search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'MDL-81073' of https://github.com/paulholden/moodle
[moodle.git] / lib / db / access.php
blob69b687aef83a3f052c254e8eaed461034c1a6b5d
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * Capability definitions for Moodle core.
19 *
20 * The capabilities are loaded into the database table when the module is
21 * installed or updated. Whenever the capability definitions are updated,
22 * the module version number should be bumped up.
23 *
24 * The system has four possible values for a capability:
25 * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26 *
27 *
28 * CAPABILITY NAMING CONVENTION
29 *
30 * It is important that capability names are unique. The naming convention
31 * for capabilities that are specific to modules and blocks is as follows:
32 * [mod/block]/<plugin_name>:<capabilityname>
33 *
34 * component_name should be the same as the directory name of the mod or block.
35 *
36 * Core moodle capabilities are defined thus:
37 * moodle/<capabilityclass>:<capabilityname>
38 *
39 * Examples: mod/forum:viewpost
40 * block/recent_activity:view
41 * moodle/site:deleteuser
42 *
43 * The variable name for the capability definitions array is $capabilities
44 *
45 * For more information, take a look to the documentation available:
46 * - Access API: {@link https://moodledev.io/docs/apis/subsystems/access}
47 * - Upgrade API: {@link https://moodledev.io/docs/guides/upgrade}
48 *
49 * @package core_access
50 * @category access
51 * @copyright 2006 onwards Martin Dougiamas http://dougiamas.com
52 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53 */
54
55 defined('MOODLE_INTERNAL') || die();
56
57 $capabilities = array(
58 'moodle/site:config' => array(
59
60 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
61
62 'captype' => 'write',
63 'contextlevel' => CONTEXT_SYSTEM,
64 'archetypes' => array(
65 )
66 ),
67 'moodle/site:configview' => array(
68 'captype' => 'read',
69 'contextlevel' => CONTEXT_SYSTEM,
70 'archetypes' => array(
71 'manager' => CAP_ALLOW,
72 'coursecreator' => CAP_ALLOW,
73 )
74 ),
75
76 'moodle/site:readallmessages' => array(
77
78 'riskbitmask' => RISK_PERSONAL,
79
80 'captype' => 'read',
81 'contextlevel' => CONTEXT_SYSTEM,
82 'archetypes' => array(
83 'manager' => CAP_ALLOW,
84 'editingteacher' => CAP_ALLOW
85 )
86 ),
87
88 'moodle/site:manageallmessaging' => array(
89
90 'riskbitmask' => RISK_PERSONAL,
91
92 'captype' => 'write',
93 'contextlevel' => CONTEXT_SYSTEM,
94 'archetypes' => array(
95 'manager' => CAP_ALLOW
96 )
97 ),
98
99 'moodle/site:deleteanymessage' => array(
100
101 'riskbitmask' => RISK_DATALOSS,
102
103 'captype' => 'write',
104 'contextlevel' => CONTEXT_SYSTEM,
105 'archetypes' => array(
106 'manager' => CAP_ALLOW
107 )
108 ),
109
110 'moodle/site:sendmessage' => array(
111
112 'riskbitmask' => RISK_SPAM,
113
114 'captype' => 'write',
115 'contextlevel' => CONTEXT_SYSTEM,
116 'archetypes' => array(
117 'manager' => CAP_ALLOW,
118 'user' => CAP_ALLOW
119 )
120 ),
121
122 'moodle/site:senderrormessage' => [
123 'riskbitmask' => RISK_SPAM,
124 'captype' => 'write',
125 'contextlevel' => CONTEXT_SYSTEM,
126 'archetypes' => array(
127 'user' => CAP_ALLOW
128 )
129 ],
130
131 'moodle/site:deleteownmessage' => array(
132
133 'captype' => 'write',
134 'contextlevel' => CONTEXT_SYSTEM,
135 'archetypes' => array(
136 'user' => CAP_ALLOW
