@@ -1,5 +1,9 @@

 2009-01-07  Michal Ludvig  <michal@logix.cz>

+	* S3/ACL.py: Keep ACL internally as a list of of 'Grantee' objects.

+

+2009-01-07  Michal Ludvig  <michal@logix.cz>

+

 	* S3/ACL.py: New object for handling ACL issues.

 	* S3/S3.py: Moved most of S3.get_acl() to ACL class.

 	* S3/Utils.py: Reworked XML helpers - remove XMLNS before 

@@ -10,6 +10,30 @@ try:

 except ImportError:

 	import elementtree.ElementTree as ET

+class Grantee(object):

+	ALL_USERS_URI = "http://acs.amazonaws.com/groups/global/AllUsers"

+

+	xsi_type = None

+	tag = None

+	name = None

+	display_name = None

+	permission = None

+

+	def __str__(self):

+		return '%(name)s : %(permission)s' % { "name" : self.name, "permission" : self.permission }

+

+	def isAllUsers(self):

+		return self.tag == "URI" and self.name == Grantee.ALL_USERS_URI

+	

+	def isAnonRead(self):

+		return self.isAllUsers and self.permission == "READ"

+

+class GranteeAnonRead(Grantee):

+	xsi_type = "Group"

+	tag = "URI"

+	name = Grantee.ALL_USERS_URI

+	permission = "READ"

+

 class ACL(object):

 	EMPTY_ACL = """

 	<AccessControlPolicy>

@@ -17,35 +41,58 @@ class ACL(object):

 		</AccessControlList>

 	</AccessControlPolicy>

 	"""

-	GRANT_PUBLIC_READ = """

-	<Grant>

-		<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">

-			<URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>

-		</Grantee>

-		<Permission>READ</Permission>

-	</Grant>

-	"""

+

+	grants = []

+

 	def __init__(self, xml = None):

 		if not xml:

 			xml = ACL.EMPTY_ACL

 		self.tree = getTreeFromXml(xml)

+		self.grants = self.parseGrants()

-	def getGrants(self):

-		acl = {}

+	def parseGrants(self):

 		for grant in self.tree.findall(".//Grant"):

-			grantee = grant.find(".//Grantee")

-			grantee = dict([(tag.tag, tag.text) for tag in grant.find(".//Grantee")])

-			if grantee.has_key('DisplayName'):

-				user = grantee['DisplayName']

-			elif grantee.has_key('URI'):

-				user = grantee['URI']

-				if user == 'http://acs.amazonaws.com/groups/global/AllUsers':

-					user = "*anon*"

+			grantee = Grantee()

+			g = grant.find(".//Grantee")

+			grantee.xsi_type = g.attrib['{http://www.w3.org/2001/XMLSchema-instance}type']

+			grantee.permission = grant.find('Permission').text

+			for el in g:

+				if el.tag == "DisplayName":

+					grantee.display_name = el.text

+				else:

+					grantee.tag = el.tag

+					grantee.name = el.text

+			self.grants.append(grantee)

+		return self.grants

+

+	def getGrantList(self):

+		acl = {}

+		for grantee in self.grants:

+			if grantee.display_name:

+				user = grantee.display_name

+			elif grantee.isAllUsers():

+				user = "*anon*"

 			else:

-				user = grantee[grantee.keys()[0]]

-			acl[user] = grant.find('Permission').text

+				user = grantee.name

+			acl[user] = grantee.permission

 		return acl

+	def isAnonRead(self):

+		for grantee in self.grants:

+			if grantee.isAnonRead():

+				return True

+		return False

+	

+	def grantAnonRead(self):

+		if not self.isAnonRead():

+			self.grants.append(GranteeAnonRead())

+	

+	def revokeAnonRead(self):

+		self.grants = [g for g in self.grants if not g.isAnonRead()]

+

+	def __str__(self):

+		return ET.tostring(self.tree)

+

 if __name__ == "__main__":

 	xml = """<?xml version="1.0" encoding="UTF-8"?>

 <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">

@@ -71,4 +118,9 @@ if __name__ == "__main__":

 </AccessControlPolicy>

 	"""

 	acl = ACL(xml)

-	print acl.getGrants()

+	print "Grants:", acl.getGrantList()

+	acl.revokeAnonRead()

+	print "Grants:", acl.getGrantList()

+	acl.grantAnonRead()

+	print "Grants:", acl.getGrantList()

+	#print acl

@@ -254,7 +254,7 @@ class S3(object):

 		response = self.send_request(request)

 		acl = ACL(response['data'])

-		return acl.getGrants()

+		return acl.getGrantList()

 	## Low level methods

 	def urlencode_string(self, string):