Open Radar

 
Summary:
The IKScannerDeviceView user interface lets the user select a "Scan To:" location via a popup menu that includes a certain number of preset locations (Pictures, Documents, Desktop, as well as some applications: iPhoto, Preview, Mail). It also has an "Other…" option, which brings up a file open panel where the user can navigate and pick a folder to be used as the Scan To: location.

If the IKScannerDeviceView is used inside of a sandboxed application, any of the "preset" folder locations will fail to work and result in a "The selected folder is not writable" message overlay appearing, unless access to the corresponding location is requested explicitly in the app's entitlements.

Also, if the user uses the "Other…" location to manually select a folder to scan to, the application will be granted access to this location (via the Powerbox), apparently for the duration of the user's session. The IKScannerDeviceView itself remembers this user-picked location across restarts of the application, but if the computer is restarted, access to the selected location is not preserved and when restarting the application, the user will again be told that the application does not have access to the selected folder.

Steps to Reproduce:
Attached is the Apple-provided "Step8" project files from the ImageKitDemo sample, which has been modified (an Entitlements file was added) for the only purpose of enabling App Sandboxing. No special entitlements rights are requested.
1. Open the project, build and run the application
2. Make sure there is a scanner attached to the system, select it
3. Once the overview scan has completed, click the Scan button
4. The Scan should fail with an overlay appearing with the message "The selected folder is not writable"
5. Change the Scan To: location to Other… and select a folder
6. Again, click the Scan button
7. This time, the scan should complete successfully, with the scanned file appearing in the selected folder
8. Restart the computer
9. Reopen the project and run it again
10. Reselect the scanner, where for the overview scan to complete
11. Click the Scan button (the Scan To: location should be the same one that you last selected)

Expected Results:
In step 4, preset values, if available, should be granted access. If not possible, then there shouldn't be any preset values — only the "Other…" option, forcing the user to select / authorize an output location.
In Step 11, once a location has been authorized via Powerbox, it should be stored with a security-scoped bookmark such that it continues to be authorized after a computer restart.

Actual Results:
In step 4, the IKScannerDeviceView preset values are useless and / or a security risk, forcing the app developers to request read / write access in the entitlements file to the application as a whole for them to be useful, let alone the fact that there aren't any entitlements for read/write access the Desktop folder.
In Step 11, the user will have to reselect a Scan To: location after every restart of his or her computer, which is inconvenient to say the least.

Regression:

Notes: