From ef6ed0ba84f1b262477ccc7fad34798d6f393e1f Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Thu, 15 Aug 2024 17:47:28 -0700
Subject: [PATCH 1/9] add support to ingest supported with roles

---
 .../firebolt/handlers/authentication_rpc.rs   |  9 +++-
 core/main/src/state/cap/generic_cap_state.rs  | 24 ++++++++--
 core/sdk/src/api/device/device_accessory.rs   |  3 +-
 core/sdk/src/api/firebolt/fb_capabilities.rs  |  7 ++-
 core/sdk/src/api/manifest/device_manifest.rs  | 47 +++++++++++++++----
 5 files changed, 72 insertions(+), 18 deletions(-)

diff --git a/core/main/src/firebolt/handlers/authentication_rpc.rs b/core/main/src/firebolt/handlers/authentication_rpc.rs
index 7b095c082..f33dded96 100644
--- a/core/main/src/firebolt/handlers/authentication_rpc.rs
+++ b/core/main/src/firebolt/handlers/authentication_rpc.rs
@@ -63,10 +63,12 @@ impl AuthenticationServer for AuthenticationImpl {
         match token_request._type {
             TokenType::Platform => {
                 let cap = FireboltCap::Short("token:platform".into());
-                let supported_caps = self
+                let supported_perms = self
                     .platform_state
                     .get_device_manifest()
                     .get_supported_caps();
+                let supported_caps: Vec<FireboltCap> =
+                    supported_perms.into_iter().map(|x| x.cap).collect();
                 if supported_caps.contains(&cap) {
                     self.token(TokenType::Platform, ctx).await
                 } else {
@@ -81,10 +83,13 @@ impl AuthenticationServer for AuthenticationImpl {
             TokenType::Device => self.token(TokenType::Device, ctx).await,
             TokenType::Distributor => {
                 let cap = FireboltCap::Short("token:session".into());
-                let supported_caps = self
+                let supported_perms = self
                     .platform_state
                     .get_device_manifest()
                     .get_supported_caps();
+
+                let supported_caps: Vec<FireboltCap> =
+                    supported_perms.into_iter().map(|x| x.cap).collect();
                 if supported_caps.contains(&cap) {
                     self.token(TokenType::Distributor, ctx).await
                 } else {
diff --git a/core/main/src/state/cap/generic_cap_state.rs b/core/main/src/state/cap/generic_cap_state.rs
index 7653b69db..9435c78f5 100644
--- a/core/main/src/state/cap/generic_cap_state.rs
+++ b/core/main/src/state/cap/generic_cap_state.rs
@@ -29,6 +29,8 @@ use ripple_sdk::{
     },
     log::debug,
 };
+use serde::Deserialize;
+use serde_json::json;
 
 use crate::state::platform_state::PlatformState;
 
@@ -54,14 +56,14 @@ impl GenericCapState {
         cap_state
     }
 
-    pub fn ingest_supported(&self, request: Vec<FireboltCap>) {
+    pub fn ingest_supported(&self, request: Vec<FireboltPermission>) {
         let mut supported = self.supported.write().unwrap();
         supported.extend(
             request
                 .iter()
-                .map(|a| a.as_str())
+                .map(|a: &FireboltPermission| serde_json::to_string(a).unwrap())
                 .collect::<HashSet<String>>(),
-        )
+        );
     }
 
     pub fn ingest_availability(&self, request: Vec<FireboltCap>, is_available: bool) {
@@ -79,9 +81,21 @@ impl GenericCapState {
     pub fn check_for_processor(&self, request: Vec<String>) -> HashMap<String, bool> {
         let supported = self.supported.read().unwrap();
         let mut result = HashMap::new();
+        let supported_cap: Vec<String> = supported
+            .clone()
+            .iter()
+            .map(|f| {
+                FireboltPermission::deserialize(json!(f))
+                    .unwrap()
+                    .cap
+                    .as_str()
+            })
+            .collect();
+
         for cap in request {
-            result.insert(cap.clone(), supported.contains(&cap));
+            result.insert(cap.clone(), supported_cap.contains(&cap));
         }
+
         result
     }
 
