Remote app asks to grant access to every single file I ask it to open

Setup:
• macOS Mojave 10.4.4
• Xcode 10.2.1
• App mainly written in AppleScriptObjC, with a bit of ObjC

Hi, I’ve got this old app that I’ve written a while back and now I have to make it work in macOS 10.4.4.

It needs to access both Excel (2016. v 16.24) and InDesign CS6 (or any version), but when I tell Excel to open a file like this:

tell application "Microsoft Excel"
	open (currentExcelFile) as string
end tell

Excel asks me permission to grant it access to every single file, independently, and I can’t grant access to the folder, only the file I told it to open.

Now, I have activated the “NSAppleEventsUsageDescription” key in my plist, and given full disk access to Excel, and yet, this is still happening.

And yes, I did google this for an hour, and these forums as well, and couldn’t find any solution. Any ideas? Thanks!

Put this early on in your code:

set sd to path to startup disk
tell application id "com.microsoft.Excel" -- Microsoft Excel
	try
		close sd -- will error
	end try
end tell

2 Likes

Ok, and that will do what? What will causing an error in closing a non-existent file do?

Why don’t you try it.

Because it would be nice to know what it does so I know where to put it in my huge app, so I get the right timing, and also if this needs to be done once or every time I need to access files.

It only has to be done once.

Sandboxed apps have limited access to files or folders, unless the user grants them access. You can pass them a path, but they just don’t have the permission to access a file based on a path.

But if the user passes them a file, permission is granted. The security system sees that as authorization by the user, and adds some magic dust to the file object on the way through. So you can open files in apps like TextEdit – as long as you pass a file and not a path.

The problem with Excel is that it was designed before all this, and its scripting interface doesn’t accept files.

So the solution is to pass a file – in this case an alias of the startup disk. The command errors because it doesn’t make sense – we know Excel doesn’t accept files, and you can’t close a folder anyway – but that doesn’t matter. The system sees is a file sent by a script, so it says OK, that’s what the user asked for, and the sandbox is expanded for that directory (until it’s quit and relaunched). And that directory in Unix terms is /.

Ok, thanks.

IS this a lazy way to ‘fix’ all our badly written scripts?


use AppleScript version "2.4" -- Yosemite (10.10) or later
use scripting additions
my a1()

on a1()
	set sd to path to startup disk
	try
		tell application "Capture One 11" to close sd
	end try
	try
		tell application "JSON Helper" to close sd
	end try
end a1

No. It’s really meant just for the case where an app won’t otherwise accept a file object.