137 )
138 ),
139
140 'moodle/site:approvecourse' => array(
141
142 'riskbitmask' => RISK_XSS,
143
144 'captype' => 'write',
145 'contextlevel' => CONTEXT_COURSECAT,
146 'archetypes' => array(
147 'manager' => CAP_ALLOW
148 )
149 ),
150
151 'moodle/backup:backupcourse' => array(
152
153 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
154
155 'captype' => 'write',
156 'contextlevel' => CONTEXT_COURSE,
157 'archetypes' => array(
158 'editingteacher' => CAP_ALLOW,
159 'manager' => CAP_ALLOW
160 ),
161
162 'clonepermissionsfrom' => 'moodle/site:backup'
163 ),
164
165 'moodle/backup:backupsection' => array(
166
167 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
168
169 'captype' => 'write',
170 'contextlevel' => CONTEXT_COURSE,
171 'archetypes' => array(
172 'editingteacher' => CAP_ALLOW,
173 'manager' => CAP_ALLOW
174 ),
175
176 'clonepermissionsfrom' => 'moodle/backup:backupcourse'
177 ),
178
179 'moodle/backup:backupactivity' => array(
180
181 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
182
183 'captype' => 'write',
184 'contextlevel' => CONTEXT_MODULE,
185 'archetypes' => array(
186 'editingteacher' => CAP_ALLOW,
187 'manager' => CAP_ALLOW
188 ),
189
190 'clonepermissionsfrom' => 'moodle/backup:backupcourse'
191 ),
192
193 'moodle/backup:backuptargetimport' => array(
194
195 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
196
197 'captype' => 'read',
198 'contextlevel' => CONTEXT_COURSE,
199 'archetypes' => array(
200 'editingteacher' => CAP_ALLOW,
201 'manager' => CAP_ALLOW
202 ),
203
204 'clonepermissionsfrom' => 'moodle/backup:backupcourse'
205 ),
206
207 'moodle/backup:downloadfile' => array(
208
209 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
210
211 'captype' => 'write',
212 'contextlevel' => CONTEXT_COURSE,
213 'archetypes' => array(
214 'editingteacher' => CAP_ALLOW,
215 'manager' => CAP_ALLOW
216 ),
217
218 'clonepermissionsfrom' => 'moodle/site:backupdownload'
219 ),
220
221 'moodle/backup:configure' => array(
222
223 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
224
225 'captype' => 'write',
226 'contextlevel' => CONTEXT_COURSE,
227 'archetypes' => array(
228 'editingteacher' => CAP_ALLOW,
229 'manager' => CAP_ALLOW
230 )
231 ),
232
233 'moodle/backup:userinfo' => array(
234
235 'riskbitmask' => RISK_PERSONAL,
236
237 'captype' => 'read',
238 'contextlevel' => CONTEXT_COURSE,
239 'archetypes' => array(
240 'manager' => CAP_ALLOW
241 )
242 ),
243
244 'moodle/backup:anonymise' => array(
245
246 'riskbitmask' => RISK_PERSONAL,
247
248 'captype' => 'read',
249 'contextlevel' => CONTEXT_COURSE,
250 'archetypes' => array(
251 'manager' => CAP_ALLOW
252 )
253 ),
254
255 'moodle/restore:restorecourse' => array(
256
257 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
258
259 'captype' => 'write',
260 'contextlevel' => CONTEXT_COURSE,
261 'archetypes' => array(
262 'editingteacher' => CAP_ALLOW,
263 'manager' => CAP_ALLOW
264 ),
265
266 'clonepermissionsfrom' => 'moodle/site:restore'
267 ),
268
269 'moodle/restore:restoresection' => array(
270
271 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
272
273 'captype' => 'write',
274 'contextlevel' => CONTEXT_COURSE,
275 'archetypes' => array(
276 'editingteacher' => CAP_ALLOW,
277 'manager' => CAP_ALLOW
278 ),
279
280 'clonepermissionsfrom' => 'moodle/restore:restorecourse'
281 ),
282
283 'moodle/restore:restoreactivity' => array(
284
