Description
(This is split off from #4139, which combined this with a distinct though related issue.)
While reviewing #4089 before merge, I noticed (#4089 (comment) ) that:
-
if you go to download an image from the lightbox,
-
and you haven't already given the app permissions on the photo library,
-
we show (well, cause the system to show) a permission request with the text
"Zulip" Would Like to Access Your Photos
Upload photos to a Zulip realm
In #5419, we'll improve the wording of that request, to:
"Zulip" Would Like to Access Your Photos
Choose photos from your library and send them in Zulip messages.
But for this situation it will still be wrong: we're not trying to upload at this point! You're not (as the user) going to choose any photos from your library, or send any Zulip messages. Rather we're trying to download; you're trying to save a photo from Zulip to your library. This is the message that would be appropriate (and that we do show) when you're composing a message and want to go attach a photo.
The text should match what we're actually trying to do; that's an important element of maintaining users' trust.
I believe the root of the issue is that we are apparently requesting general access to the photo library, when all we need in this situation is access to add a photo/image.
I think this is all happening inside the @react-native-community/cameraroll library. From our src/lightbox/download.js:
import CameraRoll from '@react-native-community/cameraroll';
// ...
if (Platform.OS === 'ios') {
return CameraRoll.save(url);
}So the next steps will be to see if there's an alternate way we can be using that library's API to get it to request the narrower permission; or if there's a newer version of the library that would solve the problem, or a corresponding issue in its tracker.