@@ -89,7 +103,7 @@ impl GenericCapState {
         let supported = self.supported.read().unwrap();
         let not_supported: Vec<FireboltCap> = request
             .iter()
-            .filter(|fb_perm| !supported.contains(&fb_perm.cap.as_str()))
+            .filter(|fb_perm| !supported.contains(&serde_json::to_string(fb_perm).unwrap()))
             .map(|fb_perm| fb_perm.cap.clone())
             .collect();
 
diff --git a/core/sdk/src/api/device/device_accessory.rs b/core/sdk/src/api/device/device_accessory.rs
index 285a88e46..4576bf47a 100644
--- a/core/sdk/src/api/device/device_accessory.rs
+++ b/core/sdk/src/api/device/device_accessory.rs
@@ -188,7 +188,8 @@ pub enum AccessoryProtocol {
 
 impl AccessoryProtocol {
     pub fn get_supported_protocol(value: DeviceManifest) -> Self {
-        let supported_caps = value.get_supported_caps();
+        let supported_perms = value.get_supported_caps();
+        let supported_caps: Vec<FireboltCap> = supported_perms.into_iter().map(|x| x.cap).collect();
         if supported_caps.contains(&FireboltCap::short("remote:rf4ce")) {
             AccessoryProtocol::RF4CE
         } else {
diff --git a/core/sdk/src/api/firebolt/fb_capabilities.rs b/core/sdk/src/api/firebolt/fb_capabilities.rs
index e6728035f..54ea8ba29 100644
--- a/core/sdk/src/api/firebolt/fb_capabilities.rs
+++ b/core/sdk/src/api/firebolt/fb_capabilities.rs
@@ -225,7 +225,7 @@ impl Serialize for FireboltPermission {
     {
         let s = self.cap.as_str();
         let suffix = match self.role {
-            CapabilityRole::Use => "",
+            CapabilityRole::Use => "[use]",
             CapabilityRole::Manage => "[manage]",
             CapabilityRole::Provide => "[provide]",
         };
@@ -621,7 +621,10 @@ mod tests {
             role: CapabilityRole::Use,
         };
         let serialized = serde_json::to_string(&perm).unwrap();
-        assert_eq!(serialized, "\"xrn:firebolt:capability:account:session\"");
+        assert_eq!(
+            serialized,
+            "\"xrn:firebolt:capability:account:session[use]\""
+        );
     }
 
     #[test]
diff --git a/core/sdk/src/api/manifest/device_manifest.rs b/core/sdk/src/api/manifest/device_manifest.rs
index b73b5c679..938afe77f 100644
--- a/core/sdk/src/api/manifest/device_manifest.rs
+++ b/core/sdk/src/api/manifest/device_manifest.rs
@@ -28,7 +28,7 @@ use crate::{
     api::{
         device::device_user_grants_data::{GrantExclusionFilter, GrantPolicies},
         distributor::distributor_privacy::DataEventType,
-        firebolt::fb_capabilities::{FireboltCap, FireboltPermission},
+        firebolt::fb_capabilities::FireboltPermission,
         storage_property::StorageProperty,
     },
     utils::error::RippleError,
@@ -37,6 +37,7 @@ use crate::{
 use super::{apps::AppManifest, exclusory::ExclusoryImpl, remote_feature::FeatureFlag};
 pub const PARTNER_EXCLUSION_REFRESH_TIMEOUT: u32 = 12 * 60 * 60; // 12 hours
 pub const METRICS_LOGGING_PERCENTAGE_DEFAULT: u32 = 10;
+use serde_json::json;
 
 #[derive(Deserialize, Debug, Clone)]
 pub struct RippleConfiguration {
@@ -332,6 +333,8 @@ pub struct DefaultValues {
     pub media_progress_as_watched_events: bool,
     #[serde(default)]
     pub accessibility_audio_description_settings: bool,
+    #[serde(default)]
+    pub role_based_support: bool,
 }
 
 pub fn name_default() -> String {
@@ -441,6 +444,7 @@ impl Default for DefaultValues {
             lifecycle_transition_validate: false,
             media_progress_as_watched_events: false,
             accessibility_audio_description_settings: false,
+            role_based_support: false,
         }
     }
 }
@@ -787,8 +791,23 @@ impl DeviceManifest {
         }
     }
 