285 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
286
287 'captype' => 'write',
288 'contextlevel' => CONTEXT_COURSE,
289 'archetypes' => array(
290 'editingteacher' => CAP_ALLOW,
291 'manager' => CAP_ALLOW
292 ),
293
294 'clonepermissionsfrom' => 'moodle/restore:restorecourse'
295 ),
296
297 'moodle/restore:viewautomatedfilearea' => array(
298
299 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
300
301 'captype' => 'write',
302 'contextlevel' => CONTEXT_COURSE,
303 'archetypes' => array(
304 'editingteacher' => CAP_ALLOW,
305 'manager' => CAP_ALLOW
306 ),
307 ),
308
309 'moodle/restore:restoretargetimport' => array(
310
311 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
312
313 'captype' => 'write',
314 'contextlevel' => CONTEXT_COURSE,
315 'archetypes' => array(
316 'editingteacher' => CAP_ALLOW,
317 'manager' => CAP_ALLOW
318 ),
319
320 'clonepermissionsfrom' => 'moodle/site:import'
321 ),
322
323 'moodle/restore:uploadfile' => array(
324
325 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
326
327 'captype' => 'write',
328 'contextlevel' => CONTEXT_COURSE,
329 'archetypes' => array(
330 'editingteacher' => CAP_ALLOW,
331 'manager' => CAP_ALLOW
332 ),
333
334 'clonepermissionsfrom' => 'moodle/site:backupupload'
335 ),
336
337 'moodle/restore:configure' => array(
338
339 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
340
341 'captype' => 'write',
342 'contextlevel' => CONTEXT_COURSE,
343 'archetypes' => array(
344 'editingteacher' => CAP_ALLOW,
345 'manager' => CAP_ALLOW
346 )
347 ),
348
349 'moodle/restore:rolldates' => array(
350
351 'captype' => 'write',
352 'contextlevel' => CONTEXT_COURSE,
353 'archetypes' => array(
354 'coursecreator' => CAP_ALLOW,
355 'manager' => CAP_ALLOW
356 )
357 ),
358
359 'moodle/restore:userinfo' => array(
360
361 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
362
363 'captype' => 'write',
364 'contextlevel' => CONTEXT_COURSE,
365 'archetypes' => array(
366 'manager' => CAP_ALLOW
367 )
368 ),
369
370 'moodle/restore:createuser' => array(
371
372 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
373
374 'captype' => 'write',
375 'contextlevel' => CONTEXT_SYSTEM,
376 'archetypes' => array(
377 'manager' => CAP_ALLOW
378 )
379 ),
380
381 'moodle/site:manageblocks' => array(
382
383 'riskbitmask' => RISK_SPAM | RISK_XSS,
384
385 'captype' => 'write',
386 'contextlevel' => CONTEXT_BLOCK,
387 'archetypes' => array(
388 'editingteacher' => CAP_ALLOW,
389 'manager' => CAP_ALLOW
390 )
391 ),
392
393 'moodle/site:accessallgroups' => array(
394
395 'captype' => 'read',
396 'contextlevel' => CONTEXT_MODULE,
397 'archetypes' => array(
398 'editingteacher' => CAP_ALLOW,
399 'manager' => CAP_ALLOW
400 )
401 ),
402
403 'moodle/site:viewanonymousevents' => array(
404
405 'riskbitmask' => RISK_PERSONAL,
406
407 'captype' => 'read',
408 'contextlevel' => CONTEXT_MODULE,
409 'archetypes' => array(
410 'manager' => CAP_ALLOW,
411 )
412 ),
413
414 'moodle/site:viewfullnames' => array(
415
416 'captype' => 'read',
417 'contextlevel' => CONTEXT_MODULE,
418 'archetypes' => array(
419 'teacher' => CAP_ALLOW,
420 'editingteacher' => CAP_ALLOW,
421 'manager' => CAP_ALLOW
422 )
423 ),
424
425 // In reports that give lists of users, extra information about each user's
426 // identity (the fields configured in site option showuseridentity) will be
427 // displayed to users who have this capability.
