RBAC: Update permission query to not join on team table (#53677)

* RBAC: Add teamIDs to get permission query

* RBAC: Remove join on team table and use team ids

* RBAC: Pass team ids

pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go

@@ -102,6 +102,10 @@ func (ac *OSSAccessControlService) Evaluate(ctx context.Context, user *user.Sign
 	return resolvedEvaluator.Evaluate(user.Permissions[user.OrgID]), nil
 }
 
+var actionsToFetch = append(
+	TeamAdminActions, append(DashboardAdminActions, FolderAdminActions...)...,
+)
+
 // GetUserPermissions returns user permissions based on built-in roles
 func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user *user.SignedInUser, _ accesscontrol.Options) ([]accesscontrol.Permission, error) {
 	timer := prometheus.NewTimer(metrics.MAccessPermissionsSummary)
@@ -113,7 +117,8 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user
 		OrgID:   user.OrgID,
 		UserID:  user.UserID,
 		Roles:   accesscontrol.GetOrgRoles(ac.cfg, user),
-		Actions: append(TeamAdminActions, append(DashboardAdminActions, FolderAdminActions...)...),
+		TeamIDs: user.Teams,
+		Actions: actionsToFetch,
 	})
 	if err != nil {
 		return nil, err