-    pub fn get_supported_caps(&self) -> Vec<FireboltCap> {
-        FireboltCap::from_vec_string(self.clone().capabilities.supported)
+    pub fn get_supported_caps(&self) -> Vec<FireboltPermission> {
+        let supported_caps = self.clone().capabilities.supported;
+        let mut fb_perm_list = Vec::new();
+        let role_based_support = self.configuration.default_values.role_based_support;
+        for mut i in supported_caps {
+            fb_perm_list.push(FireboltPermission::deserialize(json!(i)).unwrap());
+            if !(role_based_support || i.ends_with("[manage]") || i.ends_with("[provide]")) {
+                let s: String = "[manage]".to_owned();
+                i = format!("{i}{s}");
+                fb_perm_list.push(FireboltPermission::deserialize(json!(i)).unwrap());
+            } else if role_based_support && i.ends_with("[manage]") {
+                i.truncate(i.len() - "[manage]".len());
+                fb_perm_list.push(FireboltPermission::deserialize(json!(i)).unwrap());
+            }
+        }
+        fb_perm_list
+        // FireboltCap::from_vec_string(self.clone().capabilities.supported)
     }
 
     pub fn get_caps_requiring_grant(&self) -> Vec<String> {
@@ -834,6 +853,7 @@ impl DeviceManifest {
 #[cfg(test)]
 pub(crate) mod tests {
     use super::*;
+    use crate::api::firebolt::fb_capabilities::{CapabilityRole, FireboltCap};
     pub trait Mockable {
         fn mock() -> DeviceManifest
         where
@@ -906,6 +926,7 @@ pub(crate) mod tests {
                         lifecycle_transition_validate: true,
                         media_progress_as_watched_events: true,
                         accessibility_audio_description_settings: false,
+                        role_based_support: false,
                     },
                     settings_defaults_per_app: HashMap::new(),
                     model_friendly_names: {
@@ -934,7 +955,7 @@ pub(crate) mod tests {
                     metrics_logging_percentage: 10,
                 },
                 capabilities: CapabilityConfiguration {
-                    supported: vec!["main".to_string()],
+                    supported: vec!["main[manage]".to_string(), "test".to_string()],
                     grant_policies: None,
                     grant_exclusion_filters: vec![GrantExclusionFilter {
                         id: Some("test-id".to_string()),
@@ -1010,11 +1031,21 @@ pub(crate) mod tests {
     }
 
     #[test]
-    fn test_get_supported_caps() {
+    fn test_get_supported_caps_use_role_based_support_false() {
         let manifest = DeviceManifest::mock();
-        let supported_caps = manifest.get_supported_caps();
-
-        assert_eq!(supported_caps, vec![FireboltCap::Full("main".to_string())]);
+        let supported_perms = manifest.get_supported_caps();
+        assert!(supported_perms.contains(&FireboltPermission {
+            cap: FireboltCap::Full("main".to_owned()),
+            role: CapabilityRole::Manage
+        }));
+        assert!(supported_perms.contains(&FireboltPermission {
+            cap: FireboltCap::Full("test".to_owned()),
+            role: CapabilityRole::Manage
+        }));
+        assert!(supported_perms.contains(&FireboltPermission {
+            cap: FireboltCap::Full("test".to_owned()),
+            role: CapabilityRole::Use
+        }));
     }
 
     #[test]

From 9d034a13496fcbf1673ac56f204d6277942216c3 Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Fri, 16 Aug 2024 13:39:03 -0700
Subject: [PATCH 2/9] update code

---
 core/main/src/state/cap/generic_cap_state.rs |  9 ++-
 core/sdk/src/api/firebolt/fb_capabilities.rs | 68 ++++++++++++++++++--
 core/sdk/src/api/manifest/device_manifest.rs | 23 ++-----
 3 files changed, 74 insertions(+), 26 deletions(-)

diff --git a/core/main/src/state/cap/generic_cap_state.rs b/core/main/src/state/cap/generic_cap_state.rs
index 9435c78f5..486a412be 100644
--- a/core/main/src/state/cap/generic_cap_state.rs
+++ b/core/main/src/state/cap/generic_cap_state.rs
@@ -95,7 +95,6 @@ impl GenericCapState {
         for cap in request {
             result.insert(cap.clone(), supported_cap.contains(&cap));
         }
-
         result
     }
 
@@ -107,10 +106,10 @@ impl GenericCapState {
             .map(|fb_perm| fb_perm.cap.clone())
             .collect();
 
-        // debug!(
-        //     "checking supported caps request={:?}, not_supported={:?}, supported: {:?}",
-        //     request, not_supported, supported
-        // );
+        debug!(
+            "checking supported caps request={:?}, not_supported={:?}, supported: {:?}",
+            request, not_supported, supported
+        );
 
         if !not_supported.is_empty() {
             return Err(DenyReasonWithCap::new(
diff --git a/core/sdk/src/api/firebolt/fb_capabilities.rs b/core/sdk/src/api/firebolt/fb_capabilities.rs
index 54ea8ba29..0a521d29c 100644
--- a/core/sdk/src/api/firebolt/fb_capabilities.rs
+++ b/core/sdk/src/api/firebolt/fb_capabilities.rs
@@ -159,6 +159,67 @@ pub struct FireboltPermission {
     pub role: CapabilityRole,
 }
 
+impl FireboltPermission {
+    pub fn from_vec_string(
+        perm_strings: Vec<String>,
+        role_based_support: bool,
+    ) -> Vec<FireboltPermission> {
+        let mut perm_list: Vec<FireboltPermission> = Vec::new();
+        for perm in perm_strings {
+            if role_based_support {
+                let pattern = r"^xrn:firebolt:capability:([a-z0-9\\-]+)((:[a-z0-9\\-]+)?)$";
+                if Regex::new(pattern).unwrap().is_match(perm.as_str()) {
+                    // Default Capability which without [role] at the end of capability string for e.g `xrn:firebolt:capability:account:session`,
+                    // we add use role to the capability
+                    perm_list.push(FireboltPermission {
+                        cap: FireboltCap::Full(perm.to_owned()),
+                        role: CapabilityRole::Use,
+                    });
+                } else if perm.ends_with("[manage]") {
+                    let mut cap = perm.clone();
+                    cap.truncate(perm.len() - "[manage]".len());
+
+                    perm_list.push(FireboltPermission {
+                        cap: FireboltCap::Full(cap.to_owned()),
+                        role: CapabilityRole::Use,
+                    });
+                    perm_list.push(FireboltPermission {
+                        cap: FireboltCap::Full(cap),
+                        role: CapabilityRole::Manage,
+                    });
+                }
+            } else if !(perm.ends_with("[manage]") || perm.ends_with("[provide]")) {
+                // Default Capability which without [role] at the end of capability string for e.g `xrn:firebolt:capability:account:session`,
+                // we add use, manage and provide roles to the capability
+                perm_list.push(FireboltPermission {
+                    cap: FireboltCap::Full(perm.to_owned()),
+                    role: CapabilityRole::Use,
+                });
+                perm_list.push(FireboltPermission {
+                    cap: FireboltCap::Full(perm.to_owned()),
+                    role: CapabilityRole::Manage,
+                });
+                perm_list.push(FireboltPermission {
+                    cap: FireboltCap::Full(perm),
+                    role: CapabilityRole::Provide,
+                });
+            } else if perm.ends_with("[manage]") {
+                let mut cap = perm.clone();
+                cap.truncate(perm.len() - "[manage]".len());
+                perm_list.push(FireboltPermission {
+                    cap: FireboltCap::Full(cap.to_owned()),
+                    role: CapabilityRole::Use,
+                });
+                perm_list.push(FireboltPermission {
+                    cap: FireboltCap::Full(cap.to_owned()),
+                    role: CapabilityRole::Manage,
+                });
+            }
+        }
+        perm_list
+    }
+}
+
 impl From<RoleInfo> for FireboltPermission {
     fn from(role_info: RoleInfo) -> Self {
         FireboltPermission {
@@ -225,7 +286,7 @@ impl Serialize for FireboltPermission {
     {
         let s = self.cap.as_str();
         let suffix = match self.role {
-            CapabilityRole::Use => "[use]",
+            CapabilityRole::Use => "",
             CapabilityRole::Manage => "[manage]",
             CapabilityRole::Provide => "[provide]",
         };
@@ -621,10 +682,7 @@ mod tests {
             role: CapabilityRole::Use,
         };
         let serialized = serde_json::to_string(&perm).unwrap();
-        assert_eq!(
-            serialized,
-            "\"xrn:firebolt:capability:account:session[use]\""
-        );
+        assert_eq!(serialized, "\"xrn:firebolt:capability:account:session\"");
     }
 
