Move SignedInUser to user service and RoleType and Roles to org (#53445)

* Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2025-02-25 18:55:37 -06:00 · 2022-08-10 11:56:48 +02:00
parent 46004037e2
commit 6afad51761
278 changed files with 1758 additions and 1543 deletions
--- a/pkg/services/libraryelements/database.go
+++ b/pkg/services/libraryelements/database.go
@@ -11,9 +11,11 @@ import (
 	"github.com/grafana/grafana/pkg/api/dtos"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/dashboards"
+	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/search"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/sqlstore/migrator"
+	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/util"
 )

@@ -98,7 +100,7 @@ func getLibraryElement(dialect migrator.Dialect, session *sqlstore.DBSession, ui
 }

 // createLibraryElement adds a library element.
-func (l *LibraryElementService) createLibraryElement(c context.Context, signedInUser *models.SignedInUser, cmd CreateLibraryElementCommand) (LibraryElementDTO, error) {
+func (l *LibraryElementService) createLibraryElement(c context.Context, signedInUser *user.SignedInUser, cmd CreateLibraryElementCommand) (LibraryElementDTO, error) {
 	if err := l.requireSupportedElementKind(cmd.Kind); err != nil {
 		return LibraryElementDTO{}, err
 	}
@@ -177,7 +179,7 @@ func (l *LibraryElementService) createLibraryElement(c context.Context, signedIn
 }

 // deleteLibraryElement deletes a library element.
-func (l *LibraryElementService) deleteLibraryElement(c context.Context, signedInUser *models.SignedInUser, uid string) (int64, error) {
+func (l *LibraryElementService) deleteLibraryElement(c context.Context, signedInUser *user.SignedInUser, uid string) (int64, error) {
 	var elementID int64
 	err := l.SQLStore.WithTransactionalDbSession(c, func(session *sqlstore.DBSession) error {
 		element, err := getLibraryElement(l.SQLStore.Dialect, session, uid, signedInUser.OrgId)
@@ -220,7 +222,7 @@ func (l *LibraryElementService) deleteLibraryElement(c context.Context, signedIn
 }

 // getLibraryElements gets a Library Element where param == value
-func getLibraryElements(c context.Context, store *sqlstore.SQLStore, signedInUser *models.SignedInUser, params []Pair) ([]LibraryElementDTO, error) {
+func getLibraryElements(c context.Context, store *sqlstore.SQLStore, signedInUser *user.SignedInUser, params []Pair) ([]LibraryElementDTO, error) {
 	libraryElements := make([]LibraryElementWithMeta, 0)
 	err := store.WithDbSession(c, func(session *sqlstore.DBSession) error {
 		builder := sqlstore.NewSqlBuilder(store.Cfg)
@@ -236,7 +238,7 @@ func getLibraryElements(c context.Context, store *sqlstore.SQLStore, signedInUse
 		builder.Write(getFromLibraryElementDTOWithMeta(store.Dialect))
 		builder.Write(" INNER JOIN dashboard AS dashboard on le.folder_id = dashboard.id AND le.folder_id <> 0")
 		writeParamSelectorSQL(&builder, params...)
-		if signedInUser.OrgRole != models.ROLE_ADMIN {
+		if signedInUser.OrgRole != org.RoleAdmin {
 			builder.WriteDashboardPermissionFilter(signedInUser, models.PERMISSION_VIEW)
 		}
 		builder.Write(` OR dashboard.id=0`)
@@ -291,7 +293,7 @@ func getLibraryElements(c context.Context, store *sqlstore.SQLStore, signedInUse
 }

 // getLibraryElementByUid gets a Library Element by uid.
-func (l *LibraryElementService) getLibraryElementByUid(c context.Context, signedInUser *models.SignedInUser, UID string) (LibraryElementDTO, error) {
+func (l *LibraryElementService) getLibraryElementByUid(c context.Context, signedInUser *user.SignedInUser, UID string) (LibraryElementDTO, error) {
 	libraryElements, err := getLibraryElements(c, l.SQLStore, signedInUser, []Pair{{key: "org_id", value: signedInUser.OrgId}, {key: "uid", value: UID}})
 	if err != nil {
 		return LibraryElementDTO{}, err
@@ -304,12 +306,12 @@ func (l *LibraryElementService) getLibraryElementByUid(c context.Context, signed
 }

