RBAC: Make RBAC action names more consistent (#49730)

* update action names

* correctly retrieve teams for signed in user

* remove test

* undo swagger changes

* undo swagger changes pt2

* add migration from old action names to the new ones

* rename from list to read

* linting

* also update alertign actions

* fix migration

docs/sources/developers/http_api/access_control.md

@@ -79,7 +79,7 @@ Query Parameters:
 | roles:read | roles:\* |
 
 #### Example request
-
+
 ```http
 GET /api/access-control/roles
 Accept: application/json
@@ -180,13 +180,13 @@ Content-Type: application/json; charset=UTF-8
 
 #### JSON body schema
 
-| Field Name  | Date Type  | Required | Description                                                                                                                                                                                                                            |
+| Field Name  | Date Type  | Required | Description                                                                                                                                                                                                                            |
 | ----------- | ---------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | uid         | string     | No       | UID of the role. If not present, the UID will be automatically created for you and returned in response. Refer to the [Custom roles]({{< relref "../../enterprise/access-control/about-rbac/#custom-roles" >}}) for more information.  |
 | global      | boolean    | No       | A flag indicating if the role is global or not. If set to `false`, the default org ID of the authenticated user will be used from the request.                                                                                         |
 | version     | number     | No       | Version of the role. If not present, version 0 will be assigned to the role and returned in the response. Refer to the [Custom roles]({{< relref "../../enterprise/access-control/about-rbac/#custom-roles" >}}) for more information. |
 | name        | string     | Yes      | Name of the role. Refer to [Custom roles]({{< relref "../../enterprise/access-control/about-rbac/#custom-roles" >}}) for more information.                                                                                             |
-| description | string     | No       | Description of the role.                                                                                                                                                                                                               |
+| description | string     | No       | Description of the role.                                                                                                                                                                                                               |
 | displayName | string     | No       | Display name of the role, visible in the UI.                                                                                                                                                                                           |
 | group       | string     | No       | The group name the role belongs to.                                                                                                                                                                                                    |
 | hidden      | boolean    | No       | Specify whether the role is hidden or not. If set to `true`, then the role does not show in the role picker. It will not be listed by API endpoints unless explicitly specified.                                                       |
@@ -489,7 +489,7 @@ Query Parameters:
 `permissions:type:delegate` scope ensures that users can only unassign roles which have same, or a subset of permissions which the user has.
 For example, if a user does not have required permissions for creating users, they won't be able to unassign a role which will allow to do that. This is done to prevent escalation of privileges.
 
-| Action             | Scope                     |
+| Action             | Scope                     |
 | ------------------ | ------------------------- |
 | users.roles:remove | permissions:type:delegate |
 
@@ -537,7 +537,7 @@ Lists the permissions that a given user has.
 
 #### Required permissions
 
-`permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has.
+`permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has.
 For example, if a user does not have required permissions for creating users, they won't be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.
 
 | Action             | Scope                     |
@@ -763,7 +763,7 @@ Query Parameters:
 #### JSON body schema
 
 | Field Name    | Date Type | Required | Description                                                    |
-| ------------- | --------- | -------- | -------------------------------------------------------------- |
+| ------------- | --------- | -------- | -------------------------------------------------------------- |
 | roleUids      | list      | Yes      | List of role UIDs.                                             |
 | includeHidden | boolean   | No       | Specify whether the hidden role assignments should be updated. |
 

docs/sources/developers/http_api/admin.md

@@ -380,9 +380,9 @@ Change password for a specific user.
 
 ## Logout User
 
-`POST /api/admin/users/:id/logout`
-
-Logout user revokes all auth tokens (devices) for the user. User of issued auth tokens (devices) will no longer be logged in
+`POST /api/admin/users/:id/logout`
+
+Logout user revokes all auth tokens (devices) for the user. User of issued auth tokens (devices) will no longer be logged in
 and will be required to authenticate again upon next activity.
 
 Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
@@ -413,9 +413,9 @@ Only works with Basic Authentication (username and password). See [introduction]
 
 ## Reload provisioning configurations
 
-`POST /api/admin/provisioning/dashboards/reload`
-
-`POST /api/admin/provisioning/datasources/reload`
+`POST /api/admin/provisioning/dashboards/reload`
+
+`POST /api/admin/provisioning/datasources/reload`
 
 `POST /api/admin/provisioning/plugins/reload`
 
@@ -516,7 +516,7 @@ See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
 
 | Action               | Scope           |
 | -------------------- | --------------- |
-| users.authtoken:list | global.users:\* |
+| users.authtoken:read | global.users:\* |
 
 **Example Request**:
 
@@ -573,9 +573,9 @@ Only works with Basic Authentication (username and password). See [introduction]
 
 See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
 
-| Action                 | Scope           |
-| ---------------------- | --------------- |
-| users.authtoken:update | global.users:\* |
+| Action                | Scope           |
+| --------------------- | --------------- |
+| users.authtoken:write | global.users:\* |
 
 **Example Request**:
 

docs/sources/developers/http_api/licensing.md

@@ -71,9 +71,9 @@ Manually ask license issuer for a new token.
 See note in the [introduction]({{< ref "#enterprise-license-api" >}}) for an explanation.
 
 | Action          | Scope |
-| ---------------- | ----- |
-| licensing:update | n/a   |
-
+| --------------- | ----- |
+| licensing:write | n/a   |
+
 ### Examples
 
 **Example request:**

docs/sources/developers/http_api/org.md

@@ -149,9 +149,9 @@ Content-Type: application/json
 ```
 
 ### Delete user in current organization
-
-`DELETE /api/org/users/:userId`
-
+
+`DELETE /api/org/users/:userId`
+
 **Required permissions**
 
 See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
@@ -605,9 +605,9 @@ Only works with Basic Authentication (username and password), see [introduction]
 
 See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
 
-| Action                | Scope    |
-| --------------------- | -------- |
-| org.users.role:update | users:\* |
+| Action          | Scope    |
+| --------------- | -------- |
+| org.users:write | users:\* |
 
 **Example Request**:
 

docs/sources/developers/http_api/user.md

@@ -140,9 +140,9 @@ Content-Type: application/json
 Content-Type: application/json
 Authorization: Basic YWRtaW46YWRtaW4=
 ```
-
-Requires basic authentication and that the authenticated user is a Grafana Admin.
-
+
+Requires basic authentication and that the authenticated user is a Grafana Admin.
+
 **Example Response**:
 
 ```http
@@ -241,9 +241,9 @@ Content-Type: application/json
 **Example Response**:
 
 ```http
-Content-Type: application/json
-
-```
+HTTP/1.1 200
+Content-Type: application/json
+
 ```
 
 ## User
@@ -280,9 +280,9 @@ Content-Type: application/json
 **Example Request**:
 
 ```http
-Accept: application/json
-Content-Type: application/json
-Authorization: Basic YWRtaW46YWRtaW4=
+PUT /api/user/password HTTP/1.1
+Accept: application/json
+Content-Type: application/json
 Authorization: Basic YWRtaW46YWRtaW4=
 
 ```
@@ -318,9 +318,10 @@ Content-Type: application/json
 ```http
 POST /api/users/7/using/2 HTTP/1.1
 Authorization: Basic YWRtaW46YWRtaW4=
-
-**Example Response**:
-
+```
+
+**Example Response**:
+
 ```http
 HTTP/1.1 200
 Content-Type: application/json