package com.zimbra.cs.service.admin;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AdminConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.Cos;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.accesscontrol.AdminRight;
import com.zimbra.cs.account.accesscontrol.Rights;
import com.zimbra.cs.account.soap.SoapProvisioning;
import com.zimbra.cs.httpclient.URLUtil;
import com.zimbra.cs.mailclient.imap.ImapResponse;
import com.zimbra.cs.service.admin.AdminRightCheckPoint;
import com.zimbra.cs.session.AdminSession;
import com.zimbra.cs.session.Session;
import com.zimbra.soap.JaxbUtil;
import com.zimbra.soap.ZimbraSoapContext;
import com.zimbra.soap.admin.message.ModifyAccountRequest;
import com.zimbra.soap.admin.type.CacheEntryType;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/zimbra/cs/service/admin/ModifyAccount.class */
public class ModifyAccount extends AdminDocumentHandler {
    private static final String[] TARGET_ACCOUNT_PATH = {"id"};

    @Override // com.zimbra.cs.service.admin.AdminDocumentHandler
    protected String[] getProxiedAccountPath() {
        return TARGET_ACCOUNT_PATH;
    }

    @Override // com.zimbra.soap.DocumentHandler
    public boolean domainAuthSufficient(Map map) {
        return true;
    }

    @Override // com.zimbra.soap.DocumentHandler
    public boolean defendsAgainstDelegateAdminAccountHarvesting() {
        return true;
    }

    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        AdminSession adminSession;
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Provisioning provisioning = Provisioning.getInstance();
        ModifyAccountRequest modifyAccountRequest = (ModifyAccountRequest) JaxbUtil.elementToJaxb(element);
        AuthToken authToken = zimbraSoapContext.getAuthToken();
        String id = modifyAccountRequest.getId();
        if (null == id) {
            throw ServiceException.INVALID_REQUEST("missing required attribute: id", (Throwable) null);
        }
        Account account = provisioning.get(Key.AccountBy.id, id, authToken);
        Map<String, Object> attrsAsOldMultimap = modifyAccountRequest.getAttrsAsOldMultimap();
        defendAgainstAccountHarvesting(account, Key.AccountBy.id, id, zimbraSoapContext, attrsAsOldMultimap);
        long longAttr = account.getLongAttr("zimbraMailQuota", 0L);
        checkQuota(zimbraSoapContext, account, attrsAsOldMultimap);
        checkCos(zimbraSoapContext, account, attrsAsOldMultimap);
        Server server = null;
        String stringAttrNewValue = getStringAttrNewValue("zimbraMailHost", attrsAsOldMultimap);
        if (stringAttrNewValue != null) {
            server = Provisioning.getInstance().getServerByName(stringAttrNewValue);
            defendAgainstServerNameHarvesting(server, Key.ServerBy.name, stringAttrNewValue, zimbraSoapContext, Rights.Admin.R_listServer);
        }
        provisioning.modifyAttrs(account, attrsAsOldMultimap, true);
        Account account2 = provisioning.get(Key.AccountBy.id, id, zimbraSoapContext.getAuthToken());
        ZimbraLog.security.info(ZimbraLog.encodeAttrs(new String[]{"cmd", "ModifyAccount", "name", account2.getName()}, attrsAsOldMultimap));
        if (server != null) {
            checkNewServer(zimbraSoapContext, map, account2, server);
        }
        if (account2.getLongAttr("zimbraMailQuota", 0L) != longAttr && (adminSession = (AdminSession) getSession(zimbraSoapContext, Session.Type.ADMIN)) != null) {
            GetQuotaUsage.clearCachedQuotaUsage(adminSession);
        }
        Element createElement = zimbraSoapContext.createElement(AdminConstants.MODIFY_ACCOUNT_RESPONSE);
        ToXML.encodeAccount(createElement, account2);
        return createElement;
    }

    public static String getStringAttrNewValue(String str, Map<String, Object> map) throws ServiceException {
        Object obj = map.get(str);
        if (obj == null) {
            obj = map.get(ImapResponse.CONTINUATION + str);
        }
        if (obj == null) {
            obj = map.get("-" + str);
        }
        if (obj == null) {
            return null;
        }
        if (obj instanceof String) {
            return (String) obj;
        }
        throw ServiceException.PERM_DENIED("can not modify " + str + "(single valued attribute)");
    }

