## Amazon S3 - Access Control List representation ## Author: Michal Ludvig <michal@logix.cz> ## http://www.logix.cz/michal ## License: GPL Version 2 from Utils import * try: import xml.etree.ElementTree as ET except ImportError: import elementtree.ElementTree as ET class ACL(object): EMPTY_ACL = """ <AccessControlPolicy> <AccessControlList> </AccessControlList> </AccessControlPolicy> """ GRANT_PUBLIC_READ = """ <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"> <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI> </Grantee> <Permission>READ</Permission> </Grant> """ def __init__(self, xml = None): if not xml: xml = ACL.EMPTY_ACL self.tree = getTreeFromXml(xml) def getGrants(self): acl = {} for grant in self.tree.findall(".//Grant"): grantee = grant.find(".//Grantee") grantee = dict([(tag.tag, tag.text) for tag in grant.find(".//Grantee")]) if grantee.has_key('DisplayName'): user = grantee['DisplayName'] elif grantee.has_key('URI'): user = grantee['URI'] if user == 'http://acs.amazonaws.com/groups/global/AllUsers': user = "*anon*" else: user = grantee[grantee.keys()[0]] acl[user] = grant.find('Permission').text return acl if __name__ == "__main__": xml = """<?xml version="1.0" encoding="UTF-8"?> <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <Owner> <ID>12345678901234567890</ID> <DisplayName>owner-nickname</DisplayName> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"> <ID>12345678901234567890</ID> <DisplayName>owner-nickname</DisplayName> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"> <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI> </Grantee> <Permission>READ</Permission> </Grant> </AccessControlList> </AccessControlPolicy> """ acl = ACL(xml) print acl.getGrants()