Move SignedInUser to user service and RoleType and Roles to org (#53445)

* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2

pkg/services/accesscontrol/accesscontrol.go

@@ -7,6 +7,8 @@ import (
 
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/registry"
+	"github.com/grafana/grafana/pkg/services/org"
+	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 )
 
@@ -18,10 +20,10 @@ type AccessControl interface {
 	registry.ProvidesUsageStats
 
 	// Evaluate evaluates access to the given resources.
-	Evaluate(ctx context.Context, user *models.SignedInUser, evaluator Evaluator) (bool, error)
+	Evaluate(ctx context.Context, user *user.SignedInUser, evaluator Evaluator) (bool, error)
 
 	// GetUserPermissions returns user permissions with only action and scope fields set.
-	GetUserPermissions(ctx context.Context, user *models.SignedInUser, options Options) ([]Permission, error)
+	GetUserPermissions(ctx context.Context, user *user.SignedInUser, options Options) ([]Permission, error)
 
 	//IsDisabled returns if access control is enabled or not
 	IsDisabled() bool
@@ -49,7 +51,7 @@ type PermissionsStore interface {
 }
 
 type TeamPermissionsService interface {
-	GetPermissions(ctx context.Context, user *models.SignedInUser, resourceID string) ([]ResourcePermission, error)
+	GetPermissions(ctx context.Context, user *user.SignedInUser, resourceID string) ([]ResourcePermission, error)
 	SetUserPermission(ctx context.Context, orgID int64, user User, resourceID, permission string) (*ResourcePermission, error)
 }
 
@@ -71,7 +73,7 @@ type ServiceAccountPermissionsService interface {
 
 type PermissionsService interface {
 	// GetPermissions returns all permissions for given resourceID
-	GetPermissions(ctx context.Context, user *models.SignedInUser, resourceID string) ([]ResourcePermission, error)
+	GetPermissions(ctx context.Context, user *user.SignedInUser, resourceID string) ([]ResourcePermission, error)
 	// SetUserPermission sets permission on resource for a user
 	SetUserPermission(ctx context.Context, orgID int64, user User, resourceID, permission string) (*ResourcePermission, error)
 	// SetTeamPermission sets permission on resource for a team
@@ -138,17 +140,17 @@ var ReqGrafanaAdmin = func(c *models.ReqContext) bool {
 	return c.IsGrafanaAdmin
 }
 
-// ReqViewer returns true if the current user has models.ROLE_VIEWER. Note: this can be anonymous user as well
+// ReqViewer returns true if the current user has org.RoleViewer. Note: this can be anonymous user as well
 var ReqViewer = func(c *models.ReqContext) bool {
-	return c.OrgRole.Includes(models.ROLE_VIEWER)
+	return c.OrgRole.Includes(org.RoleViewer)
 }
 
 var ReqOrgAdmin = func(c *models.ReqContext) bool {
-	return c.OrgRole == models.ROLE_ADMIN
+	return c.OrgRole == org.RoleAdmin
 }
 
 var ReqOrgAdminOrEditor = func(c *models.ReqContext) bool {
-	return c.OrgRole == models.ROLE_ADMIN || c.OrgRole == models.ROLE_EDITOR
+	return c.OrgRole == org.RoleAdmin || c.OrgRole == org.RoleEditor
 }
 
 func BuildPermissionsMap(permissions []Permission) map[string]bool {
@@ -268,7 +270,7 @@ func IsDisabled(cfg *setting.Cfg) bool {
 }
 
 // GetOrgRoles returns legacy org roles for a user
-func GetOrgRoles(cfg *setting.Cfg, user *models.SignedInUser) []string {
+func GetOrgRoles(cfg *setting.Cfg, user *user.SignedInUser) []string {
 	roles := []string{string(user.OrgRole)}
 
 	// With built-in role simplifying, inheritance is performed upon role registration.