Catch Error Reading File From Disk - You Don't Have Permissions

Question

I am using the following code in the AppDel. This is triggered when a user taps on a gpx file or uses the share option to share the file with my app. At this point it is the user that specified that they are allowing my app to access the file so I'm a little confused a to why this is still being denied. Any advice much appreciated.

func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any]) -> Bool {
    
    if let dir = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask).first {
        let fileURL = dir.appendingPathComponent(url.lastPathComponent)
        if FileManager.default.fileExists(atPath: fileURL.path) {
            print("File already exists")
        }
        else {
            do {
                try FileManager.default.copyItem(at: url, to: fileURL)
                print("Did write file to disk")
            }
             catch {
                 DispatchQueue.main.async(){
                         print("Catch error writing file to disk: \(error)")
                 }
             }
        }
    }
    return true
}

The error prints to the console as follows:

Error Domain=NSCocoaErrorDomain Code=257 "The file “Beech_Hill_Long_Route.gpx” couldn’t be opened because you don’t have permission to view it." UserInfo={NSFilePath=/private/var/mobile/Library/Mobile Documents/com~apple~CloudDocs/Desktop/Beech_Hill_Long_Route.gpx, NSUnderlyingError=0x282c19a70 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}

Answer 1

I'm less knowledgeable about exactly how this works on iOS, but I do have some knowledge about how it works for macOS, and the two should be similar. For macOS sandboxed apps the user has to select the file outside of the sandbox specifically via NSOpenPanel or NSSavePanel. The equivalent on iOS would be UIDocumentPickerViewController, but I assume an explicit share would work too. Based on that, here's how I would think about it and what I would try, if I were faced with your problem:

You've got two URLs involved in your call to FileManager.default.copy(). It's not clear which one is producing the error, so I'll consider both.

First let's look at fileURL. You're constructing it to put a file in the user's Documents directory. On macOS at least, that directory is not in the app's sandbox, which means asking the user via NSSavePanel (which also means they might decide to put it somewhere else). You might have to do the UIKit equivalent, or just make sure you're picking a location that is in your sandbox.

To test that, instead of doing the copy, try writing to fileURL to isolate just that one. For example:

do { try "TestString".data(using: .utf8)?.write(url: fileURL) }
catch { print("Write failed: \(error.localizedDescription)") }

If that fails, then your problem is with fileURL, in which case you may need to use UIDocumentPickerViewController to save it, or pick a location that's definitely in the app's sandbox.

If the test succeeds, the problem must be with the incoming URL.

I'm going to assume that url is already security scoped, because I'm not sure how sharing would even work otherwise. What I think is most likely happening behind the scenes is that when the user shares a URL with your app, iOS creates a security-scoped bookmark from the URL and sends the bookmark rather than the URL to your app. Then on your app's end, that bookmark is used to reconstitute the URL before passing it on to your app's delegate. If I'm right about that you'll need to open and close a security scope to use it:

url.startAccessingSecurityScopedResource()

// access your file here

url.stopAccessingSecurityScopedResource()

Note that stopAccessingSecurityScopeResource() has to be called on the main thread, so if you're code is happening asynchronously you'll need to schedule it to run there:

url.startAccessingSecurityScopedResource()

// access your file here

DispatchQueue.main.async { url.stopAccessingSecurityScopedResource() }

If you need to save the URL itself to use in a future run of your program... you can't. Well, you can, but it won't be valid, so you'll be right back to permissions errors. Instead you have to save a bookmark, and then in that future run, reconstruct the URL from the bookmark.

let bookmark = try url.bookmarkData(
    options: .withSecurityScope, 
    includingResourceValuesForKeys: nil, 
    relativeTo: nil
)

bookmark is an instance of Data, so you can write that to UserDefaults or wherever you might want to save it. To get a URL back from it later:

var isStale = false
let url = try URL(
    resolvingBookmarkData: bookmark, 
    options: .withSecurityScope, 
    relativeTo: nil, 
    bookmarkDataIsStale: &isStale
)

if isStale 
{
    let newBookmark = try url.bookmarkData(
        options: .withSecurityScope, 
        includingResourceValuesForKeys: nil, 
        relativeTo: nil
    )
    // Save the new bookmark
}

Note that if isStale is true after the initializer returns, then you need to remake and resave the bookmark.

It's a shame that we have to go through this much trouble, but we live in a world where some people insist on doing bad things to other people's devices and data, so it's what we have to deal with the protect users from malicious data breaches.