428 'moodle/site:viewuseridentity' => array(
429
430 'captype' => 'read',
431 'contextlevel' => CONTEXT_MODULE,
432 'archetypes' => array(
433 'teacher' => CAP_ALLOW,
434 'editingteacher' => CAP_ALLOW,
435 'manager' => CAP_ALLOW
436 )
437 ),
438
439 'moodle/site:viewreports' => array(
440
441 'riskbitmask' => RISK_PERSONAL,
442
443 'captype' => 'read',
444 'contextlevel' => CONTEXT_COURSE,
445 'archetypes' => array(
446 'teacher' => CAP_ALLOW,
447 'editingteacher' => CAP_ALLOW,
448 'manager' => CAP_ALLOW
449 )
450 ),
451
452 'moodle/site:trustcontent' => array(
453
454 'riskbitmask' => RISK_XSS,
455
456 'captype' => 'write',
457 'contextlevel' => CONTEXT_MODULE,
458 'archetypes' => array(
459 'editingteacher' => CAP_ALLOW,
460 'manager' => CAP_ALLOW
461 )
462 ),
463
464 'moodle/site:uploadusers' => array(
465
466 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
467
468 'captype' => 'write',
469 'contextlevel' => CONTEXT_SYSTEM,
470 'archetypes' => array(
471 'manager' => CAP_ALLOW
472 )
473 ),
474
475 // Permission to manage filter setting overrides in subcontexts.
476 'moodle/filter:manage' => array(
477
478 'captype' => 'write',
479 'contextlevel' => CONTEXT_COURSE,
480 'archetypes' => array(
481 'editingteacher' => CAP_ALLOW,
482 'manager' => CAP_ALLOW,
483 )
484 ),
485
486 'moodle/user:create' => array(
487
488 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
489
490 'captype' => 'write',
491 'contextlevel' => CONTEXT_SYSTEM,
492 'archetypes' => array(
493 'manager' => CAP_ALLOW
494 )
495 ),
496
497 'moodle/user:delete' => array(
498
499 'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS,
500
501 'captype' => 'write',
502 'contextlevel' => CONTEXT_SYSTEM,
503 'archetypes' => array(
504 'manager' => CAP_ALLOW
505 )
506 ),
507
508 'moodle/user:update' => array(
509
510 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
511
512 'captype' => 'write',
513 'contextlevel' => CONTEXT_SYSTEM,
514 'archetypes' => array(
515 'manager' => CAP_ALLOW
516 )
517 ),
518
519 'moodle/user:viewdetails' => array(
520
521 'captype' => 'read',
522 'contextlevel' => CONTEXT_COURSE,
523 'archetypes' => array(
524 'guest' => CAP_ALLOW,
525 'student' => CAP_ALLOW,
526 'teacher' => CAP_ALLOW,
527 'editingteacher' => CAP_ALLOW,
528 'manager' => CAP_ALLOW
529 )
530 ),
531
532 'moodle/user:viewalldetails' => array(
533 'riskbitmask' => RISK_PERSONAL,
534 'captype' => 'read',
535 'contextlevel' => CONTEXT_USER,
536 'archetypes' => array(
537 'manager' => CAP_ALLOW
538 ),
539 'clonepermissionsfrom' => 'moodle/user:update'
540 ),
541
542 'moodle/user:viewlastip' => array(
543 'riskbitmask' => RISK_PERSONAL,
544 'captype' => 'read',
545 'contextlevel' => CONTEXT_USER,
546 'archetypes' => array(
547 'manager' => CAP_ALLOW
548 ),
549 'clonepermissionsfrom' => 'moodle/user:update'
550 ),
551
552 'moodle/user:viewhiddendetails' => array(
553
554 'riskbitmask' => RISK_PERSONAL,
555
556 'captype' => 'read',
557 'contextlevel' => CONTEXT_COURSE,
558 'archetypes' => array(
559 'teacher' => CAP_ALLOW,
560 'editingteacher' => CAP_ALLOW,
561 'manager' => CAP_ALLOW
562 )
563 ),
564
565 'moodle/user:loginas' => array(
566
567 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
568
569 'captype' => 'write',
570 'contextlevel' => CONTEXT_COURSE,
571 'archetypes' => array(
572 'manager' => CAP_ALLOW
573 )
574 ),
575
576 // can the user manage the system default profile page?
