3.3 Increase the height of the notes textarea to use the maximum available space in the resource creation dialog
-- PB-45414 SN - WP3.3 Add “hide” button when the note is decrypted to hide it again
-- PB-45417 SN - WP2.5 Update the “other” dialog to add the standalone note in the content type list in v5
-- PB-45424 SN - WP3.4 Ensure Import/Export is working as expected with standalone notes
-- PB-45464 GMUO - WP1.1 Create new collection ‘GroupUpdateCollection’
-- PB-45465 GMUO - WP1.2 Migrate group update logic to optimise the request on the API
-- PB-45466 GMUO - WP1.3 Adapt group update progress bar mechanism
-- PB-45476 WP5-6.3 - Create events with controller to rotate and resume rotation of a metadata key
+- PB-46646 Reduce accidental destructive actions by moving Delete user and Disable MFA into a More menu in Users and groups
+- PB-28298 Add users to groups by dragging and dropping
+- PB-47198 Add exception to allow users to autofill workbench.cisecurity.org
+- PB-46997 DR - WP1.1 Update RbacsCollection to EntityV2Collection and add new methods
+- PB-46999 DR - WP1.2 Update RoleEntity schema and add new methods
+- PB-47000 DR - WP1.3 Update RolesCollection to EntityV2Collection and add new methods
+- PB-47002 DR - WP2.1 Update of RoleService to a RoleApiService
+- PB-47003 DR - WP2.2 Update of RoleModel to a RoleService
+- PB-47003 DR - WP2.3 Update of RbacService to a RbacApiService
+- PB-47014 DR - WP2.4 Update of RbacModel to a RbacService
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47017 DR - WP3.2 Update the FindMeController into a FindMeRbacController
+- PB-47088 DR - WP3.3 Create the FindAndUpdateRolesLocalStorageController
+- PB-47018 DR - WP4.1 Create RoleServiceWorkerService to get the roles
+- PB-47019 DR - WP4.2 Create RbacServiceWorkerService to get the RBAC permissions of a signed-in user
+- PB-47021 DR - WP4.3 Add the method canRoleUseAction in CanUseService
+- PB-47089 DR - WP4.4 Add a method to find and update roles in local storage
+- PB-47022 DR - WP5.1 Add the method canIUseAction in RbacContext
+- PB-47023 DR - WP5.2 Verify the signed-in user's RBAC privileges before allowing access to the FilterUsersByGroup functionality
+- PB-47024 DR - WP5.3 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceMainActions functionality
+
+- PB-47023 DR - WP5.4 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceActions functionality
+- PB-47036 DR - WP5.5 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsersWorkspaceFilterBar functionality
+- PB-47037 DR - WP5.6 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsers functionality
+- PB-47039 DR - WP5.7 Update CreateUser to select role in a dropdown component
+- PB-47042 DR - WP5.8 Update EditUser to select role in a dropdown component
+- PB-47027 DR - WP5.9 Create the component CreateRoleDialog
+- PB-47028 DR - WP5.10 Create the component EditRoleDialog
+- PB-47029 DR - WP5.11 Create the component DeleteRoleDialog
+- PB-47030 DR - WP5.12 Update the style of DisplayRbacAdministration to match current design
+- PB-47031 DR - WP5.13 Add create role in DisplayRbacAdministration
+- PB-47032 DR - WP5.14 Display all roles in DisplayRbacAdministration
+- PB-47033 DR - WP5.15 Add menu item to update the name of new role
+- PB-47016 DR - WP5.16 Add menu item to delete new role
+- PB-47090 DR - WP5.17 Update ManageAccountRecoveryUserSettings to use roles from context
+- PB-47091 DR - WP5.18 Update ReviewAccountRecoveryRequest to use roles from context
+- PB-47092 DR - WP5.19 Update DisplayScimSettingsAdministration to use roles from context
+- PB-47093 DR - WP5.20 Update DisplayUserDetailsInformation to use roles from context
+- PB-47094 DR - WP5.21 Update DisplayAccountRecoveryUserSettings to use roles from context
+- PB-47095 DR - WP5.22 Update UserWorkspaceContext to use roles from context
+- PB-47096 DR - WP5.23 Create the RoleContextProvider and add it on ExtAppContext
+- PB-47214 DR - WP5.24 Update the RoleEntity to avoid name bypass
+- PB-47215 DR - WP5.25 Update RolesCollection to filter out Guest role
+- PB-47216 DR - WP5.26 Update FindRolesService to filter out guest role
+- PB-47231 DR - WP5.27 Create component DeleteRoleNotAllowed
 
 ### Fixed
-- PB-43218 Date field icons should not be replaced with the copy icon in the SSO settings and expiry resource dialogs
-- PB-45239 Folders are not displayed in the correct order (GITHUB #568)
-- PB-45329 add TOTP toString handling similar to other csv exports
-- PB-45402 Add missing icon property to resource types schema definition
-- PB-45450 Fix account kit export with big private armored keys
