From a0c886922e0c69295082bdf4321699d4bd1db7cb Mon Sep 17 00:00:00 2001
From: linoman <2051016+linoman@users.noreply.github.com>
Date: Thu, 5 Sep 2024 18:15:47 +0200
Subject: [PATCH] Auth: Add LDAP scope to Grafana Admin (#92990)

Add LDAP scope to Grafana Admin
---
 pkg/services/accesscontrol/models.go | 2 ++
 pkg/services/accesscontrol/roles.go  | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/pkg/services/accesscontrol/models.go b/pkg/services/accesscontrol/models.go
index 94e39d71300..7bc0ae81aa6 100644
--- a/pkg/services/accesscontrol/models.go
+++ b/pkg/services/accesscontrol/models.go
@@ -497,6 +497,8 @@ var (
 		return Scope("settings", "auth."+provider, "*")
 	}
 
+	ScopeSettingsLDAP = Scope("settings", "auth.ldap", "*")
+
 	// Annotation scopes
 	ScopeAnnotationsRoot             = "annotations"
 	ScopeAnnotationsProvider         = NewScopeProvider(ScopeAnnotationsRoot)
diff --git a/pkg/services/accesscontrol/roles.go b/pkg/services/accesscontrol/roles.go
index df358b03246..a113cfd26f4 100644
--- a/pkg/services/accesscontrol/roles.go
+++ b/pkg/services/accesscontrol/roles.go
@@ -265,6 +265,14 @@ var (
 				Action: ActionSettingsWrite,
 				Scope:  ScopeSettingsOAuth("generic_oauth"),
 			},
+			{
+				Action: ActionSettingsRead,
+				Scope:  ScopeSettingsOAuth("ldap"),
+			},
+			{
+				Action: ActionSettingsWrite,
+				Scope:  ScopeSettingsOAuth("ldap"),
+			},
 		},
 	}