package com.zimbra.cs.service.account;

import com.google.common.collect.Lists;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AccountConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Entry;
import com.zimbra.cs.account.NamedEntry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.RightManager;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.accesscontrol.UserRight;
import com.zimbra.cs.service.PreAuthServlet;
import com.zimbra.cs.util.AccountUtil;
import com.zimbra.soap.ZimbraSoapContext;
import com.zimbra.soap.type.TargetBy;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/zimbra/cs/service/account/CheckRights.class */
public class CheckRights extends AccountDocumentHandler {

    /* loaded from: input_file:com/zimbra/cs/service/account/CheckRights$RequestedTarget.class */
    private static class RequestedTarget {
        private Entry targetEntry;
        private TargetType targetType;
        private TargetBy targetBy;
        private String targetKey;
        private List<UserRight> rights;

        private RequestedTarget(Entry entry, TargetType targetType, TargetBy targetBy, String str) {
            this.rights = Lists.newArrayList();
            this.targetEntry = entry;
            this.targetType = targetType;
            this.targetBy = targetBy;
            this.targetKey = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addRight(UserRight userRight) {
            this.rights.add(userRight);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Entry getTargetEntry() {
            return this.targetEntry;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public TargetType getTargetType() {
            return this.targetType;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public TargetBy getTargetBy() {
            return this.targetBy;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getTargetKey() {
            return this.targetKey;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public List<UserRight> getRights() {
            return this.rights;
        }
    }

    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Provisioning provisioning = Provisioning.getInstance();
        ArrayList<RequestedTarget> newArrayList = Lists.newArrayList();
        for (Element element2 : element.listElements("target")) {
            TargetType fromCode = TargetType.fromCode(element2.getAttribute("type"));
            TargetBy fromString = TargetBy.fromString(element2.getAttribute(PreAuthServlet.PARAM_BY));
            String attribute = element2.getAttribute("key");
            RequestedTarget requestedTarget = new RequestedTarget(findEntry(provisioning, fromCode, fromString, attribute), fromCode, fromString, attribute);
            newArrayList.add(requestedTarget);
            Iterator it = element2.listElements("right").iterator();
            while (it.hasNext()) {
                requestedTarget.addRight(RightManager.getInstance().getUserRight(((Element) it.next()).getText()));
            }
            if (requestedTarget.getRights().size() == 0) {
                throw ServiceException.INVALID_REQUEST("missing right for target: " + attribute, (Throwable) null);
            }
        }
        Element createElement = zimbraSoapContext.createElement(AccountConstants.CHECK_RIGHTS_RESPONSE);
        AccessManager accessManager = AccessManager.getInstance();
        for (RequestedTarget requestedTarget2 : newArrayList) {
            Entry targetEntry = requestedTarget2.getTargetEntry();
            Element addElement = createElement.addElement("target");
            addElement.addAttribute("type", requestedTarget2.getTargetType().getCode());
            addElement.addAttribute(PreAuthServlet.PARAM_BY, requestedTarget2.getTargetBy().name());
            addElement.addAttribute("key", requestedTarget2.getTargetKey());
            boolean z = true;
            for (UserRight userRight : requestedTarget2.getRights()) {
                boolean canDo = accessManager.canDo(zimbraSoapContext.getAuthToken(), targetEntry, (Right) userRight, false);
                if (canDo && DiscoverRights.isDelegatedSendRight(userRight) && TargetBy.name == requestedTarget2.getTargetBy()) {
                    canDo = AccountUtil.isAllowedSendAddress((NamedEntry) targetEntry, requestedTarget2.getTargetKey());
                }
                addElement.addElement("right").addAttribute("allow", canDo).setText(userRight.getName());
                z &= canDo;
            }
            addElement.addAttribute("allow", z);
        }
        return createElement;
    }

    private Entry findEntry(Provisioning provisioning, TargetType targetType, TargetBy targetBy, String str) throws ServiceException {
        switch (targetType) {
            case account:
            case calresource:
            case dl:
            case group:
            case domain:
                Entry lookupTarget = TargetType.lookupTarget(provisioning, targetType, targetBy, str, false);
                if (lookupTarget == null && TargetBy.id == targetBy) {
                    throw ServiceException.INVALID_REQUEST("no such entry: " + str, (Throwable) null);
                }
                return lookupTarget;
            default:
                throw ServiceException.INVALID_REQUEST("unsupported target type: " + targetType.getCode(), (Throwable) null);
        }
    }
}
