Cocoa sandbox - reopen files when restarting app - file

I have a sandboxed Cocoa app. It has a one window, multi-tabbed UI. I don't use NSDocument, but it is an app that can edit multiple "documents". When the app closes I save a list of the open documents. When I restart the apps, I try to re-open them in tabs.
This works fine when all the document files are in the sandboxed documents directory. However, users can also open files outside the sandbox. When the app is restarted, these files cannot be opened because of sandbox permissions, the file is not readable. I do understand that normally the user has to chose the out-of-sandbox file from an open dialog.
The files are in the "Recent Files" list and can be opened that way.
There must be a way to do this since that is how most text editors work. Is there a magic entitlement or call I'm missing?

You need security-scoped bookmarks.
Check out the Security-Scoped Bookmarks and Persistent Resource Access section of the Apple's App Sandbox Design Guide.
Your app’s access to file-system locations outside of its container—as
granted to your app by way of user intent, such as through
Powerbox—does not automatically persist across app launches or system
restarts. When your app reopens, you have to start over.
...
Starting in OS X v10.7.3, you can retain access to file-system resources by
employing a security mechanism, known as security-scoped bookmarks,
that preserves user intent.
I'd summarize it here, but the above link has everything you need.

Related

How can I dynamically use images outside of my reactjs project?

I am developing a client-only ReactJS application (only for local usage) where I need to save and load images by filepaths (URL and local file system).
The paths are stored in the local storage and images from URLs can be used. Anyway, local images cannot since ReactJS is using the project directory and I cannot escape it.
Is there the possibility to open files with absolute path from the local file system or can I/do I have to upload it in the project directory?
Are you running this through a browser? If so Javascript on browsers does not yet have the ability to access local file systems. I haven't tried this but you could run Node locally and use ExpressJs for client-server communication.
As stated here:
you'll need two pieces:
A browser piece, which does the UI with the user.
A Node piece, which runs on the user's machine (and thus can access the file system) and which the browser piece uses to do the actual file operations.
Probably the easiest way for the pieces to interact would be HTTP, which you can trivially support using ExpressJS.
So for instance, if the user wants to delete a file:
User clicks something to say "delete this file"
Browser JavaScript sends the command to the Node process over HTTP via ajax
Node process does the deletion and reports success/failure
Browser JavaScript displays the result

Codename One Preferences/Storage permissions

I have developed and published an app in Google Play Store, which only send simple String request to REST API and store the results in the Preferences. The same app is also submitted to Windows Store for publication, however it was rejected due to the following reason:
The app declares use of the sensitive capability [musicLibrary, picturesLibrary, videosLibrary] without appearing to access the declared capability. Please removed the sensitive capability declaration and re-submit the app.
Upon inspection to Google Play Store submission, I noticed the same permissions are requested:
This app has access to:Photos/Media/Filesread the contents of your USB storagemodify or delete the contents of your USB storageStorageread the contents of your USB storagemodify or delete the contents of your USB storageOtherreceive data from Internetview network connectionsfull network accessprevent device from sleeping
So my question is, do Preferences really need these permissions, or can I set some kind of build hints to remove these permission requests, especially for UWP build? I have also tried to set android.blockExternalStoragePermission build hint, but the permissions are still requested in Android build. I have yet to try iOS build since currently I don't have Apple Developer account.
Thank you very much in advance.
Edit #1 (23/10/2018):
Upon further inspection, I found that I have mistakenly uploaded the version that didn't declare android.blockExternalStoragePermission to Google Play Store, so all good on Android version.
Currently I'm not using any of cn1libs, and here's the list of all classes imported in my application:
java.util.HashMapjava.util.Mapjava.util.Randomcom.codename1.components.InfiniteProgresscom.codename1.components.ToastBarcom.codename1.components.ToastBar.Statuscom.codename1.io.CharArrayReadercom.codename1.io.JSONParsercom.codename1.io.Logcom.codename1.io.NetworkManagercom.codename1.io.Preferencescom.codename1.io.rest.Responsecom.codename1.io.rest.Restcom.codename1.l10n.L10NManagercom.codename1.ui.Buttoncom.codename1.ui.Componentcom.codename1.ui.Containercom.codename1.ui.Dialogcom.codename1.ui.FontImagecom.codename1.ui.Formcom.codename1.ui.Labelcom.codename1.ui.events.ActionEventcom.codename1.ui.events.ActionListenercom.codename1.ui.layouts.BorderLayoutcom.codename1.ui.layouts.FlowLayoutcom.codename1.ui.layouts.GridLayoutcom.codename1.ui.plaf.Bordercom.codename1.ui.plaf.Stylecom.codename1.ui.plaf.UIManagercom.codename1.ui.util.Resources
So my original question remain, how do I set the build hints to prevent the same external storage read/write permission in Windows and iOS?
See the section titled "Android Permissions" here, for a list of some API's that might trigger extra permissions. I suggest extracting the manifest from the XML and inspecting it. It should include two permissions based on your description you should have two permissions there:
android.permission.WRITE_EXTERNAL_STORAGE - which you should have been disabled when you applied android.blockExternalStoragePermission
android.permission.INTERNET - this one you actually need
I'm assuming you have a permission for media access and here it becomes a question of where it came from?
Did you use a cn1lib that might include a feature that triggers this?
Do you have a feature in the app that isn't active yet?
Once you have the specific name or results of this investigation comment here and I'll revise the answer with more details.