 // getLibraryElementByName gets a Library Element by name.
-func (l *LibraryElementService) getLibraryElementsByName(c context.Context, signedInUser *models.SignedInUser, name string) ([]LibraryElementDTO, error) {
+func (l *LibraryElementService) getLibraryElementsByName(c context.Context, signedInUser *user.SignedInUser, name string) ([]LibraryElementDTO, error) {
 	return getLibraryElements(c, l.SQLStore, signedInUser, []Pair{{"org_id", signedInUser.OrgId}, {"name", name}})
 }

 // getAllLibraryElements gets all Library Elements.
-func (l *LibraryElementService) getAllLibraryElements(c context.Context, signedInUser *models.SignedInUser, query searchLibraryElementsQuery) (LibraryElementSearchResult, error) {
+func (l *LibraryElementService) getAllLibraryElements(c context.Context, signedInUser *user.SignedInUser, query searchLibraryElementsQuery) (LibraryElementSearchResult, error) {
 	elements := make([]LibraryElementWithMeta, 0)
 	result := LibraryElementSearchResult{}
 	if query.perPage <= 0 {
@@ -353,7 +355,7 @@ func (l *LibraryElementService) getAllLibraryElements(c context.Context, signedI
 		if err := folderFilter.writeFolderFilterSQL(false, &builder); err != nil {
 			return err
 		}
-		if signedInUser.OrgRole != models.ROLE_ADMIN {
+		if signedInUser.OrgRole != org.RoleAdmin {
 			builder.WriteDashboardPermissionFilter(signedInUser, models.PERMISSION_VIEW)
 		}
 		if query.sortDirection == search.SortAlphaDesc.Name {
@@ -428,7 +430,7 @@ func (l *LibraryElementService) getAllLibraryElements(c context.Context, signedI
 	return result, err
 }

-func (l *LibraryElementService) handleFolderIDPatches(ctx context.Context, elementToPatch *LibraryElement, fromFolderID int64, toFolderID int64, user *models.SignedInUser) error {
+func (l *LibraryElementService) handleFolderIDPatches(ctx context.Context, elementToPatch *LibraryElement, fromFolderID int64, toFolderID int64, user *user.SignedInUser) error {
 	// FolderID was not provided in the PATCH request
 	if toFolderID == -1 {
 		toFolderID = fromFolderID
@@ -452,7 +454,7 @@ func (l *LibraryElementService) handleFolderIDPatches(ctx context.Context, eleme
 }

 // patchLibraryElement updates a Library Element.
-func (l *LibraryElementService) patchLibraryElement(c context.Context, signedInUser *models.SignedInUser, cmd PatchLibraryElementCommand, uid string) (LibraryElementDTO, error) {
+func (l *LibraryElementService) patchLibraryElement(c context.Context, signedInUser *user.SignedInUser, cmd PatchLibraryElementCommand, uid string) (LibraryElementDTO, error) {
 	var dto LibraryElementDTO
 	if err := l.requireSupportedElementKind(cmd.Kind); err != nil {
 		return LibraryElementDTO{}, err
@@ -553,7 +555,7 @@ func (l *LibraryElementService) patchLibraryElement(c context.Context, signedInU
 }

 // getConnections gets all connections for a Library Element.
-func (l *LibraryElementService) getConnections(c context.Context, signedInUser *models.SignedInUser, uid string) ([]LibraryElementConnectionDTO, error) {
+func (l *LibraryElementService) getConnections(c context.Context, signedInUser *user.SignedInUser, uid string) ([]LibraryElementConnectionDTO, error) {
 	connections := make([]LibraryElementConnectionDTO, 0)
 	err := l.SQLStore.WithDbSession(c, func(session *sqlstore.DBSession) error {
 		element, err := getLibraryElement(l.SQLStore.Dialect, session, uid, signedInUser.OrgId)
@@ -567,7 +569,7 @@ func (l *LibraryElementService) getConnections(c context.Context, signedInUser *
 		builder.Write(" LEFT JOIN " + l.SQLStore.Dialect.Quote("user") + " AS u1 ON lec.created_by = u1.id")
 		builder.Write(" INNER JOIN dashboard AS dashboard on lec.connection_id = dashboard.id")
 		builder.Write(` WHERE lec.element_id=?`, element.ID)
-		if signedInUser.OrgRole != models.ROLE_ADMIN {
+		if signedInUser.OrgRole != org.RoleAdmin {
 			builder.WriteDashboardPermissionFilter(signedInUser, models.PERMISSION_VIEW)
 		}
 		if err := session.SQL(builder.GetSQLString(), builder.GetParams()...).Find(&libraryElementConnections); err != nil {
@@ -652,7 +654,7 @@ func (l *LibraryElementService) getElementsForDashboardID(c context.Context, das
 }