     #[test]
diff --git a/core/sdk/src/api/manifest/device_manifest.rs b/core/sdk/src/api/manifest/device_manifest.rs
index 938afe77f..9ef96b354 100644
--- a/core/sdk/src/api/manifest/device_manifest.rs
+++ b/core/sdk/src/api/manifest/device_manifest.rs
@@ -37,7 +37,6 @@ use crate::{
 use super::{apps::AppManifest, exclusory::ExclusoryImpl, remote_feature::FeatureFlag};
 pub const PARTNER_EXCLUSION_REFRESH_TIMEOUT: u32 = 12 * 60 * 60; // 12 hours
 pub const METRICS_LOGGING_PERCENTAGE_DEFAULT: u32 = 10;
-use serde_json::json;
 
 #[derive(Deserialize, Debug, Clone)]
 pub struct RippleConfiguration {
@@ -792,22 +791,9 @@ impl DeviceManifest {
     }
 
     pub fn get_supported_caps(&self) -> Vec<FireboltPermission> {
-        let supported_caps = self.clone().capabilities.supported;
-        let mut fb_perm_list = Vec::new();
+        let supported = self.clone().capabilities.supported;
         let role_based_support = self.configuration.default_values.role_based_support;
-        for mut i in supported_caps {
-            fb_perm_list.push(FireboltPermission::deserialize(json!(i)).unwrap());
-            if !(role_based_support || i.ends_with("[manage]") || i.ends_with("[provide]")) {
-                let s: String = "[manage]".to_owned();
-                i = format!("{i}{s}");
-                fb_perm_list.push(FireboltPermission::deserialize(json!(i)).unwrap());
-            } else if role_based_support && i.ends_with("[manage]") {
-                i.truncate(i.len() - "[manage]".len());
-                fb_perm_list.push(FireboltPermission::deserialize(json!(i)).unwrap());
-            }
-        }
-        fb_perm_list
-        // FireboltCap::from_vec_string(self.clone().capabilities.supported)
+        FireboltPermission::from_vec_string(supported, role_based_support)
     }
 
     pub fn get_caps_requiring_grant(&self) -> Vec<String> {
@@ -1034,6 +1020,7 @@ pub(crate) mod tests {
     fn test_get_supported_caps_use_role_based_support_false() {
         let manifest = DeviceManifest::mock();
         let supported_perms = manifest.get_supported_caps();
+        println!("^^^ perms {:?}", supported_perms);
         assert!(supported_perms.contains(&FireboltPermission {
             cap: FireboltCap::Full("main".to_owned()),
             role: CapabilityRole::Manage
@@ -1046,6 +1033,10 @@ pub(crate) mod tests {
             cap: FireboltCap::Full("test".to_owned()),
             role: CapabilityRole::Use
         }));
+        assert!(supported_perms.contains(&FireboltPermission {
+            cap: FireboltCap::Full("test".to_owned()),
+            role: CapabilityRole::Provide
+        }));
     }
 
     #[test]

