generate_access_policy ( $canonical_id, $canonical_name, $users )

Generates the XML to be used for the Access Control Policy.

Access

public

Parameters

Parameter

Type

Required

Description

$canonical_id

string

Required

The canonical ID for the bucket owner. This is provided as the id return value from get_canonical_user_id().

$canonical_name

string

Required

The canonical display name for the bucket owner. This is provided as the display_name value from get_canonical_user_id().

$users

array

Required

An array of associative arrays. Each associative array contains an id value and a permission value.

Returns

Type

Description

string

Access Control Policy XML.

See Also

Source

Method defined in services/s3.class.php | Toggle source view (54 lines) | View on GitHub

public function generate_access_policy($canonical_id, $canonical_name, $users)
{
    $xml = simplexml_load_string($this->base_acp_xml);
    $owner = $xml->addChild('Owner');
    $owner->addChild('ID', $canonical_id);
    $owner->addChild('DisplayName', $canonical_name);
    $acl = $xml->addChild('AccessControlList');

    foreach ($users as $user)
    {
        $grant = $acl->addChild('Grant');
        $grantee = $grant->addChild('Grantee');

        switch ($user['id'])
        {
            // Authorized Users
            case self::USERS_AUTH:
                $grantee->addAttribute('xsi:type', 'Group', 'http://www.w3.org/2001/XMLSchema-instance');
                $grantee->addChild('URI', self::USERS_AUTH);
                break;

            // All Users
            case self::USERS_ALL:
                $grantee->addAttribute('xsi:type', 'Group', 'http://www.w3.org/2001/XMLSchema-instance');
                $grantee->addChild('URI', self::USERS_ALL);
                break;

            // The Logging User
            case self::USERS_LOGGING:
                $grantee->addAttribute('xsi:type', 'Group', 'http://www.w3.org/2001/XMLSchema-instance');
                $grantee->addChild('URI', self::USERS_LOGGING);
                break;

            // Email Address or Canonical Id
            default:
                if (strpos($user['id'], '@'))
                {
                    $grantee->addAttribute('xsi:type', 'AmazonCustomerByEmail', 'http://www.w3.org/2001/XMLSchema-instance');
                    $grantee->addChild('EmailAddress', $user['id']);
                }
                else
                {
                    // Assume Canonical Id
                    $grantee->addAttribute('xsi:type', 'CanonicalUser', 'http://www.w3.org/2001/XMLSchema-instance');
                    $grantee->addChild('ID', $user['id']);
                }
                break;
        }

        $grant->addChild('Permission', $user['permission']);
    }

    return $xml->asXML();
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback