#include <KisMacosSecurityBookmarkManager.h>

Inheritance diagram for KisMacosSecurityBookmarkManager:

Classes
class	Private

Public Types
enum	SecurityBookmarkType { File = 0 , Directory }

Public Slots
void	addBookmarkAndCheckParentDir (const QUrl &url)

void	slotCreateBookmark (const QString &path)

Public Member Functions
void	createBookmarkFromPath (const QString &path, const QString &refpath, SecurityBookmarkType type=SecurityBookmarkType::File)

bool	isSandboxed ()

	KisMacosSecurityBookmarkManager ()

void	loadSecurityScopedResources ()

bool	parentDirHasPermissions (const QString &path)

bool	requestAccessToDir (const QString &path)

void	startAccessingSecurityScopedResources ()

void	stopAccessingSecurityScopedResources ()

	~KisMacosSecurityBookmarkManager ()

Static Public Member Functions
static KisMacosSecurityBookmarkManager *	instance ()

Private Member Functions
QUrl	decodeBookmarkToURL (QString encodedPath)

void	loadKeysFromArray (SecurityBookmarkType)

QString	securityBookmarkTypeToString (const SecurityBookmarkType)

Private Attributes
const QScopedPointer< Private >	m_d

Detailed Description

Definition at line 15 of file KisMacosSecurityBookmarkManager.h.

Member Enumeration Documentation

◆ SecurityBookmarkType

enum KisMacosSecurityBookmarkManager::SecurityBookmarkType

Enumerator
File
Directory

Definition at line 20 of file KisMacosSecurityBookmarkManager.h.

                              {
        File = 0,
        Directory
    };

Constructor & Destructor Documentation

◆ KisMacosSecurityBookmarkManager()

KisMacosSecurityBookmarkManager::KisMacosSecurityBookmarkManager ( )

explicit

Definition at line 62 of file KisMacosSecurityBookmarkManager.mm.

    : m_d(new Private())
{
    loadSecurityScopedResources();
    startAccessingSecurityScopedResources();
}

References loadSecurityScopedResources(), and startAccessingSecurityScopedResources().

◆ ~KisMacosSecurityBookmarkManager()

KisMacosSecurityBookmarkManager::~KisMacosSecurityBookmarkManager ( )

Definition at line 69 of file KisMacosSecurityBookmarkManager.mm.

{
    stopAccessingSecurityScopedResources();
}

References stopAccessingSecurityScopedResources().

Member Function Documentation

◆ addBookmarkAndCheckParentDir

void KisMacosSecurityBookmarkManager::addBookmarkAndCheckParentDir ( const QUrl & url )

slot

Definition at line 236 of file KisMacosSecurityBookmarkManager.mm.

{
    const QString path = url.toDisplayString(QUrl::None);
    qDebug() << "1 inserting to sandbox" << url << path;
    if (!parentDirHasPermissions(path)) {
        // we can't force the user to select a directory in particular
        // we add the bookmark even if the file root directory was selected
        createBookmarkFromPath(path, QString());
 
        requestAccessToDir(path);
    }
}

References createBookmarkFromPath(), parentDirHasPermissions(), and requestAccessToDir().

◆ createBookmarkFromPath()

void KisMacosSecurityBookmarkManager::createBookmarkFromPath	(	const QString &	path,
		const QString &	refpath,
		SecurityBookmarkType	type = SecurityBookmarkType::File )

Creates a bookmark security scope for diven path

Parameters

path	File path returned from NSOpenPanel
refpath	If non empty creates the security key relative to the reference path. This is useful for documents referring to other documents

Definition at line 86 of file KisMacosSecurityBookmarkManager.mm.

{
    if(path.isEmpty()) {
        return;
    }
    NSURLBookmarkCreationOptions
        options = m_d->entitlements.hasEntitlement(KisMacosEntitlements::Entitlements::BookmarkScopeApp) ? NSURLBookmarkCreationWithSecurityScope : 0;
    NSError *err = nil;
 
    NSString *pathEscaped = [path.toNSString() stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLFragmentAllowedCharacterSet]];
    NSURL *url = [NSURL URLWithString:pathEscaped];
 
    NSURL *refurl = nil;
    if (!refpath.isEmpty()) {
        NSString *refpathEscaped = [refpath.toNSString() stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLFragmentAllowedCharacterSet]];
        refurl = [NSURL URLWithString:refpathEscaped];
    }
 
    // working with paths as strings
    // this assumes user used NSOpenPanel on the path itself
 
    // Create bookmark
    NSData *bookmark = [url bookmarkDataWithOptions: options includingResourceValuesForKeys: nil relativeToURL: refurl error:&err];
    NSString *bookmarkString = [bookmark base64EncodedStringWithOptions: NSDataBase64Encoding64CharacterLineLength];
    NSLog(@" path: %@\n err: %@", pathEscaped, err);
 
    if (!err) {
        [url startAccessingSecurityScopedResource];
 
        QString base64Data = QString::fromNSString(bookmarkString);
        // write to file
        const QString configPath = QStandardPaths::writableLocation(QStandardPaths::GenericConfigLocation);
        QSettings kritarc(configPath + QStringLiteral("/securitybookmarkrc"), QSettings::NativeFormat);
 
        // get array current size
        int size = kritarc.beginReadArray(securityBookmarkTypeToString(type));
        kritarc.endArray();
 
        kritarc.beginWriteArray(securityBookmarkTypeToString(type));
        kritarc.setArrayIndex(size);
        kritarc.setValue("path",path);
        kritarc.setValue("base64", base64Data);
        kritarc.endArray();
 
        // Finally add to hashmap
        m_d->securedFiles[path] = base64Data;
    }
 
    return;
}

References KisMacosEntitlements::BookmarkScopeApp, m_d, and securityBookmarkTypeToString().

◆ decodeBookmarkToURL()

QUrl KisMacosSecurityBookmarkManager::decodeBookmarkToURL ( QString encodedPath )

private

Definition at line 157 of file KisMacosSecurityBookmarkManager.mm.

                                                                             {
    NSString *bookmarkString = encodedPath.toNSString();
    NSData *decodedBookmark = [[NSData alloc] initWithBase64EncodedString: bookmarkString options:NSDataBase64DecodingIgnoreUnknownCharacters];
 
    NSError *err = nil;
 
    // Resolve the decoded bookmark data into a security-scoped URL.
    NSURL *url =[NSURL URLByResolvingBookmarkData: decodedBookmark options: NSURLBookmarkResolutionWithSecurityScope relativeToURL: nil bookmarkDataIsStale: nil error:&err];
    return QUrl::fromNSURL(url);
}

◆ instance()

KisMacosSecurityBookmarkManager * KisMacosSecurityBookmarkManager::instance ( )

static

Definition at line 57 of file KisMacosSecurityBookmarkManager.mm.

{
    return s_instance;
}

◆ isSandboxed()

bool KisMacosSecurityBookmarkManager::isSandboxed ( )

Definition at line 259 of file KisMacosSecurityBookmarkManager.mm.

{
    return m_d->entitlements.sandbox();
}

References m_d.

◆ loadKeysFromArray()

void KisMacosSecurityBookmarkManager::loadKeysFromArray ( SecurityBookmarkType arrayKey )

private

Definition at line 137 of file KisMacosSecurityBookmarkManager.mm.

{
    const QString configPath = QStandardPaths::writableLocation(QStandardPaths::GenericConfigLocation);
    QSettings kritarc(configPath + QStringLiteral("/securitybookmarkrc"), QSettings::NativeFormat);
 
    int size = kritarc.beginReadArray(securityBookmarkTypeToString(arrayKey));
    for (int i = 0; i < size; i++) {
        kritarc.setArrayIndex(i);
        QString key = kritarc.value("path").toString();
        m_d->securedFiles[key] = kritarc.value("base64").toString();
    }
    kritarc.endArray();
}

References m_d, and securityBookmarkTypeToString().

◆ loadSecurityScopedResources()

void KisMacosSecurityBookmarkManager::loadSecurityScopedResources ( )

Loads security scoped files to internal dictionary

Definition at line 151 of file KisMacosSecurityBookmarkManager.mm.

{
    loadKeysFromArray(SecurityBookmarkType::File);
    loadKeysFromArray(SecurityBookmarkType::Directory);
}

References Directory, File, and loadKeysFromArray().

◆ parentDirHasPermissions()

bool KisMacosSecurityBookmarkManager::parentDirHasPermissions ( const QString & path )

Returns: Return true if file is contained within a directory with permissions previously granted by NSOpenPanel

Definition at line 74 of file KisMacosSecurityBookmarkManager.mm.

{
    bool contained = false;
    Q_FOREACH(QString key, m_d->securedFiles.keys()) {
        if(path.contains(key)) {
            contained = true;
            break;
        }
    }
    return contained;
}

References m_d.

◆ requestAccessToDir()

bool KisMacosSecurityBookmarkManager::requestAccessToDir ( const QString & path )

Shows NSOpenPanel and saves the selected directory for future access

Returns: TRUE if selected path is same as input path. users can still select any directory they want, but we specifically requested they give us permission to a specific directory

Definition at line 184 of file KisMacosSecurityBookmarkManager.mm.

{
    bool fileSelected = false;
    QUrl fileURL = QUrl(path);
 
    NSString *nsStdPath = path.toNSString();
#ifdef KIS_STANDALONE
    NSAlert *alert = [[NSAlert alloc] init];
    [alert setAlertStyle:NSAlertStyleInformational];
    [alert setMessageText:[NSString stringWithFormat:@"The file %@ is located in a directory where the application has no permission, please give the permission to the container folder or a higher one to allow krita to save temporary backups next to your file", [nsStdPath lastPathComponent]]];
    [alert runModal];
 
 
    NSOpenPanel *panel = [NSOpenPanel openPanel];
    panel.canChooseFiles = false;
    panel.canChooseDirectories = true;
    NSURL *startLoc = [[NSURL alloc] initFileURLWithPath:nsStdPath ];
    panel.directoryURL = startLoc;
 
    if ([panel runModal] == NSModalResponseOK) {
        static NSURL *fileUrl = [panel URL];
        NSString *pathString = [fileUrl absoluteString];
 
        QString filepath = QString::fromNSString(pathString);
        createBookmarkFromPath(filepath, QString(), SecurityBookmarkType::Directory);
        fileSelected = true;
    }
 
#else
    QMessageBox msgBox;
    msgBox.setText(i18n("The file %1 is located in a directory where the application has no permissions, please give krita permission to this directory or a higher one to allow krita to save temporary backups next to your file", fileURL.fileName()));
    msgBox.setInformativeText(i18n("The directory you select will grant krita permissions to all files and directories contained in it"));
    msgBox.setStandardButtons(QMessageBox::Ok);
    msgBox.setDefaultButton(QMessageBox::Ok);
    int ret = msgBox.exec();
 
    QUrl dirUrl = QFileDialog::getExistingDirectoryUrl(0, QString(), QUrl(path));
 
    if (!dirUrl.isEmpty()) {
        QString filepath = dirUrl.toDisplayString(QUrl::None);
        createBookmarkFromPath(filepath, QString(), SecurityBookmarkType::Directory);
        fileSelected = true;
    }
#endif
    return fileSelected;
}

References createBookmarkFromPath(), and Directory.

◆ securityBookmarkTypeToString()

QString KisMacosSecurityBookmarkManager::securityBookmarkTypeToString ( const SecurityBookmarkType type )

private

Definition at line 231 of file KisMacosSecurityBookmarkManager.mm.

{
    return QMetaEnum::fromType<SecurityBookmarkType>().valueToKey(type);
}

◆ slotCreateBookmark

void KisMacosSecurityBookmarkManager::slotCreateBookmark ( const QString & path )

slot

Definition at line 249 of file KisMacosSecurityBookmarkManager.mm.

{
    // necessary convert to get proper location
    QUrl url = QUrl::fromLocalFile(path);
    QString pathString = url.toDisplayString();
    if (!m_d->securedFiles.contains(pathString)) {
        createBookmarkFromPath(pathString, QString());
    }
}

References createBookmarkFromPath(), and m_d.

◆ startAccessingSecurityScopedResources()

void KisMacosSecurityBookmarkManager::startAccessingSecurityScopedResources ( )

starts access to all registered security bookmarks

Definition at line 168 of file KisMacosSecurityBookmarkManager.mm.

{
    Q_FOREACH(QString encodedPath, m_d->securedFiles.values()) {
        NSURL *url = decodeBookmarkToURL(encodedPath).toNSURL();
        [url startAccessingSecurityScopedResource];
    }
}

References decodeBookmarkToURL(), and m_d.

◆ stopAccessingSecurityScopedResources()

void KisMacosSecurityBookmarkManager::stopAccessingSecurityScopedResources ( )

stops access to all started security bookmarks

Definition at line 176 of file KisMacosSecurityBookmarkManager.mm.

{
    Q_FOREACH(QString encodedPath, m_d->securedFiles.values()) {
        NSURL *url = decodeBookmarkToURL(encodedPath).toNSURL();
        [url stopAccessingSecurityScopedResource];
    }
}

References decodeBookmarkToURL(), and m_d.

Member Data Documentation

◆ m_d

const QScopedPointer<Private> KisMacosSecurityBookmarkManager::m_d

private

Definition at line 90 of file KisMacosSecurityBookmarkManager.h.

The documentation for this class was generated from the following files:

libs/macosutils/KisMacosSecurityBookmarkManager.h
libs/macosutils/KisMacosSecurityBookmarkManager.mm

Classes

Public Types

Public Slots

Public Member Functions

Static Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Member Enumeration Documentation

◆ SecurityBookmarkType

Constructor & Destructor Documentation

◆ KisMacosSecurityBookmarkManager()

◆ ~KisMacosSecurityBookmarkManager()

Member Function Documentation

◆ addBookmarkAndCheckParentDir

◆ createBookmarkFromPath()

◆ decodeBookmarkToURL()

◆ instance()

◆ isSandboxed()

◆ loadKeysFromArray()

◆ loadSecurityScopedResources()

◆ parentDirHasPermissions()

◆ requestAccessToDir()

◆ securityBookmarkTypeToString()

◆ slotCreateBookmark

◆ startAccessingSecurityScopedResources()

◆ stopAccessingSecurityScopedResources()

Member Data Documentation

◆ m_d