Multiple Portal Content Export/Backup

I have multiple portals on my DNN host, each with their own set of 2SXC Content/Apps. Is there a way to export content/apps from all portals without having to go into each portal separately? I don't necessarily want to back up an entire server, when the only thing that has changed is perhaps some content on the site.
The reason this has come up is because I recently had a site that has become unreachable. It exists on the server, but does not respond to any requests. Since I cannot log into the site, I cannot backup their 2SXC Content & Apps. And the only way to do a proper backup across all sites is to image the entire server and database.
There is no way to export everything, BUT you can cheat :)
If you open an App-Admin-Dialog (or the "Manage All Apps" dialog) with Shift-Click, you'll get a new window and that will contain a zone-id and app-id in the URL. You can mess with these to actually point to the other portal / app and do an export from there.
But you may run into problems when exporting - because some paths may be wrong. But I would give it a try before you do anything else.

only logged in users can play audio from our server

We have made a silverlight application where users can preview audio files from their browser from the telerik radmediaplayer control.
The files are on a webserver and anyone who sniffs the trafic can download the file.
We would like to prevent non-logged-in users from accessing/downloading these files.
Besides providing the application with some sort of temporary valid url and implementing a custom httphandler... what are our options?
It's not too big of a problem if our customers can download the files, we just don't want the rest of the world to also have access.
Any ideas would be more than welcome!
[Update]
The only thing I can come up with is:
host the files in a non-public folder
if a user requests to prelisten a file, copy it to a public folder under a new name ([guid].mp3) and return it's url
every x minutes clean the public folder.
Don't let the web server serve up the files straight out of a directory. Put part of your application in front, and left one of your server-side scripts serve up these files. Keep the raw audio files out of the web root.
For instance, your client-side application would access files like so:
http://someserver/yourscript?audio_asset_id=12345
The code at yourscript would verify the session data, ensuring that a user is logged in, would then go figure out the real path to asset ID 12345, and echo its contents to the client. Don't forget to include the proper Content-Type header as well.
Once the accessing of these assets is under your control, you can implement whatever security measures you like. If your sessions area already pretty well safe-guarded, this should be fine. I would also recommend implementing sane quotas. If you get 100 requests on an asset using the same session ID from multiple IP addresses... something isn't right.

Open and Save Word files through internet

I have a situation that override my knowledge. Here is situation:
A simple web based system store a Word files. Users create them locally, then upload them to server. After that, another user can download, edit and upload again. All that is okay, but that steps of repeating Download/Upload cause troubles - in case when user forgot to upload after he make changes. The prerequisites is that they want to use only Word, so i can't use any web editors like CKEditor or Google Documents.
So - a question - is there a way to let users open/save that DOC files with Word without setting a VPN?
Server is a Windows 2008, and language is ASP.NET / classicASP. User access system via browsers.
I think you can embed a plugin called aceoffix in your web system, if the customers do not have to download, upload and save back to server. With aceoffix they can edit online and save back to the server directly. It is exactly the same interface as MS Office. Hope this will be helpful.
How about a tiny app (on clients) to act as a syncronizer (using FTP) ?
I think an embedded Word viewer would be something quite complex to pull off - especially if they require the native, proper and exact Word look/menus.
One alternative is to provide a plugin to your users, where they can access/sync documents directly from/to the server. But then you aren't using the a web site but a local plugin, which comes with its own headaches of course.
Creating a Word plugin is a nice way to make it seem like something "in the Office program" when you have actually created it yourself, so that your user don't have to feel like they are using another program. My idea is that you could create a way for users to load a Word file from the server, do changes to it and then upload them back to the server automatically.

Resources