I try to make my single page app more secure. In code I have post request witch return user information.
user: {
city: "USA"
company: "1"
country: "Boston"
email: "[email protected]"
favorList: "17 8 7 1"
id: "46"
name: "Alex"
password: "d89885b09d30673f2a8321eeb1f8ab3bb3p6f"
phone: "+7(000)000-09-00"
role: "user"
settings: "false true"
viewingList: "8 17 143 138"
}
Some vields of this object I use for ng-show/ng-if/ng-hide/ng-switch managing html on templates. For example: <div ng-if="user.role == 'administrator'"
or
<div ng-if="user.role == 'user'"
But user can open in chrome development tools and retype user role, then go to templates and get administator rites.
How I can fix that?