I'd much prefer it if new apps did NOT default to Visible to all users on this Cloudron (I think @marcusquinn has mentioned this in a thread somewhere too previously too).
Otherwise it's far too easy to give access to apps to users you don't intend to give access to, especially when adding new users - I just created a new user and logged in as them to discover they could see quite a few apps (basically all the apps I first installed when I first started using Cloudron and hadn't started using groups yet).
I guess this is a usability question as well as a security question here.
Our focus was always to make app install smooth and have them ready to go asap. This means not having to tweak access to apps on install by default is important from that perspective. I do see your point as well though. I guess we could resolve this with a default setting? So you could change the default to be more restricted by default.
I guess we could resolve this with a default setting? So you could change the default to be more restricted by default.
Yeah that'd do it.
But also, I imagine most people don't just install an app and then let their users go wild (most apps need some extra set-up so it's not even possible to do this) and so the default being the person who installs it is initially the only person with access would also keep the same usability of "make app install smooth and have them ready to go asap".
I completely agree with having a default setting one way more than another. Especially because you can't define the visibility setting of non LDAP cloudron apps.
This is especially problematic when you have different kind of users who should never be aware of each others on the server, like clients. (and this is my usecase)
So having a configurable default is a very good idea.