Solved New Default limited (instead of private)

luckow

I know. The Cloudron policy is to use the default upstream settings. But hey. HedgeDoc is a collaboration tool in my understanding. And since no one is able to guess the URL of my "private" notes (others only see the document when you share it with your teammates), we should change the default from private to limited.
I've spent so many minutes with "Thank you for sharing, but please click limited".

Limited means: only users can see and edit. No guests (means not public).

fbartels

@luckow that's actually a good idea, but may be something that needs to be explicitly mentioned in the app description.

I just changed the configurable on mine to make notes limited by default.

luckow

@fbartels what concerns do you have about the possible new default? When using HedgeDoc, as expected, there is no potential privacy leak (due to the random url and the missing directory for team member history / new documents).

girish

@luckow Double checked this and it seems that the upstream default is actually editable per https://github.com/hedgedoc/hedgedoc/blob/1.8.1/docs/content/configuration.md#users-and-privileges . In the package, we set it to private. I don't think this was a conscious decision.

I will change the default to editable which is the similar to limited but allows guests to have read only access.

fbartels

@luckow said in New Default limited (instead of private):

what concerns do you have about the possible new default?

I don't really have a concern about it, but when the default changes to something more public it should be highlighted.

At the very least the urls of notes get logged on the reverse proxy and setting them to editable or limited can mean that the local admin (or someone else with access to logs) could find note urls and view them.

girish

I have updated the package to match upstream default of editable.