 // connectElementsToDashboardID adds connections for all elements Library Elements in a Dashboard.
-func (l *LibraryElementService) connectElementsToDashboardID(c context.Context, signedInUser *models.SignedInUser, elementUIDs []string, dashboardID int64) error {
+func (l *LibraryElementService) connectElementsToDashboardID(c context.Context, signedInUser *user.SignedInUser, elementUIDs []string, dashboardID int64) error {
 	err := l.SQLStore.WithTransactionalDbSession(c, func(session *sqlstore.DBSession) error {
 		_, err := session.Exec("DELETE FROM "+models.LibraryElementConnectionTableName+" WHERE kind=1 AND connection_id=?", dashboardID)
 		if err != nil {
@@ -699,7 +701,7 @@ func (l *LibraryElementService) disconnectElementsFromDashboardID(c context.Cont
 }

 // deleteLibraryElementsInFolderUID deletes all Library Elements in a folder.
-func (l *LibraryElementService) deleteLibraryElementsInFolderUID(c context.Context, signedInUser *models.SignedInUser, folderUID string) error {
+func (l *LibraryElementService) deleteLibraryElementsInFolderUID(c context.Context, signedInUser *user.SignedInUser, folderUID string) error {
 	return l.SQLStore.WithTransactionalDbSession(c, func(session *sqlstore.DBSession) error {
 		var folderUIDs []struct {
 			ID int64 `xorm:"id"`
--- a/pkg/services/libraryelements/guard.go
+++ b/pkg/services/libraryelements/guard.go
@@ -6,6 +6,8 @@ import (
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/guardian"
+	"github.com/grafana/grafana/pkg/services/org"
+	"github.com/grafana/grafana/pkg/services/user"
 )

 func isGeneralFolder(folderID int64) bool {
@@ -24,12 +26,12 @@ func (l *LibraryElementService) requireSupportedElementKind(kindAsInt int64) err
 	}
 }

-func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Context, user *models.SignedInUser, folderID int64) error {
-	if isGeneralFolder(folderID) && user.HasRole(models.ROLE_EDITOR) {
+func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
+	if isGeneralFolder(folderID) && user.HasRole(org.RoleEditor) {
 		return nil
 	}

-	if isGeneralFolder(folderID) && user.HasRole(models.ROLE_VIEWER) {
+	if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
 		return dashboards.ErrFolderAccessDenied
 	}
 	folder, err := l.folderService.GetFolderByID(ctx, user, folderID, user.OrgId)
@@ -50,8 +52,8 @@ func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Conte
 	return nil
 }

-func (l *LibraryElementService) requireViewPermissionsOnFolder(ctx context.Context, user *models.SignedInUser, folderID int64) error {
-	if isGeneralFolder(folderID) && user.HasRole(models.ROLE_VIEWER) {
+func (l *LibraryElementService) requireViewPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
+	if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
 		return nil
 	}

--- a/pkg/services/libraryelements/libraryelements.go
+++ b/pkg/services/libraryelements/libraryelements.go
@@ -5,9 +5,9 @@ import (

 	"github.com/grafana/grafana/pkg/api/routing"
 	"github.com/grafana/grafana/pkg/infra/log"
-	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 )

@@ -25,12 +25,12 @@ func ProvideService(cfg *setting.Cfg, sqlStore *sqlstore.SQLStore, routeRegister

 // Service is a service for operating on library elements.
 type Service interface {
-	CreateElement(c context.Context, signedInUser *models.SignedInUser, cmd CreateLibraryElementCommand) (LibraryElementDTO, error)
-	GetElement(c context.Context, signedInUser *models.SignedInUser, UID string) (LibraryElementDTO, error)
+	CreateElement(c context.Context, signedInUser *user.SignedInUser, cmd CreateLibraryElementCommand) (LibraryElementDTO, error)
+	GetElement(c context.Context, signedInUser *user.SignedInUser, UID string) (LibraryElementDTO, error)
 	GetElementsForDashboard(c context.Context, dashboardID int64) (map[string]LibraryElementDTO, error)
-	ConnectElementsToDashboard(c context.Context, signedInUser *models.SignedInUser, elementUIDs []string, dashboardID int64) error
+	ConnectElementsToDashboard(c context.Context, signedInUser *user.SignedInUser, elementUIDs []string, dashboardID int64) error
 	DisconnectElementsFromDashboard(c context.Context, dashboardID int64) error
-	DeleteLibraryElementsInFolder(c context.Context, signedInUser *models.SignedInUser, folderUID string) error
+	DeleteLibraryElementsInFolder(c context.Context, signedInUser *user.SignedInUser, folderUID string) error
 }

 // LibraryElementService is the service for the Library Element feature.
@@ -43,12 +43,12 @@ type LibraryElementService struct {
 }

 // CreateElement creates a Library Element.
-func (l *LibraryElementService) CreateElement(c context.Context, signedInUser *models.SignedInUser, cmd CreateLibraryElementCommand) (LibraryElementDTO, error) {
+func (l *LibraryElementService) CreateElement(c context.Context, signedInUser *user.SignedInUser, cmd CreateLibraryElementCommand) (LibraryElementDTO, error) {
 	return l.createLibraryElement(c, signedInUser, cmd)
 }

 // GetElement gets an element from a UID.
-func (l *LibraryElementService) GetElement(c context.Context, signedInUser *models.SignedInUser, UID string) (LibraryElementDTO, error) {
+func (l *LibraryElementService) GetElement(c context.Context, signedInUser *user.SignedInUser, UID string) (LibraryElementDTO, error) {
 	return l.getLibraryElementByUid(c, signedInUser, UID)
 }

@@ -58,7 +58,7 @@ func (l *LibraryElementService) GetElementsForDashboard(c context.Context, dashb
 }

 // ConnectElementsToDashboard connects elements to a specific dashboard.
-func (l *LibraryElementService) ConnectElementsToDashboard(c context.Context, signedInUser *models.SignedInUser, elementUIDs []string, dashboardID int64) error {
+func (l *LibraryElementService) ConnectElementsToDashboard(c context.Context, signedInUser *user.SignedInUser, elementUIDs []string, dashboardID int64) error {
 	return l.connectElementsToDashboardID(c, signedInUser, elementUIDs, dashboardID)
 }

@@ -68,6 +68,6 @@ func (l *LibraryElementService) DisconnectElementsFromDashboard(c context.Contex
 }

 // DeleteLibraryElementsInFolder deletes all elements for a specific folder.
-func (l *LibraryElementService) DeleteLibraryElementsInFolder(c context.Context, signedInUser *models.SignedInUser, folderUID string) error {
+func (l *LibraryElementService) DeleteLibraryElementsInFolder(c context.Context, signedInUser *user.SignedInUser, folderUID string) error {
 	return l.deleteLibraryElementsInFolderUID(c, signedInUser, folderUID)
 }
--- a/pkg/services/libraryelements/libraryelements_delete_test.go
+++ b/pkg/services/libraryelements/libraryelements_delete_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"

 	"github.com/grafana/grafana/pkg/components/simplejson"
+	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/web"
 	"github.com/stretchr/testify/require"

@@ -35,7 +36,7 @@ func TestDeleteLibraryElement(t *testing.T) {
 		func(t *testing.T, sc scenarioContext) {
 			sc.ctx.Req = web.SetURLParams(sc.ctx.Req, map[string]string{":uid": sc.initialResult.Result.UID})
 			sc.reqContext.SignedInUser.OrgId = 2
-			sc.reqContext.SignedInUser.OrgRole = models.ROLE_ADMIN
+			sc.reqContext.SignedInUser.OrgRole = org.RoleAdmin
 			resp := sc.service.deleteHandler(sc.reqContext)
 			require.Equal(t, 404, resp.Status())
 		})
--- a/pkg/services/libraryelements/libraryelements_get_all_test.go
+++ b/pkg/services/libraryelements/libraryelements_get_all_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/require"

 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/search"
 )

@@ -1240,7 +1241,7 @@ func TestGetAllLibraryElements(t *testing.T) {
 			require.Equal(t, "Text - Library Panel", result.Result.Elements[0].Name)

 			sc.reqContext.SignedInUser.OrgId = 2
-			sc.reqContext.SignedInUser.OrgRole = models.ROLE_ADMIN
+			sc.reqContext.SignedInUser.OrgRole = org.RoleAdmin
 			resp = sc.service.getAllHandler(sc.reqContext)
 			require.Equal(t, 200, resp.Status())