From c4060adbec842df56755c73edf26e9ada1113a9b Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Fri, 16 Aug 2024 13:52:05 -0700
Subject: [PATCH 3/9] remove unused code

---
 core/sdk/src/api/manifest/device_manifest.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/core/sdk/src/api/manifest/device_manifest.rs b/core/sdk/src/api/manifest/device_manifest.rs
index 9ef96b354..3a079d00a 100644
--- a/core/sdk/src/api/manifest/device_manifest.rs
+++ b/core/sdk/src/api/manifest/device_manifest.rs
@@ -1020,7 +1020,6 @@ pub(crate) mod tests {
     fn test_get_supported_caps_use_role_based_support_false() {
         let manifest = DeviceManifest::mock();
         let supported_perms = manifest.get_supported_caps();
-        println!("^^^ perms {:?}", supported_perms);
         assert!(supported_perms.contains(&FireboltPermission {
             cap: FireboltCap::Full("main".to_owned()),
             role: CapabilityRole::Manage

From 01487f86e9d9615211c432da967432a8ae6dafd2 Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Fri, 16 Aug 2024 16:34:24 -0700
Subject: [PATCH 4/9] update code

---
 core/sdk/src/api/firebolt/fb_capabilities.rs | 68 +++++++-------------
 1 file changed, 24 insertions(+), 44 deletions(-)

diff --git a/core/sdk/src/api/firebolt/fb_capabilities.rs b/core/sdk/src/api/firebolt/fb_capabilities.rs
index 0a521d29c..f6b42db95 100644
--- a/core/sdk/src/api/firebolt/fb_capabilities.rs
+++ b/core/sdk/src/api/firebolt/fb_capabilities.rs
@@ -19,6 +19,7 @@ use std::hash::{Hash, Hasher};
 
 use regex::Regex;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
+use serde_json::json;
 
 use super::fb_openrpc::CapabilitySet;
 use crate::api::gateway::rpc_error::RpcError;
@@ -167,53 +168,32 @@ impl FireboltPermission {
         let mut perm_list: Vec<FireboltPermission> = Vec::new();
         for perm in perm_strings {
             if role_based_support {
-                let pattern = r"^xrn:firebolt:capability:([a-z0-9\\-]+)((:[a-z0-9\\-]+)?)$";
-                if Regex::new(pattern).unwrap().is_match(perm.as_str()) {
-                    // Default Capability which without [role] at the end of capability string for e.g `xrn:firebolt:capability:account:session`,
-                    // we add use role to the capability
-                    perm_list.push(FireboltPermission {
-                        cap: FireboltCap::Full(perm.to_owned()),
-                        role: CapabilityRole::Use,
-                    });
-                } else if perm.ends_with("[manage]") {
+                perm_list.push(FireboltPermission::deserialize(json!(perm)).unwrap());
+                if perm.ends_with("[manage]") {
                     let mut cap = perm.clone();
                     cap.truncate(perm.len() - "[manage]".len());
-
-                    perm_list.push(FireboltPermission {
-                        cap: FireboltCap::Full(cap.to_owned()),
-                        role: CapabilityRole::Use,
-                    });
-                    perm_list.push(FireboltPermission {
-                        cap: FireboltCap::Full(cap),
-                        role: CapabilityRole::Manage,
-                    });
+                    perm_list.push(FireboltPermission::deserialize(json!(cap)).unwrap());
                 }
-            } else if !(perm.ends_with("[manage]") || perm.ends_with("[provide]")) {
-                // Default Capability which without [role] at the end of capability string for e.g `xrn:firebolt:capability:account:session`,
-                // we add use, manage and provide roles to the capability
-                perm_list.push(FireboltPermission {
-                    cap: FireboltCap::Full(perm.to_owned()),
-                    role: CapabilityRole::Use,
-                });
-                perm_list.push(FireboltPermission {
-                    cap: FireboltCap::Full(perm.to_owned()),
-                    role: CapabilityRole::Manage,
-                });
-                perm_list.push(FireboltPermission {
-                    cap: FireboltCap::Full(perm),
-                    role: CapabilityRole::Provide,
-                });
-            } else if perm.ends_with("[manage]") {
-                let mut cap = perm.clone();
-                cap.truncate(perm.len() - "[manage]".len());
-                perm_list.push(FireboltPermission {
-                    cap: FireboltCap::Full(cap.to_owned()),
-                    role: CapabilityRole::Use,
-                });
-                perm_list.push(FireboltPermission {
-                    cap: FireboltCap::Full(cap.to_owned()),
-                    role: CapabilityRole::Manage,
-                });
+            } else {
+                perm_list.push(FireboltPermission::deserialize(json!(perm)).unwrap());
+                perm_list.push(
+                    FireboltPermission::deserialize(json!(format!(
+                        "{}{}",
+                        perm.as_str(),
+                        "[manage]"
+                    )
+                    .as_str()))
+                    .unwrap(),
+                );
+                perm_list.push(
+                    FireboltPermission::deserialize(json!(format!(
+                        "{}{}",
+                        perm.as_str(),
+                        "[provide]"
+                    )
+                    .as_str()))
+                    .unwrap(),
+                );
             }
         }
         perm_list

