I'm working now on some Angular 6 project and I'm wondering if reactive forms are user-secured. I'm thinking of an example like one bellow:
'durationControl': [{
value: this.duration,
disabled: !this.permissions.durationEnabled
}, [rangeValidator(1, 360), Validators.required]],
is this kind of code secured from user clicking on element, in his HTML and pressing examine and then removing 'disabled' from the code?
We have tried it and it can be done with ease and we can manipulate value of fields that should be disabled. Would it be another time validated or checked if this element was set to disabled since form creation and it shouldn't change?
I can't check it right now on fully operating application because we don't have any full submit implementation nor backend done enough to make it that far. I've checked angular docs but found nothing about that. Any simple explanation or example if it's actually working or not(any additional sources would be great)? Thanks in advance.
You have to check model on backend (validation or access rights), everything on client side can be faked.