--- a/pkg/services/libraryelements/libraryelements_get_test.go
+++ b/pkg/services/libraryelements/libraryelements_get_test.go
@@ -5,6 +5,7 @@ import (

 	"github.com/google/go-cmp/cmp"
 	"github.com/grafana/grafana/pkg/components/simplejson"
+	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/web"
 	"github.com/stretchr/testify/require"

@@ -183,7 +184,7 @@ func TestGetLibraryElement(t *testing.T) {
 	scenarioWithPanel(t, "When an admin tries to get a library panel that exists in an other org, it should fail",
 		func(t *testing.T, sc scenarioContext) {
 			sc.reqContext.SignedInUser.OrgId = 2
-			sc.reqContext.SignedInUser.OrgRole = models.ROLE_ADMIN
+			sc.reqContext.SignedInUser.OrgRole = org.RoleAdmin

 			// by uid
 			sc.ctx.Req = web.SetURLParams(sc.ctx.Req, map[string]string{":uid": sc.initialResult.Result.UID})
--- a/pkg/services/libraryelements/libraryelements_permissions_test.go
+++ b/pkg/services/libraryelements/libraryelements_permissions_test.go
@@ -7,18 +7,19 @@ import (

 	"github.com/google/go-cmp/cmp"
 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/web"
 	"github.com/stretchr/testify/require"
 )

 func TestLibraryElementPermissions(t *testing.T) {
 	var defaultPermissions = []folderACLItem{}
-	var adminOnlyPermissions = []folderACLItem{{models.ROLE_ADMIN, models.PERMISSION_EDIT}}
-	var editorOnlyPermissions = []folderACLItem{{models.ROLE_EDITOR, models.PERMISSION_EDIT}}
-	var editorAndViewerPermissions = []folderACLItem{{models.ROLE_EDITOR, models.PERMISSION_EDIT}, {models.ROLE_VIEWER, models.PERMISSION_EDIT}}
-	var viewerOnlyPermissions = []folderACLItem{{models.ROLE_VIEWER, models.PERMISSION_EDIT}}
-	var everyonePermissions = []folderACLItem{{models.ROLE_ADMIN, models.PERMISSION_EDIT}, {models.ROLE_EDITOR, models.PERMISSION_EDIT}, {models.ROLE_VIEWER, models.PERMISSION_EDIT}}
-	var noPermissions = []folderACLItem{{models.ROLE_VIEWER, models.PERMISSION_VIEW}}
+	var adminOnlyPermissions = []folderACLItem{{org.RoleAdmin, models.PERMISSION_EDIT}}
+	var editorOnlyPermissions = []folderACLItem{{org.RoleEditor, models.PERMISSION_EDIT}}
+	var editorAndViewerPermissions = []folderACLItem{{org.RoleEditor, models.PERMISSION_EDIT}, {org.RoleViewer, models.PERMISSION_EDIT}}
+	var viewerOnlyPermissions = []folderACLItem{{org.RoleViewer, models.PERMISSION_EDIT}}
+	var everyonePermissions = []folderACLItem{{org.RoleAdmin, models.PERMISSION_EDIT}, {org.RoleEditor, models.PERMISSION_EDIT}, {org.RoleViewer, models.PERMISSION_EDIT}}
+	var noPermissions = []folderACLItem{{org.RoleViewer, models.PERMISSION_VIEW}}
 	var folderCases = [][]folderACLItem{
 		defaultPermissions,
 		adminOnlyPermissions,
@@ -36,34 +37,34 @@ func TestLibraryElementPermissions(t *testing.T) {
 	var everyoneDesc = "everyone has editor permissions"
 	var noDesc = "everyone has view permissions"
 	var accessCases = []struct {
-		role   models.RoleType
+		role   org.RoleType
 		items  []folderACLItem
 		desc   string
 		status int
 	}{
-		{models.ROLE_ADMIN, defaultPermissions, defaultDesc, 200},
-		{models.ROLE_ADMIN, adminOnlyPermissions, adminOnlyDesc, 200},
-		{models.ROLE_ADMIN, editorOnlyPermissions, editorOnlyDesc, 200},
-		{models.ROLE_ADMIN, editorAndViewerPermissions, editorAndViewerDesc, 200},
-		{models.ROLE_ADMIN, viewerOnlyPermissions, viewerOnlyDesc, 200},
-		{models.ROLE_ADMIN, everyonePermissions, everyoneDesc, 200},
-		{models.ROLE_ADMIN, noPermissions, noDesc, 200},
+		{org.RoleAdmin, defaultPermissions, defaultDesc, 200},
+		{org.RoleAdmin, adminOnlyPermissions, adminOnlyDesc, 200},
+		{org.RoleAdmin, editorOnlyPermissions, editorOnlyDesc, 200},
+		{org.RoleAdmin, editorAndViewerPermissions, editorAndViewerDesc, 200},
+		{org.RoleAdmin, viewerOnlyPermissions, viewerOnlyDesc, 200},
+		{org.RoleAdmin, everyonePermissions, everyoneDesc, 200},
+		{org.RoleAdmin, noPermissions, noDesc, 200},

-		{models.ROLE_EDITOR, defaultPermissions, defaultDesc, 200},
-		{models.ROLE_EDITOR, adminOnlyPermissions, adminOnlyDesc, 403},
-		{models.ROLE_EDITOR, editorOnlyPermissions, editorOnlyDesc, 200},
-		{models.ROLE_EDITOR, editorAndViewerPermissions, editorAndViewerDesc, 200},
-		{models.ROLE_EDITOR, viewerOnlyPermissions, viewerOnlyDesc, 403},
-		{models.ROLE_EDITOR, everyonePermissions, everyoneDesc, 200},
-		{models.ROLE_EDITOR, noPermissions, noDesc, 403},
+		{org.RoleEditor, defaultPermissions, defaultDesc, 200},
+		{org.RoleEditor, adminOnlyPermissions, adminOnlyDesc, 403},
+		{org.RoleEditor, editorOnlyPermissions, editorOnlyDesc, 200},
+		{org.RoleEditor, editorAndViewerPermissions, editorAndViewerDesc, 200},
+		{org.RoleEditor, viewerOnlyPermissions, viewerOnlyDesc, 403},
+		{org.RoleEditor, everyonePermissions, everyoneDesc, 200},
+		{org.RoleEditor, noPermissions, noDesc, 403},

-		{models.ROLE_VIEWER, defaultPermissions, defaultDesc, 403},
-		{models.ROLE_VIEWER, adminOnlyPermissions, adminOnlyDesc, 403},
-		{models.ROLE_VIEWER, editorOnlyPermissions, editorOnlyDesc, 403},
-		{models.ROLE_VIEWER, editorAndViewerPermissions, editorAndViewerDesc, 200},
-		{models.ROLE_VIEWER, viewerOnlyPermissions, viewerOnlyDesc, 200},
-		{models.ROLE_VIEWER, everyonePermissions, everyoneDesc, 200},
-		{models.ROLE_VIEWER, noPermissions, noDesc, 403},
+		{org.RoleViewer, defaultPermissions, defaultDesc, 403},
+		{org.RoleViewer, adminOnlyPermissions, adminOnlyDesc, 403},
+		{org.RoleViewer, editorOnlyPermissions, editorOnlyDesc, 403},
+		{org.RoleViewer, editorAndViewerPermissions, editorAndViewerDesc, 200},
+		{org.RoleViewer, viewerOnlyPermissions, viewerOnlyDesc, 200},
+		{org.RoleViewer, everyonePermissions, everyoneDesc, 200},
+		{org.RoleViewer, noPermissions, noDesc, 403},
 	}

 	for _, testCase := range accessCases {
@@ -128,12 +129,12 @@ func TestLibraryElementPermissions(t *testing.T) {
 	}

 	var generalFolderCases = []struct {
-		role   models.RoleType
+		role   org.RoleType
 		status int
 	}{
-		{models.ROLE_ADMIN, 200},
-		{models.ROLE_EDITOR, 200},
-		{models.ROLE_VIEWER, 403},
+		{org.RoleAdmin, 200},
+		{org.RoleEditor, 200},
+		{org.RoleViewer, 403},
 	}

 	for _, testCase := range generalFolderCases {
@@ -194,11 +195,11 @@ func TestLibraryElementPermissions(t *testing.T) {
 	}

 	var missingFolderCases = []struct {
-		role models.RoleType
+		role org.RoleType
 	}{
-		{models.ROLE_ADMIN},
-		{models.ROLE_EDITOR},
-		{models.ROLE_VIEWER},
+		{org.RoleAdmin},
+		{org.RoleEditor},
+		{org.RoleViewer},
 	}

