fix: don't allow to create record in any resource

yaroslav8765 · yaroslav8765 · commit b083b6a64ffe · 2026-06-19T12:35:08.000+03:00
AdminForth/1731/security-audit
diff --git a/index.ts b/index.ts
@@ -69,6 +69,9 @@ export default class InlineCreatePlugin extends AdminForthPlugin {
       handler: async ({ body, adminUser }) => {
         const { record, resourceId } = body;
         
+        if ( this.resourceConfig.resourceId !== resourceId) {
+          return { error: 'Resource ID mismatch' };
+        }
         const resource = this.adminforth.config.resources.find(r => r.resourceId === resourceId);
         
         const cleanRecord = resource.columns.reduce((acc, field) => {
