package com.zimbra.cs.service.account;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AccountConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.ACLUtil;
import com.zimbra.cs.account.accesscontrol.ZimbraACE;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.soap.ZimbraSoapContext;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/zimbra/cs/service/account/RevokeRights.class */
public class RevokeRights extends AccountDocumentHandler {
    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Account requestedAccount = getRequestedAccount(zimbraSoapContext);
        if (!canAccessAccount(zimbraSoapContext, requestedAccount)) {
            throw ServiceException.PERM_DENIED("can not access account");
        }
        HashSet hashSet = new HashSet();
        Iterator it = element.listElements(DavElements.P_ACE).iterator();
        while (it.hasNext()) {
            hashSet.add(GrantRights.handleACE((Element) it.next(), zimbraSoapContext, false));
        }
        List<ZimbraACE> revokeRight = ACLUtil.revokeRight(Provisioning.getInstance(), requestedAccount, hashSet);
        Element createElement = zimbraSoapContext.createElement(AccountConstants.REVOKE_RIGHTS_RESPONSE);
        if (hashSet != null) {
            Iterator<ZimbraACE> it2 = revokeRight.iterator();
            while (it2.hasNext()) {
                ToXML.encodeACE(createElement, it2.next());
            }
        }
        return createElement;
    }
}
