package com.zimbra.cs.service.admin;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AdminConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.cs.account.Entry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.AdminRight;
import com.zimbra.cs.account.accesscontrol.RightCommand;
import com.zimbra.cs.account.accesscontrol.Rights;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.service.PreAuthServlet;
import com.zimbra.soap.ZimbraSoapContext;
import com.zimbra.soap.admin.type.GranteeSelector;
import com.zimbra.soap.type.TargetBy;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/zimbra/cs/service/admin/GetGrants.class */
public class GetGrants extends RightDocumentHandler {
    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Provisioning provisioning = Provisioning.getInstance();
        String str = null;
        TargetBy targetBy = null;
        String str2 = null;
        Element optionalElement = element.getOptionalElement("target");
        if (optionalElement != null) {
            str = optionalElement.getAttribute("type");
            if (TargetType.fromCode(str).needsTargetIdentity()) {
                targetBy = TargetBy.fromString(optionalElement.getAttribute(PreAuthServlet.PARAM_BY));
                str2 = optionalElement.getText();
            }
            checkRight(zimbraSoapContext, TargetType.lookupTarget(provisioning, TargetType.fromCode(str), targetBy, str2), Rights.Admin.R_viewGrants);
        }
        String str3 = null;
        GranteeSelector.GranteeBy granteeBy = null;
        String str4 = null;
        boolean z = true;
        Element optionalElement2 = element.getOptionalElement("grantee");
        if (optionalElement2 != null) {
            str3 = optionalElement2.getAttribute("type");
            granteeBy = GranteeSelector.GranteeBy.fromString(optionalElement2.getAttribute(PreAuthServlet.PARAM_BY));
            str4 = optionalElement2.getText();
            z = optionalElement2.getAttributeBool("all");
        }
        RightCommand.Grants grants = RightCommand.getGrants(provisioning, str, targetBy, str2, str3, granteeBy, str4, z);
        HashSet hashSet = new HashSet();
        for (RightCommand.ACE ace : grants.getACEs()) {
            Entry lookupTarget = TargetType.lookupTarget(provisioning, TargetType.fromCode(ace.targetType()), TargetBy.name, ace.targetName());
            String str5 = ace.targetType() + "-" + ace.targetId();
            if (!hashSet.contains(str5)) {
                checkRight(zimbraSoapContext, lookupTarget, Rights.Admin.R_viewGrants);
                hashSet.add(str5);
            }
        }
        Element createElement = zimbraSoapContext.createElement(AdminConstants.GET_GRANTS_RESPONSE);
        grants.toXML(createElement);
        return createElement;
    }

    @Override // com.zimbra.cs.service.admin.AdminDocumentHandler, com.zimbra.cs.service.admin.AdminRightCheckPoint
    public void docRights(List<AdminRight> list, List<String> list2) {
        list.add(Rights.Admin.R_viewGrants);
        list2.add("Needs a get attr right of zimbraACE on each the target entry.  Granting the " + Rights.Admin.R_viewGrants.getName() + " is one way to do it, which will give the right on all target types.   Use inline right if more granularity is needed.   See doc for the " + Rights.Admin.R_viewGrants.getName() + " right in zimbra-rights.xml for more details.");
    }
}
