".app would like to access files.." dialog

I’m currently using this method to ask user’s for permission to access files (in my case volumes). I parse an XML file the user provides to see what volumes will need to be accessed and then preset SelectFolderDialogs to point to each volume and capture the folderitems when the user clicks the OK button (I understand the Select File/Folder dialog to be Apple’s preferred method of asking users for access permission - am I wrong about this?). I then create bookmarks from the captured folderitems, resolve them to a Security Scoped CFURLs, use them as needed in the app, and then store them in a prefs file for future use. All this works fine, but is awkward and a little confusing to the user. The SelectFolderDialog doesn’t always scroll to the right place to show the preset volume in the file list, etc. The way I would really like to ask the user for access is by displaying the system’s “My.app would like to access files on volume…” as shown below.

Is this possible? Here’s the code I use to create and resolve the SSBs.

  // create bookmark data
if f <> nil then
  dim options as UInt32 = CFBookmarkMBS.kCreationWithSecurityScope
  dim theURL as string = f.URLPath
  dim relativeToURL as FolderItem = nil
  theVolumeBookmarkData = CFBookmarkMBS.CreateBookmarkData(f, options, relativeToURL)
  dim error as CFErrorMBS = CFBookmarkMBS.LastError
  if error<>nil then
    msgbox("Error: "+Cstr(error.Description))
  end if
end if

  // resolve bookmark to Security Scoped URL
dim relativeURL as FolderItem = nil
dim isStale as Boolean
dim options as integer = CFBookmarkMBS.kResolutionWithSecurityScope
dim url as CFURLMBS = CFBookmarkMBS.ResolveBookmarkDataToCFURLMBS(theVolumeBookmarkData, options, relativeURL, isStale)

Is there another way of requesting access that will create the much neater dialog box above?
Many thanks for your help.

You can customize the dialog with Info.plist data to explain to the user why they should allow this.

See https://developer.apple.com/documentation/bundleresources/information_property_list/nsremovablevolumesusagedescription?language=objc

@Michael Diehr
Thanks, Michael, for the link. I’ll give it a try.

This is correct, Apple prefer us developers to use these dialogs.

Once you have the SSB (from a Sandboxed application) there shouldn’t be any need to ask the user again. Maybe I am misunderstanding something here, because the whole purpose of Security-Scoped Bodgemarks is to retain access to a location.

@Michael Diehr
Can I ask how you’re adding the NSRemovableVolumesUsageDescription key to your plist? I’m trying it in Xcode and keep getting the message “The file Resources” couldn’t be opened" and can’t make any new entries.

@Sam Rowlands
Sorry, Sam, I didn’t mean to imply the SSBs weren’t working correctly - they’re working great thanks to your help. As a result, I only have to ask the user for permission once per volume and then the SSBs are stored and can be reused successfully. It’s that initial time the user is asked for permission that I’d like to neaten up and use the system’s permission dialog instead of my own Select File/Folder dialog. I just don’t know how to trigger the system’s permission dialog. I tried opening a file on a removable drive without making an SSB but it doesn’t trigger the dialog. Instead, I get the “You can’t open this file because you don’t have permission” message. Could this be because I don’t have the NSRemovableVolumesUsageDescription key Michael mentions in my plist?

BTW, can the NSRemovableVolumesUsageDescription key be added with App Wrapper? See my problem in the post above when trying to add the key with Xcode.

Many thanks.

I don’t know if that would be accepted. Your application is Sandboxed (I’m assuming because you’re using SSBs), therefore the only way you could access that location without a Open/Save/SelectFolder dialog is to use a “Temporary” entitlement giving your application access to that specific location. It works, but the App Store reviewer may not approve it’s usage and you’ll be forced to remove it if you want to distribute your application on the Mac App Store. Temporary Entitlements were introduced back in macOS 10.7, to help developers migrate their existing applications into Sandboxed applications.

Yes.

Yes.

I just posted an alpha version of App Wrapper https://www.ohanaware.com/appwrapper/appWrapper3update311.dmg which includes more privacy options, there’s some other stuff that I’m working on yet that I haven’t completed, hence why it’s only an alpha.

You can also do this with any existing copy of App Wrapper 3, by going to the “Info” pane, and clicking the “+” icon under the first list, then selecting “Other” and entering in “NSRemovableVolumesUsageDescription” of type string.

@Sam Rowlands
Thanks, Sam. This explains why I haven’t been able to display the OS permission dialog in my app. I’ll stay with the method you recommended. It works great and I’m ready to send this app to MAS.

  • for testing, use this command to reset the permissions dialog to the default state:
tccutil rest All com.mycompany.myapp  
  • I’ve seen cases in Catalina where creating a Xojo folderItem from a URL or path does not trigger the permisisons dialog when I try to open the file for read or write. But if I create the folderItem using CFBookmarkMBS.Resolve() first, then it does work. See https://forum.xojo.com/57920-catalina-helper-app-file-permissions-inheritance/p1#p470554 (This is a non-MAS, non-Sandboxed app that has helper apps, so may not be the same as your situation)