From 312c81365569efd8afffb0ba99b7619a7226e216 Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Wed, 21 Aug 2024 10:43:53 -0700
Subject: [PATCH 5/9] fix unsafe unwrap

---
 core/sdk/src/api/firebolt/fb_capabilities.rs | 59 +++++++++++---------
 1 file changed, 34 insertions(+), 25 deletions(-)

diff --git a/core/sdk/src/api/firebolt/fb_capabilities.rs b/core/sdk/src/api/firebolt/fb_capabilities.rs
index f6b42db95..3d71b4dbe 100644
--- a/core/sdk/src/api/firebolt/fb_capabilities.rs
+++ b/core/sdk/src/api/firebolt/fb_capabilities.rs
@@ -166,34 +166,43 @@ impl FireboltPermission {
         role_based_support: bool,
     ) -> Vec<FireboltPermission> {
         let mut perm_list: Vec<FireboltPermission> = Vec::new();
-        for perm in perm_strings {
+        for permission in perm_strings {
             if role_based_support {
-                perm_list.push(FireboltPermission::deserialize(json!(perm)).unwrap());
-                if perm.ends_with("[manage]") {
-                    let mut cap = perm.clone();
-                    cap.truncate(perm.len() - "[manage]".len());
-                    perm_list.push(FireboltPermission::deserialize(json!(cap)).unwrap());
+                perm_list.push(FireboltPermission::deserialize(json!(permission)).unwrap());
+                if permission.ends_with("[manage]") {
+                    let mut cap = permission.clone();
+
+                    cap.truncate(permission.len() - "[manage]".len());
+                    let perm = FireboltPermission::deserialize(json!(cap));
+                    if let Ok(p) = perm {
+                        perm_list.push(p);
+                    }
                 }
             } else {
-                perm_list.push(FireboltPermission::deserialize(json!(perm)).unwrap());
-                perm_list.push(
-                    FireboltPermission::deserialize(json!(format!(
-                        "{}{}",
-                        perm.as_str(),
-                        "[manage]"
-                    )
-                    .as_str()))
-                    .unwrap(),
-                );
-                perm_list.push(
-                    FireboltPermission::deserialize(json!(format!(
-                        "{}{}",
-                        perm.as_str(),
-                        "[provide]"
-                    )
-                    .as_str()))
-                    .unwrap(),
-                );
+                let perm = FireboltPermission::deserialize(json!(permission));
+                if let Ok(p) = perm {
+                    perm_list.push(p);
+                }
+
+                let perm = FireboltPermission::deserialize(json!(format!(
+                    "{}{}",
+                    permission.as_str(),
+                    "[manage]"
+                )
+                .as_str()));
+                if let Ok(p) = perm {
+                    perm_list.push(p);
+                };
+
+                let perm = FireboltPermission::deserialize(json!(format!(
+                    "{}{}",
+                    permission.as_str(),
+                    "[provide]"
+                )
+                .as_str()));
+                if let Ok(p) = perm {
+                    perm_list.push(p);
+                };
             }
         }
         perm_list