-- PB-45458 Remove Organisation Settings max-width
-- PB-45733 Fix quickaccess resource creation with encrypted metadata
+- PB-46180 Incorrect folder name encoding in sharing progress dialog
+- PB-46612 Add missing border radius to secret history selected revision
+- PB-45978 Resize bar continues dragging after mouse release
+- PB-46905 Display the "Remove from group" action button to group managers
+- PB-46627 Fix missing space in the “Advanced settings” of the password generator tabs between the last component and the CTA
+- PB-46930 Secret history review should display an unknown user when creator does not exists
+- PB-47298 KDBX not set expiry if never is set
 
 ### Maintenance
-- PB-44253 Upgrade vulnerable library form-data
-- PB-44593 Upgrade i18next to v24x
-- PB-45182 Major upgrade for copy-anything (Medium)
-- PB-45183 Minor upgrade for browserslist (Low)
-- PB-45184 3rd party Github Actions should be pinned (Medium)
-- PB-45401 Enforce the requirement of the property object_type for custom fields
-- PB-45484 Fix low security vulnerability dependency with web-ext to 8.10.0
-- PB-45583 Review and clean up npm overridden dependencies
-- PB-45601 Update the "Upgrade to Passbolt Pro" buttons URL
+- PB-46636 Remove eslint v8 compatibility
+- PB-46890 Small upgrade for js-yaml (Medium)
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%, and verify no change occurs when the user selects the already-selected theme
+- PB-29338 React 18: upgrade changes with Legacy DOM renderer
+- PB-47057 React 18: Remove unused dev dependency jest-dom
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-47311 Major upgrade for serialize-javascript (Medium)
+- PB-46832 Increase coverage of ThemeEntity
+- PB-46833 Increase coverage of AccountSettingsService
+- PB-46834 Increase coverage of ThemeModel
+- PB-47011 ESLINT - WP1.1 Install phantom dependencies

package/doc/browser-extension-class-diagram.md

@@ -1097,6 +1097,70 @@ classDiagram
         }
     }
 
+    namespace groupsNS {
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+    %% Groups controllers
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+        class FindMyGroupsController {
+            event "passbolt.groups.find-my-groups"
+            +exec() Promise~GroupsCollection~
+        }
+
+        class UpdateAllGroupsLocalStorageController {
+            event "passbolt.groups.update-local-storage"
+            +exec() Promise~GroupsCollection~
+        }
+
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+    %% Groups services
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+        class FindGroupsService {
+            +findAll(object contains, object filters, object orders, boolean ignoreInvalidEntity) Promise~GroupsCollection~
+            +findMyGroups() Promise~GroupsCollection~
+            +findAllForLocalStorage() Promise~GroupsCollection~
+        }
+
+        class FindAndUpdateGroupsLocalStorageService {
+            +findAll() Promise~GroupsCollection~
+        }
+
+        class GroupApiService {
+            +get(string uuid) Promise~Object~
+            +findAll(object contains, object filters, object orders) Promise
+            +create(object data) Promise
+            +update(string groupId, object groupData) Promise
+            +updateDryRun(string groupId, string groupData) Promise
+            +delete(string groupId, object transfer, boolean dryRun) Promise
+        }
+
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+    %% Groups models
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+        class GroupLocalStorage {
+            +flush() Promise~void~
+            +get() Promise~Group~
+            +set(GroupsCollection groupsCollection) Promise~void~
+            +getGroupById(string uuid) Promise~Group~
+            +addGroup(GroupEntity groupEntity) Promise~void~
+            +updateGroup(GroupEntity groupEntity) Promise~void~
+            +delete(string uuid) Promise~void~
+        }
+
+        class GroupEntity {
+            -uuid props.id
+            -string props.name
+            -string props.created
+            -string props.modified
+            -string props.createdBy
+            -string props.modifiedBy
+            -object props.groups_users
+            -object props.my_group_user
+        }
+    }
+
 %% Resource controllers relationships
     CreateResourceController*--CreateResourceService
 %%    CreateResourceController*--GetPassphraseService
@@ -1289,4 +1353,14 @@ classDiagram
     AccountRecoveryGenerateOrganizationKeyController*--GenerateGpgKeyPairOptionsEntity