577 'moodle/user:managesyspages' => array(
578
579 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
580
581 'captype' => 'write',
582 'contextlevel' => CONTEXT_SYSTEM,
583 'archetypes' => array(
584 'manager' => CAP_ALLOW
585 )
586 ),
587
588 // can the user manage another user's profile page?
589 'moodle/user:manageblocks' => array(
590
591 'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
592
593 'captype' => 'write',
594 'contextlevel' => CONTEXT_USER
595 ),
596
597 // can the user manage their own profile page?
598 'moodle/user:manageownblocks' => array(
599
600 'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
601
602 'captype' => 'write',
603 'contextlevel' => CONTEXT_SYSTEM,
604 'archetypes' => array(
605 'user' => CAP_ALLOW
606 )
607 ),
608
609 // can the user manage their own files?
610 'moodle/user:manageownfiles' => array(
611
612 'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
613
614 'captype' => 'write',
615 'contextlevel' => CONTEXT_SYSTEM,
616 'archetypes' => array(
617 'user' => CAP_ALLOW
618 )
619 ),
620
621 // Can the user ignore the setting userquota?
622 // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
623 'moodle/user:ignoreuserquota' => array(
624 'riskbitmap' => RISK_SPAM,
625 'captype' => 'write',
626 'contextlevel' => CONTEXT_SYSTEM,
627 'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
628 ),
629
630 // can the user manage the system default dashboard page?
631 'moodle/my:configsyspages' => array(
632
633 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
634
635 'captype' => 'write',
636 'contextlevel' => CONTEXT_SYSTEM,
637 'archetypes' => array(
638 'manager' => CAP_ALLOW
639 )
640 ),
641
642 'moodle/role:assign' => array(
643
644 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
645
646 'captype' => 'write',
647 'contextlevel' => CONTEXT_COURSE,
648 'archetypes' => array(
649 'editingteacher' => CAP_ALLOW,
650 'manager' => CAP_ALLOW
651 )
652 ),
653
654 'moodle/role:review' => array(
655
656 'riskbitmask' => RISK_PERSONAL,
657
658 'captype' => 'read',
659 'contextlevel' => CONTEXT_COURSE,
660 'archetypes' => array(
661 'teacher' => CAP_ALLOW,
662 'editingteacher' => CAP_ALLOW,
663 'manager' => CAP_ALLOW
664 )
665 ),
666
667 // The ability to override the permissions for any capability.
668 'moodle/role:override' => array(
669
670 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
671
672 'captype' => 'write',
673 'contextlevel' => CONTEXT_COURSE,
674 'archetypes' => array(
675 'manager' => CAP_ALLOW
676 )
677 ),
678
679 // The ability to override the permissions for 'safe' capabilities (those without risks).
680 // If a user has moodle/role:override then you should not check this capability.
681 'moodle/role:safeoverride' => array(
682
683 'riskbitmask' => RISK_SPAM,
684
685 'captype' => 'write',
686 'contextlevel' => CONTEXT_COURSE,
687 'archetypes' => array(
688 'editingteacher' => CAP_ALLOW
689 )
690 ),
691
692 'moodle/role:manage' => array(
693
694 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
695
696 'captype' => 'write',
697 'contextlevel' => CONTEXT_SYSTEM,
698 'archetypes' => array(
699 'manager' => CAP_ALLOW
700 )
701 ),
702
703 'moodle/role:switchroles' => array(
704
705 'riskbitmask' => RISK_XSS | RISK_PERSONAL,
706
707 'captype' => 'read',
708 'contextlevel' => CONTEXT_COURSE,
709 'archetypes' => array(
710 'editingteacher' => CAP_ALLOW,
711 'manager' => CAP_ALLOW
712 )
713 ),
714
715 // Create, update and delete course categories. (Deleting a course category
716 // does not let you delete the courses it contains, unless you also have
717 // moodle/course: delete.) Creating and deleting requires this permission in
718 // the parent category.
