Fix warnings (#208)

Author: basil

src/main/java/hudson/plugins/throttleconcurrents/ThrottleJobProperty.java

@@ -45,6 +45,7 @@
 import org.jenkinsci.plugins.workflow.flow.FlowExecution;
 import org.jenkinsci.plugins.workflow.flow.FlowExecutionOwner;
 import org.jenkinsci.plugins.workflow.graph.FlowNode;
+import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.StaplerRequest;
@@ -426,6 +427,7 @@ public boolean configure(StaplerRequest req, JSONObject formData) throws FormExc
             return true;
         }
 
+        @SuppressWarnings({"lgtm[jenkins/csrf]", "lgtm[jenkins/no-permission-check]"})
         public FormValidation doCheckCategoryName(@QueryParameter String value) {
             if (Util.fixEmptyAndTrim(value) == null) {
                 return FormValidation.error("Empty category names are not allowed.");
@@ -434,6 +436,7 @@ public FormValidation doCheckCategoryName(@QueryParameter String value) {
             }
         }
 
+        @SuppressWarnings({"lgtm[jenkins/csrf]", "lgtm[jenkins/no-permission-check]"})
         public FormValidation doCheckMaxConcurrentPerNode(@QueryParameter String value) {
             return checkNullOrInt(value);
         }
@@ -448,6 +451,7 @@ private FormValidation checkNullOrInt(String value) {
             }
         }
 
+        @SuppressWarnings({"lgtm[jenkins/csrf]", "lgtm[jenkins/no-permission-check]"})
         public FormValidation doCheckMaxConcurrentTotal(@QueryParameter String value) {
             return checkNullOrInt(value);
         }
@@ -479,7 +483,14 @@ public List<ThrottleCategory> getCategories() {
             return categories;
         }
 
-        public ListBoxModel doFillCategoryItems() {
+        @SuppressWarnings("lgtm[jenkins/csrf]")
+        public ListBoxModel doFillCategoryItems(@AncestorInPath Item item) {
+            if (item != null) {
+                item.checkPermission(Item.CONFIGURE);
+            } else {
+                Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+            }
+
             ListBoxModel m = new ListBoxModel();
 
             m.add("(none)", "");

src/main/java/hudson/plugins/throttleconcurrents/pipeline/ThrottleStep.java

@@ -1,6 +1,7 @@
 package hudson.plugins.throttleconcurrents.pipeline;
 
 import hudson.Extension;
+import hudson.model.Item;
 import hudson.model.TaskListener;
 import hudson.plugins.throttleconcurrents.ThrottleJobProperty;
 import hudson.util.FormValidation;
@@ -14,6 +15,7 @@
 import org.jenkinsci.plugins.workflow.steps.StepContext;
 import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
 import org.jenkinsci.plugins.workflow.steps.StepExecution;
+import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
 
@@ -59,6 +61,7 @@ public Set<? extends Class<?>> getRequiredContext() {
             return Collections.singleton(TaskListener.class);
         }
 
+        @SuppressWarnings({"lgtm[jenkins/csrf]", "lgtm[jenkins/no-permission-check]"})
         public FormValidation doCheckCategoryName(@QueryParameter String value) {
             return ThrottleJobProperty.fetchDescriptor().doCheckCategoryName(value);
         }
@@ -67,8 +70,9 @@ public List<ThrottleJobProperty.ThrottleCategory> getCategories() {
             return ThrottleJobProperty.fetchDescriptor().getCategories();
         }
 
-        public ListBoxModel doFillCategoryItems() {
-            return ThrottleJobProperty.fetchDescriptor().doFillCategoryItems();
+        @SuppressWarnings("lgtm[jenkins/csrf]")
+        public ListBoxModel doFillCategoryItems(@AncestorInPath Item item) {
+            return ThrottleJobProperty.fetchDescriptor().doFillCategoryItems(item);
         }
     }