user can remove readonly attribute when we use dynamic states and bypass restrictions model
Steps to reproduce
I create a party as the screenshot https://pasteboard.co/HdfGj0t.png
I remove readonly attribute on field (implemented readonly on states) from html https://pasteboard.co/HdfGvxQ.png
I change the code party and save change https://pasteboard.co/HdfGE0Y.png
Treeview after save change https://pasteboard.co/HdfGTcY.png
Someone with some technical knowledge on html can remove readonly attribute and bypass restrictions model when we use dynamic states.