 	for _, testCase := range missingFolderCases {
@@ -230,12 +231,12 @@ func TestLibraryElementPermissions(t *testing.T) {
 	}

 	var getCases = []struct {
-		role     models.RoleType
+		role     org.RoleType
 		statuses []int
 	}{
-		{models.ROLE_ADMIN, []int{200, 200, 200, 200, 200, 200, 200}},
-		{models.ROLE_EDITOR, []int{200, 404, 200, 200, 200, 200, 200}},
-		{models.ROLE_VIEWER, []int{200, 404, 404, 200, 200, 200, 200}},
+		{org.RoleAdmin, []int{200, 200, 200, 200, 200, 200, 200}},
+		{org.RoleEditor, []int{200, 404, 200, 200, 200, 200, 200}},
+		{org.RoleViewer, []int{200, 404, 404, 200, 200, 200, 200}},
 	}

 	for _, testCase := range getCases {
@@ -292,13 +293,13 @@ func TestLibraryElementPermissions(t *testing.T) {
 	}

 	var getAllCases = []struct {
-		role          models.RoleType
+		role          org.RoleType
 		panels        int
 		folderIndexes []int
 	}{
-		{models.ROLE_ADMIN, 7, []int{0, 1, 2, 3, 4, 5, 6}},
-		{models.ROLE_EDITOR, 6, []int{0, 2, 3, 4, 5, 6}},
-		{models.ROLE_VIEWER, 5, []int{0, 3, 4, 5, 6}},
+		{org.RoleAdmin, 7, []int{0, 1, 2, 3, 4, 5, 6}},
+		{org.RoleEditor, 6, []int{0, 2, 3, 4, 5, 6}},
+		{org.RoleViewer, 5, []int{0, 3, 4, 5, 6}},
 	}

 	for _, testCase := range getAllCases {
--- a/pkg/services/libraryelements/libraryelements_test.go
+++ b/pkg/services/libraryelements/libraryelements_test.go
@@ -23,6 +23,7 @@ import (
 	dashboardservice "github.com/grafana/grafana/pkg/services/dashboards/service"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/guardian"
+	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
 	"github.com/grafana/grafana/pkg/services/user"
@@ -248,18 +249,18 @@ type scenarioContext struct {
 	ctx           *web.Context
 	service       *LibraryElementService
 	reqContext    *models.ReqContext
-	user          models.SignedInUser
+	user          user.SignedInUser
 	folder        *models.Folder
 	initialResult libraryElementResult
 	sqlStore      *sqlstore.SQLStore
 }

 type folderACLItem struct {
-	roleType   models.RoleType
+	roleType   org.RoleType
 	permission models.PermissionType
 }

-func createDashboard(t *testing.T, sqlStore *sqlstore.SQLStore, user models.SignedInUser, dash *models.Dashboard, folderID int64) *models.Dashboard {
+func createDashboard(t *testing.T, sqlStore *sqlstore.SQLStore, user user.SignedInUser, dash *models.Dashboard, folderID int64) *models.Dashboard {
 	dash.FolderId = folderID
 	dashItem := &dashboards.SaveDashboardDTO{
 		Dashboard: dash,
@@ -287,7 +288,7 @@ func createDashboard(t *testing.T, sqlStore *sqlstore.SQLStore, user models.Sign
 	return dashboard
 }

-func createFolderWithACL(t *testing.T, sqlStore *sqlstore.SQLStore, title string, user models.SignedInUser,
+func createFolderWithACL(t *testing.T, sqlStore *sqlstore.SQLStore, title string, user user.SignedInUser,
 	items []folderACLItem) *models.Folder {
 	t.Helper()

@@ -399,7 +400,7 @@ func testScenario(t *testing.T, desc string, fn func(t *testing.T, sc scenarioCo
 			},
 		}}
 		orgID := int64(1)
-		role := models.ROLE_ADMIN
+		role := org.RoleAdmin
 		sqlStore := sqlstore.InitTestDB(t)
 		dashboardStore := database.ProvideDashboardStore(sqlStore, featuremgmt.WithFeatures())
 		features := featuremgmt.WithFeatures()
@@ -422,7 +423,7 @@ func testScenario(t *testing.T, desc string, fn func(t *testing.T, sc scenarioCo
 			),
 		}

-		usr := models.SignedInUser{
+		usr := user.SignedInUser{
 			UserId:     1,
 			Name:       "Signed In User",
 			Login:      "signed_in_user",