 %% GpgKey services relationships
     FindUserKeyPoliciesSettingsService*--UserKeyPoliciesSettingsApiService
+
+%% Groups controllers relationships
+    FindMyGroupsController*--FindGroupsService
+    UpdateAllGroupsLocalStorageController*--FindAndUpdateGroupsLocalStorageService
+%% Groups services relationships
+    FindGroupsService*--GroupApiService
+    FindAndUpdateGroupsLocalStorageService*--FindGroupsService
+    FindAndUpdateGroupsLocalStorageService*--GroupLocalStorage
+
+    GroupLocalStorage*--GroupEntity
 ```

package/eslint.config.mjs

@@ -0,0 +1,224 @@
+import globals from 'globals';
+import babelParser from '@babel/eslint-parser';
+import path from 'path';
+import {fileURLToPath} from 'url';
+
+// ESLint plugins import
+import js from '@eslint/js';
+import noUnsanitizedPlugin from 'eslint-plugin-no-unsanitized';
+import jestPlugin from 'eslint-plugin-jest';
+import reactPlugin from 'eslint-plugin-react';
+import importPlugin from 'eslint-plugin-import';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+export default [
+  js.configs.recommended,                        // core JavaScript rules
+  reactPlugin.configs.flat.recommended,          // React best practices
+  reactPlugin.configs.flat['jsx-runtime'],       // JSX transform rules
+  importPlugin.flatConfigs.recommended,          // import/export validations
+  {
+    files: ['**/*.{js,jsx,mjs,cjs}'],
+
+    languageOptions: {
+      parser: babelParser,
+      ecmaVersion: 2024,
+      sourceType: 'module',
+
+      parserOptions: {
+        requireConfigFile: false,
+        ecmaFeatures: {
+          jsx: true,
+        },
+        babelOptions: {
+          presets: ['@babel/preset-react'],
+        },
+      },
+
+      globals: {
+        ...globals.browser,
+        ...globals.node,
+        ...globals.es2024,
+        ...globals.webextensions,
+
+        // Custom globals
+        global: 'readonly',
+        port: 'readonly',
+      },
+    }, plugins: {
+      'no-unsanitized': noUnsanitizedPlugin,
+    },
+
+    settings: {
+      react: {
+        version: 'detect',
+      },
+      'import/resolver': {
+        node: {
+          paths: [__dirname], // Add project root to resolution paths
+          extensions: ['.js', '.jsx', '.mjs', '.cjs'],
+        },
+        alias: {
+          map: [
+            ['passbolt-styleguide', path.resolve(__dirname)],
+          ],
+          extensions: ['.js', '.jsx', '.ts', '.tsx'],
+        },
+      },
+    },
+
+    rules: {
+      /*
+       * ============================================
+       * CUSTOM OVERRIDES
+       * ============================================
+       */
+
+      "array-bracket-spacing": 1, // Enforces consistent spacing inside array brackets
+      "block-spacing": 1, // Enforces consistent spacing inside single-line blocks
+      "brace-style": ["warn", "1tbs", {allowSingleLine: true}], // Enforces one true brace style (opening brace on same line)
+      "comma-spacing": 1, // Enforces consistent spacing before/after commas
+      "computed-property-spacing": 1, // Enforces consistent spacing inside computed property brackets
+      "eol-last": 1, // Requires newline at the end of files
+      "func-call-spacing": 1, // Disallows spaces between function name and parentheses in calls
+      "key-spacing": ["warn", {mode: "minimum"}], // Enforces minimum spacing between keys and values in object literals
+      "keyword-spacing": 1, // Enforces consistent spacing before/after keywords (if, else, for, etc.)
+      "linebreak-style": 1, // Enforces consistent linebreak style (unix vs windows)
+      "no-trailing-spaces": 1, // Disallows trailing whitespace at the end of lines
+      "object-curly-spacing": ["warn", "never"], // Disallows spaces inside object curly braces
+      "one-var": ["error", {initialized: "never", uninitialized: "always"}], // Enforces variables declaration style (one declaration for uninitialized, separate for initialized)
+      "padded-blocks": ["warn", "never"], // Disallows padding blank lines within blocks
+      "semi": ["warn", "always"], // Requires semicolons at the end of statements
+      "semi-spacing": 1, // Enforces spacing before/after semicolons
+      "space-before-blocks": 1, // Requires space before opening brace of blocks
+      "space-before-function-paren": ["warn", "never"], // Disallows space before function parentheses
+      "space-in-parens": ["warn", "never"], // Disallows spaces inside parentheses
+      "space-infix-ops": 1, // Requires spaces around infix operators (+, -, =, etc.)
