Critique: Unclear why a user cannot access X folder

[Doomsdayrs]

Abstract

Flatpak prevents applications from reading the content or writing to various directories. This is fundamentally different then how other operating systems operate, thus creating a gap in understanding of usage. There is no clear indication why a directory cannot be accessed via a certain flatpak application, or a clear way for a user to allow a flatpak application to access the directory.

Information

Flatpak provides the ability to limit what folders an application can access.

Take for example, "Discord". By default the flatpak version only has access to xdg-videos:ro, xdg-pictures:ro and xdg-downloads. This means that, Discord has read only access to the Videos & Pictures folder, and write access to the Downloads folder.

For us as developers, this is a no brainier. We can open up "flatseal" and modify this to our hearts content.

For a user? Quite the opposite.

Issue

This morning my neurodivergent girlfriend came to me (I helped her migrate to Fedora 35), she had an issue with Discord.

By default, she likes putting things on her desktop (she uses Desktop Icons NG), and because of this she often downloads to her desktop.

She then goes to discord to send this downloaded file to her friend, in which she promptly learns she does not even have an option to view the "Desktop" folder.

Which comes to the issue, paraphrased in her text to me "Why can I not send pictures from my desktop to my friend on discord??"

We can observe by opening up these file sharing programs that, yes, there is no option for the desktop to be opened in the file selector. Of course there isn't, as we are developers we know that the flatpak simply doesn't have access to the folder, to a user on the other hand? They view it as broken, a problem, an issue, etc etc.

We resolved it after using flatseal to allow Discord to access the entire home directory (yes, quite dangerous but it was a quick dirty solution so she can continue using her laptop).

Solution

Now we know the issue, what can be done to improve this?

User has no indication why they cannot access X directory in the file selector for a flatpak application.

The solution for X has already been accomplished for root files in the Files application. Observe the "root" folder below. An x icon signifies that the directory cannot be accessed. This should be done for the flatpak file selectors as well.

To further build on this, how can a user be indicated that a folder is read-only when trying to write a file. This can be accomplished using a banner similar to what the "Trash" folder does. Replacing it with a content of "This directory is read only for (APPLICATION NAME)", with the following self describing buttons "Allow Write Access", "More Information".

User has no clear way path to letting a flatpak application access X directory.

When attempting to open the "root" folder from previous, we get a prompt By entering the correct password, we are allowed to see inside the folder for a temporarily have access to see the contents.

Let us apply this action to the file selector for a flatpak application, such as Discord.

1. Opening the file selector to send a file, we see that the "Desktop" folder has an x icon.
2. Attempting to open the folder prompts that the application does not have rights to the folder, and by entering in the user password as confirmation can let the user access the folder. (note below)
3. Upon successfully accepting and entering the password, the user can then select a file, which Discord then reads and sends.

(Note) There can also be a checkbox to allow permanent access to the folder, with a second check box dependent on the first to allow the application to write as well. (This is similar to SSH prompts that IDEs use when trying to use the SSH keys for git). This can also be used for write actions as well, with the second "allow write access" checkbox being ignored as it is already implied by trying to save/write a file.

Future

By implementing the mentioned or other solutions, people of low tech backgrounds will more properly understand why flatpak applications cannot access certain directories, and how they can allow the applications to access those directories with an intuitive GUI interface.

Flatseal should not be a requirement to use an operating system or other applications.

[Doomsdayrs]

I apologize if this was not the right place to paste this, but as I use gnome and gtk applications, I felt this was the right place.

[Doomsdayrs]

(I was specifically pointed here from the GTK Matrix chat)

[TingPing]

I believe this is mostly just not doable. Inside the flatpak you just have a normal filesystem. We can't sanely change how that works or looks.

Discord will automatically be better once it updates Electron which will use flatpak's portals for file access.

[Doomsdayrs]

@TingPing How will discord updating electron to use flatpaks portals for access improve the current experience?

[TingPing]

The filechooser that opens will not show a the filesystem inside the sandbox, which is mostly a useless filesystem, instead it will show the host filesystem and upon selecting a file xdg-desktop-portal will mount the single host file safely inside of the sandbox and pass it to the application.

When it all works it is entirely transparent to the user and they couldn't even tell its inside a sandbox.

[Doomsdayrs]

Thanks, That explains things well.