Currently users inside an organisation are able to upgrade themselves to editor while being a viewer. This is only fixed by making them restricted. Additionally, any viewer can duplicate files which is not ideal.
There is a way to disable duplication but it then stops you from exporting images as well.
I’d recommend that only Admins can add editor to viewers for the first case. For the second case, separate the settings into separate settings, copy/export/inspect etc that can be enabled or disabled via a checkbox.