To come back to this urgent problem: Some students are now having fun editing / breaking docs and templates from Coda makers in the official community galerie. Even many of these professional doc-makers also don’t know / correctly switch the negligent default settings that I have denounced several times. Please act here! Just can’t understand how Coda can continue to ignore this issue!
Just one Example - here for example I can just edit a random template of a form in the Coda Galery just because of the crazy default settings of the original document (editors have all permissions)
Hi @Huber_Stefan_Werner, thanks for raising your concerns.
That said when a user publishes a form, we do not change the sharing setting of that doc at all. The maker of the doc that contains the form, must make the doc editable by everyone in the world explicitly to enable the action you are highlighting in the screenshots above.
So by default the docs are kept secure when a form is published. I just double checked before making this post and verified this behavior myself. The simple act of publishing a form doesn’t make the doc editable.
In the specific example you gave, the maker of the doc had explicitly granted edit access and opened it up to users like yourself which is what allowed you to edit the form. I do not believe defaults would change anything here.
Wrong. This doesn’t matter - as every editor is allowed to change the permission rights himself. On Friday a student could change these settings by himself. Then they disabled the default settings over the weekend in the main doc. My students showed me multiple docs where the default settings that editor can change permissions and deactivate locking were used to set these permissions themselves. It really is not that difficult to understand - don’t give editors the right to change these access settings per default. It only takes one single doc maker, forgetting one single time in one single document to change the default settings and any editor can just come, add a person column and get access to all the contact data of the organisation.