Interesting.
I should mention I hadn't turned on sandboxing in this project. When I turn it
on, and I set the "User Selected File" entitlement to "Read Only", I get the
same behavior as before: TextEdit.app is selected in the panel's column view,
and it's treated like a regular (non-bundle) directory, with "Contents" exposed
in the next column. The same happens, by the way, with other package types
like .playground and .rtfd, so it isn't specific to .app. I will file a Radar
for this, as the NSOpenPanel is clearly not respecting its own
treatsFilePackagesAsDirectories property when it is initially displayed, though
it does thereafter.
Given that Apple seemingly does not want NSOpenPanel to pre-select "files"
(including packages that we pretend are not directories), I would say it's also
a bug that my NSOpenPanel was able to pre-select TextEdit.app. I mean "bug" in
the sense of "not working as Apple intended", as opposed to what my druthers
would be.
--Andy
On Jun 24, 2016, at 11:31 PM, Charles Srstka <cocoa...@charlessoft.com> wrote:
>
>> On Jun 24, 2016, at 7:47 PM, Quincey Morris
>> <quinceymor...@rivergatesoftware.com> wrote:
>>
>> On Jun 24, 2016, at 16:24 , Charles Srstka <cocoa...@charlessoft.com> wrote:
>>>
>>> How could this be a security threat, when a malicious program could just
>>> set canChooseDirectories to true, open the panel to the app’s parent
>>> directory, and spearphish the user into clicking OK on that?
>>
>> (I wasn’t referring to opening apps, but to files generally.)
>>
>> Clicking OK won’t do anything until the user selects something, and the app
>> can’t preset or change the selection. Maybe my logic is incorrect, but this
>> seems to me to prevent attempts to fool the user into choosing something
>> unintended.
>
> func readTheFile(url: NSURL) {
> do {
> let data = try NSData(contentsOfURL: url, options: [])
> guard let string = String(data: data, encoding: NSUTF8StringEncoding)
> else {
> throw NSCocoaError.FileReadCorruptFileError
> }
>
> print("Contents of file: \(string)")
> } catch {
> print("Error occurred: \(error)")
> }
> }
>
> let url = NSURL(fileURLWithPath: "/path/to/MyGreatFile.txt")
>
> print("First attempt:")
> readTheFile(url)
>
> let dirURL: NSURL = {
> while true {
> let openPanel = NSOpenPanel()
>
> openPanel.canChooseDirectories = true
> openPanel.directoryURL = url.URLByDeletingLastPathComponent
> openPanel.prompt = "OK"
> openPanel.message = "Please click OK"
>
> let answer = openPanel.runModal()
>
> if answer == NSFileHandlingPanelOKButton, let openPanelURL =
> openPanel.URL where openPanelURL == url.URLByDeletingLastPathComponent {
> return openPanelURL
> } else {
> let alert = NSAlert()
>
> alert.messageText = "Hey buddy, click the OK button when I tell
> you to, okay?"
>
> alert.runModal()
> }
> }
> }()
>
> print("Second attempt:")
>
> dirURL.startAccessingSecurityScopedResource()
> readTheFile(url)
> dirURL.stopAccessingSecurityScopedResource()
>
> --
>
> After clicking OK when asked, this outputs:
>
> First attempt:
> Error occurred: Error Domain=NSCocoaErrorDomain Code=257 "The file
> “MyGreatFile.txt” couldn’t be opened because you don’t have permission to
> view it." UserInfo={NSFilePath=/path/to/MyGreatFile.txt,
> NSUnderlyingError=0x600000046750 {Error Domain=NSPOSIXErrorDomain Code=1
> "Operation not permitted"}}
> Second attempt:
> Contents of file: This is my great file!
>
> Charles
>
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