+      "arrow-body-style": ["warn", "as-needed"], // Requires braces around arrow function body only when needed
+      "arrow-parens": ["warn", "as-needed"], // Requires parens around arrow function parameters only when needed
+      "arrow-spacing": 1, // Enforces consistent spacing before/after arrow function arrows
+      "template-curly-spacing": ["warn", "never"], // Disallows spaces inside template literal curly braces
+      "multiline-comment-style": ["error", "starred-block"], // Enforces starred-block style for multiline comments (/* * */)
+      "indent": ["warn", 2, {MemberExpression: 1, SwitchCase: 1}], // Enforces 2 spaces indentation with specific rules for member expressions and switch cases
+      // "object-shorthand": ["error", "consistent"],
+
+
+      // Critical rules not in recommended configs
+      'curly': 'error',                          // Always use braces
+      'no-implicit-coercion': 'error',           // No implicit type coercion
+      'no-implicit-globals': 'error',            // No implicit global variables
+      'no-unsanitized/method': 'error',          // Prevent XSS via innerHTML
+      'no-unsanitized/property': 'error',        // Prevent XSS via outerHTML
+
+      // Our specific preferences (override recommended)
+      'no-console': 'off',                       // Allow console.log in dev
+      'react/display-name': 'off',               // Don't require display names
+      'react/prop-types': 'off',                 // Skip PropTypes (future TypeScript)
+      'no-useless-escape': 'off',                // Too many false positives
+      "func-names": [
+        "error",
+        "never"
+      ],
+
+      // Phantom dependency detection (CRITICAL)
+      'import/no-extraneous-dependencies': ['error', {
+        devDependencies: [
+          '**/*.test.{js,jsx}',
+          '**/*.spec.{js,jsx}',
+          '**/__tests__/**',
+          '**/test/**',
+          '**/tests/**',
+          '**/scripts/**',
+          '*.config.{js,mjs,cjs}',
+          'webpack.config.js',
+        ],
+        optionalDependencies: false,
+        peerDependencies: true,
+      }],
+
+      // Browser extension specific
+      'n/no-unsupported-features/node-builtins': 'off',  // We use browser APIs
+      'n/no-missing-import': 'off',                       // Handled by import plugin
+      'n/no-missing-require': 'off',                      // Handled by import plugin
+
+      // Muted during migration
+      'import/no-named-as-default-member': 'off',
+      'import/no-duplicates': 'off',
+      'import/named': 'off',
+      'import/no-named-as-default': 'off',
+      'no-empty': 'off',
+      'react/jsx-uses-react': 'error',  // Marks React as used when JSX is present
+      'react/jsx-uses-vars': 'error',   // Marks JSX components as used
+      'react/react-in-jsx-scope': 'error', // Ensures React is in scope for JSX
+    },
+  },
+  /*
+   * ============================================
+   * TEST FILES CONFIGURATION
+   * ============================================
+   */
+  {
+    files: [
+      '**/*.test.{js,jsx}',
+      '**/*.test.data.{js,jsx}',
+      '**/*.test.page.{js,jsx}',
+      '**/*.test.page.object.{js,jsx}',
+      '**/*.test.stories.{js,jsx}',
+      '**/*.spec.{js,jsx}',
+      '**/__tests__/**',
+      '**/test/mock/**',
+    ],
+
+    languageOptions: {
+      globals: {
+        ...globals.jest,
+      },
+    },
+
+    plugins: {
+      jest: jestPlugin,
+    },
+
+    rules: {
+      ...jestPlugin.configs['flat/recommended'].rules,
+
+      // Test-specific overrides
+      'no-console': 'off',                       // Allow console in tests
+      'import/no-extraneous-dependencies': 'off', // Dev deps OK in tests
+      'jest/prefer-expect-assertions': 'off',     // Not always needed
+
+      // Rules muted during migration
+      'jest/no-conditional-expect': 'off',
+      'jest/valid-title': 'off',
+      'jest/no-alias-methods': 'off',
+      'jest/no-export': 'off',
+      'jest/valid-expect': 'off',
+      'jest/no-identical-title': 'off',
+      'jest/expect-expect': 'off',
+      'jest/valid-expect-in-promise': 'off',
+      'jest/no-disabled-tests': 'off',
+      'jest/valid-describe-callback': 'off',
+      'jest/no-focused-tests': 'off',
+      'jest/no-standalone-expect': 'off'
+    },
+  },
+  /*
+   * ============================================
+   * BUILD/CONFIG FILES
+   * ============================================
+   */
+  {
+    files: ['*.config.{js,mjs,cjs}', 'scripts/**/*.js', 'webpack.config.js'],
+
+    languageOptions: {
+      globals: {
+        ...globals.node,
+      },
+    },
+
+    rules: {
+      'no-console': 'off',                       // Allow console in scripts
+      'import/no-extraneous-dependencies': 'off', // Dev deps OK in configs
+    },
+  },
+];