    private void checkQuota(ZimbraSoapContext zimbraSoapContext, Account account, Map<String, Object> map) throws ServiceException {
        long parseLong;
        String stringAttrNewValue = getStringAttrNewValue("zimbraMailQuota", map);
        if (stringAttrNewValue == null) {
            return;
        }
        if (stringAttrNewValue.equals("")) {
            parseLong = Provisioning.getInstance().getCOS(account).getIntAttr("zimbraMailQuota", 0);
        } else {
            try {
                parseLong = Long.parseLong(stringAttrNewValue);
            } catch (NumberFormatException e) {
                throw AccountServiceException.INVALID_ATTR_VALUE("can not modify mail quota (invalid format): " + stringAttrNewValue, e);
            }
        }
        if (!canModifyMailQuota(zimbraSoapContext, account, parseLong)) {
            throw ServiceException.PERM_DENIED("can not modify mail quota, domain admin can only modify quota if zimbraDomainAdminMaxMailQuota is set to 0 or set to a certain value and quota is less than that value.");
        }
    }

    private void checkCos(ZimbraSoapContext zimbraSoapContext, Account account, Map<String, Object> map) throws ServiceException {
        Domain domain;
        String stringAttrNewValue = getStringAttrNewValue("zimbraCOSId", map);
        if (stringAttrNewValue == null) {
            return;
        }
        Provisioning provisioning = Provisioning.getInstance();
        if (stringAttrNewValue.equals("") && (domain = provisioning.getDomain(account)) != null) {
            stringAttrNewValue = account.isIsExternalVirtualAccount() ? domain.getDomainDefaultExternalUserCOSId() : domain.getDomainDefaultCOSId();
            if (stringAttrNewValue == null) {
                return;
            }
        }
        Cos cos = provisioning.get(Key.CosBy.id, stringAttrNewValue);
        if (cos == null) {
            throw AccountServiceException.NO_SUCH_COS(stringAttrNewValue);
        }
        checkRight(zimbraSoapContext, cos, Rights.Admin.R_assignCos);
    }

    private void checkNewServer(ZimbraSoapContext zimbraSoapContext, Map<String, Object> map, Account account, Server server) {
        try {
            if (!Provisioning.onLocalServer(account) && server != null) {
                SoapProvisioning soapProvisioning = new SoapProvisioning();
                soapProvisioning.soapSetURI(URLUtil.getAdminURL(server, "/service/admin/soap/", true));
                soapProvisioning.soapZimbraAdminAuthenticate();
                soapProvisioning.flushCache(CacheEntryType.account, new Provisioning.CacheEntry[]{new Provisioning.CacheEntry(Key.CacheEntryBy.id, account.getId())});
            }
        } catch (ServiceException e) {
            ZimbraLog.mailbox.warn("cannot flush account cache on server " + (server == null ? "" : server.getName()) + " for " + account.getName(), e);
        }
    }

    @Override // com.zimbra.cs.service.admin.AdminDocumentHandler, com.zimbra.cs.service.admin.AdminRightCheckPoint
    public void docRights(List<AdminRight> list, List<String> list2) {
        list.add(Rights.Admin.R_assignCos);
        list2.add(String.format(AdminRightCheckPoint.Notes.MODIFY_ENTRY, Rights.Admin.R_modifyAccount.getName(), "account") + "\n");
        list2.add("Notes on zimbraCOSId: If setting zimbraCOSId, needs the " + Rights.Admin.R_assignCos.getName() + " right on the cos.If removing zimbraCOSId, needs the " + Rights.Admin.R_assignCos.getName() + " right on the domain default cos. (in domain attribute zimbraDomainDefaultCOSId).");
        list2.add(String.format("When changing %s attribute, %s right on the server identified by new %s is required.", "zimbraMailHost", Rights.Admin.R_listServer, "zimbraMailHost"));
    }
}
