public function generate_access_policy($canonical_id, $canonical_name, $users)
{
$xml = simplexml_load_string($this->base_acp_xml);
$owner = $xml->addChild('Owner');
$owner->addChild('ID', $canonical_id);
$owner->addChild('DisplayName', $canonical_name);
$acl = $xml->addChild('AccessControlList');
foreach ($users as $user)
{
$grant = $acl->addChild('Grant');
$grantee = $grant->addChild('Grantee');
switch ($user['id'])
{
// Authorized Users
case self::USERS_AUTH:
$grantee->addAttribute('xsi:type', 'Group', 'http://www.w3.org/2001/XMLSchema-instance');
$grantee->addChild('URI', self::USERS_AUTH);
break;
// All Users
case self::USERS_ALL:
$grantee->addAttribute('xsi:type', 'Group', 'http://www.w3.org/2001/XMLSchema-instance');
$grantee->addChild('URI', self::USERS_ALL);
break;
// The Logging User
case self::USERS_LOGGING:
$grantee->addAttribute('xsi:type', 'Group', 'http://www.w3.org/2001/XMLSchema-instance');
$grantee->addChild('URI', self::USERS_LOGGING);
break;
// Email Address or Canonical Id
default:
if (strpos($user['id'], '@'))
{
$grantee->addAttribute('xsi:type', 'AmazonCustomerByEmail', 'http://www.w3.org/2001/XMLSchema-instance');
$grantee->addChild('EmailAddress', $user['id']);
}
else
{
// Assume Canonical Id
$grantee->addAttribute('xsi:type', 'CanonicalUser', 'http://www.w3.org/2001/XMLSchema-instance');
$grantee->addChild('ID', $user['id']);
}
break;
}
$grant->addChild('Permission', $user['permission']);
}
return $xml->asXML();
}