You “feed” it the document.

Same way you select a picture on iOS. It is your deliberate decision and intent to open the document with that application.

That is totally different from the application having permission to scan and view anything in for example the downloads folder

▲

wlesieutre 3 hours ago | parent [-]

When you use iOS's "limited access" permissions to give an app access to some of your photos but not the whole library, the photo picker UI does a pretty good job of letting you easily do three things:

1) Grant access to a photo

2) Identify which photos you've granted access to

3) Revoke previously granted access

macOS's concession to give access to whole folders at a time is necessary for real software to work, but they haven't done a good job of items 2 and 3.

▲

jbverschoor 3 hours ago | parent [-]

Sure.

But the proper api call to make is selecting a picture. Not access to the photo library. That is an api design flaw, and simply a bad / obsolete implementation by the app developer.

The complaint of the OP is that he can still open a file which is in the downloads folder. But that’s not what the user is doing.

There’s no reason to give folder access at all. (Except for file sorting apps etc).

The only “reason” would be that it’s more difficult for developers to atomically overwrite a file in the same locations. And quite frankly, they should (and perhaps already do) have api calls for exactly that. I think this is why many apps request access sometimes.

	▲	wlesieutre 2 hours ago \| parent [-]
		I'm trying to think of a scenario where a users hits Open and picks a directory but does not want the software to have access to the contents of that directory. If you don't want it to access a folder, then don't open a folder in it. This behavior gets used all the time in things like opening a folder in your IDE so it can access the whole project. The OS does allow file pickers that can only pick files and not directories (set canChooseDirectories = false), and if an app has no legitimate reason to need a directory they should do that, but the fact that you can grant permissions isn't the problem. What they need to fix is that you're granting permanent permissions with no indication that you've done it and no way to remove them. To anyone at Apple reading this - please do not draw the conclusion "permissions to access a previously opened file or folder should expire after 24 hours" there are already more than enough permission prompts.