From e89d95dcb5e495b62eaa8c5e0f006cecfdb80ce5 Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Wed, 21 Aug 2024 12:07:36 -0700
Subject: [PATCH 6/9] fix another unsafe unwrap

---
 core/sdk/src/api/firebolt/fb_capabilities.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/sdk/src/api/firebolt/fb_capabilities.rs b/core/sdk/src/api/firebolt/fb_capabilities.rs
index 3d71b4dbe..4813fad7c 100644
--- a/core/sdk/src/api/firebolt/fb_capabilities.rs
+++ b/core/sdk/src/api/firebolt/fb_capabilities.rs
@@ -168,7 +168,10 @@ impl FireboltPermission {
         let mut perm_list: Vec<FireboltPermission> = Vec::new();
         for permission in perm_strings {
             if role_based_support {
-                perm_list.push(FireboltPermission::deserialize(json!(permission)).unwrap());
+                let perm = FireboltPermission::deserialize(json!(permission));
+                if let Ok(p) = perm {
+                    perm_list.push(p);
+                }
                 if permission.ends_with("[manage]") {
                     let mut cap = permission.clone();
 

From a86c87e690f615a2f899f8bd033d166a63d59f1d Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Fri, 23 Aug 2024 14:07:22 -0700
Subject: [PATCH 7/9] handle provide capabilities

---
 core/sdk/src/api/firebolt/fb_capabilities.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/core/sdk/src/api/firebolt/fb_capabilities.rs b/core/sdk/src/api/firebolt/fb_capabilities.rs
index 4813fad7c..b2afe16fe 100644
--- a/core/sdk/src/api/firebolt/fb_capabilities.rs
+++ b/core/sdk/src/api/firebolt/fb_capabilities.rs
@@ -180,6 +180,23 @@ impl FireboltPermission {
                     if let Ok(p) = perm {
                         perm_list.push(p);
                     }
+                } else if permission.ends_with("[provide]") {
+                    let mut cap = permission.clone();
+
+                    cap.truncate(permission.len() - "[provide]".len());
+                    let perm = FireboltPermission::deserialize(json!(cap));
+                    if let Ok(p) = perm {
+                        perm_list.push(p);
+                    }
+                    let perm = FireboltPermission::deserialize(json!(format!(
+                        "{}{}",
+                        cap.as_str(),
+                        "[manage]"
+                    )
+                    .as_str()));
+                    if let Ok(p) = perm {
+                        perm_list.push(p);
+                    }
                 }
             } else {
                 let perm = FireboltPermission::deserialize(json!(permission));

From 73c15263b5bab81bbb39651f8fe8b261a81f9023 Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Tue, 27 Aug 2024 11:58:52 -0700
Subject: [PATCH 8/9] trigger ci build


From a3dbfb80e657e7e557d215f745fafeacb9a46c2f Mon Sep 17 00:00:00 2001
From: maggie98choy <maggie98choy@yahoo.com>
Date: Wed, 28 Aug 2024 09:01:16 -0700
Subject: [PATCH 9/9] comment out debug log

---
 core/main/src/state/cap/generic_cap_state.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/main/src/state/cap/generic_cap_state.rs b/core/main/src/state/cap/generic_cap_state.rs
index 486a412be..bd03c5bec 100644
--- a/core/main/src/state/cap/generic_cap_state.rs
+++ b/core/main/src/state/cap/generic_cap_state.rs
@@ -106,10 +106,10 @@ impl GenericCapState {
             .map(|fb_perm| fb_perm.cap.clone())
             .collect();
 
-        debug!(
-            "checking supported caps request={:?}, not_supported={:?}, supported: {:?}",
-            request, not_supported, supported
-        );
+        // debug!(
+        //     "checking supported caps request={:?}, not_supported={:?}, supported: {:?}",
+        //     request, not_supported, supported
+        // );
 
         if !not_supported.is_empty() {
             return Err(DenyReasonWithCap::new(