Login security with conditional logic on the client

Question about using the user service ‘out of the box’ for authentication. I know that anyone can view the client code, so my question is, is my content secure when I do this:

My ‘home page’ presents several links, one allows ‘partners’ to login and see their content. Some users are admins, and have access to other forms with higher access. My ‘partner’ link executes the following code:

  def partners_click(self, **event_args):
    while not anvil.users.login_with_form():
      pass
    
    ret = anvil.server.call('check_user')
    
    if ret == '<some secret value stored in admin users' records>':
      open_form('admin form')
    else:
      open_form('basic_user_form')

Is this ‘secure’ since I’m using server-side code to discern a user and return his/her access level?

My approach is to authenticate on the server side before returning sensitive data. That is, I assume that the user can make the client-side interface do anything they want if they are clever enough (e.g., change flags, visit pages, etc…); however, I control what is returned from the servers.

Please see Bridget’s helpful post: