Hello everyone,
I’m building an internal management tool on top of Grist (using Custom Widgets with inline HTML/CSS/JS code). I share the document with operators as Editors or Viewers, and I use ?style=singlePage to give them a clean, app-like experience.
The problem: even in singlePage mode, the three-dot menu on a Custom Widget still exposes the “Open configuration” button, which allows any Editor to inspect and potentially modify the widget’s source code.
I’d love to see one of the following:
- In
singlePagemode, the “Open configuration” button should be hidden for non-Owner roles — since the intent of that mode is a clean, app-like end-user experience. - Via Access Rules, extend the existing “Prevent editors from changing document structure” toggle (already available in the ACL settings) so that, when enabled, it also prevents Editors from accessing the Custom Widget configuration panel and viewing its source code. Right now that checkbox restricts structural changes like adding/removing columns and tables — it feels natural that it should also cover widget code, which is arguably part of the document’s structure.
Is there any existing workaround on Grist cloud (getgrist.com) other than hosting the widget on an external URL?
Thanks in advance!