719 'moodle/category:manage' => array(
720
721 'riskbitmask' => RISK_XSS,
722
723 'captype' => 'write',
724 'contextlevel' => CONTEXT_COURSECAT,
725 'archetypes' => array(
726 'manager' => CAP_ALLOW
727 ),
728 'clonepermissionsfrom' => 'moodle/category:update'
729 ),
730
731 'moodle/category:viewcourselist' => array(
732
733 'captype' => 'read',
734 'contextlevel' => CONTEXT_COURSECAT,
735 'archetypes' => array(
736 'guest' => CAP_ALLOW,
737 'user' => CAP_ALLOW,
738 )
739 ),
740
741 'moodle/category:viewhiddencategories' => array(
742
743 'captype' => 'read',
744 'contextlevel' => CONTEXT_COURSECAT,
745 'archetypes' => array(
746 'coursecreator' => CAP_ALLOW,
747 'manager' => CAP_ALLOW
748 ),
749 'clonepermissionsfrom' => 'moodle/category:visibility'
750 ),
751
752 // create, delete, move cohorts in system and course categories,
753 // (cohorts with component !== null can be only moved)
754 'moodle/cohort:manage' => array(
755
756 'captype' => 'write',
757 'contextlevel' => CONTEXT_COURSECAT,
758 'archetypes' => array(
759 'manager' => CAP_ALLOW
760 )
761 ),
762
763 // add and remove cohort members (only for cohorts where component !== null)
764 'moodle/cohort:assign' => array(
765
766 'captype' => 'write',
767 'contextlevel' => CONTEXT_COURSECAT,
768 'archetypes' => array(
769 'manager' => CAP_ALLOW
770 )
771 ),
772
773 // View visible and hidden cohorts defined in the current context.
774 'moodle/cohort:view' => array(
775
776 'captype' => 'read',
777 'contextlevel' => CONTEXT_COURSE,
778 'archetypes' => array(
779 'editingteacher' => CAP_ALLOW,
780 'manager' => CAP_ALLOW
781 )
782 ),
783
784 'moodle/cohort:configurecustomfields' => array(
785 'riskbitmask' => RISK_SPAM,
786 'captype' => 'write',
787 'contextlevel' => CONTEXT_SYSTEM,
788 'clonepermissionsfrom' => 'moodle/site:config'
789 ),
790
791 'moodle/group:configurecustomfields' => array(
792 'riskbitmask' => RISK_SPAM,
793 'captype' => 'write',
794 'contextlevel' => CONTEXT_SYSTEM,
795 'clonepermissionsfrom' => 'moodle/site:config'
796 ),
797
798 'moodle/course:create' => array(
799
800 'riskbitmask' => RISK_XSS,
801
802 'captype' => 'write',
803 'contextlevel' => CONTEXT_COURSECAT,
804 'archetypes' => array(
805 'coursecreator' => CAP_ALLOW,
806 'manager' => CAP_ALLOW
807 )
808 ),
809
810 'moodle/course:creategroupconversations' => array(
811 'riskbitmask' => RISK_XSS,
812 'captype' => 'write',
813 'contextlevel' => CONTEXT_COURSE,
814 'archetypes' => array(
815 'editingteacher' => CAP_ALLOW,
816 'manager' => CAP_ALLOW
817 )
818 ),
819
820 'moodle/course:request' => array(
821 'captype' => 'write',
822 'contextlevel' => CONTEXT_COURSECAT,
823 ),
824
825 'moodle/course:delete' => array(
826
827 'riskbitmask' => RISK_DATALOSS,
828
829 'captype' => 'write',
830 'contextlevel' => CONTEXT_COURSE,
831 'archetypes' => array(
832 'manager' => CAP_ALLOW
833 )
834 ),
835
836 'moodle/course:update' => array(
837
838 'riskbitmask' => RISK_XSS,
839
840 'captype' => 'write',
841 'contextlevel' => CONTEXT_COURSE,
842 'archetypes' => array(
843 'editingteacher' => CAP_ALLOW,
844 'manager' => CAP_ALLOW
845 )
846 ),
847
848 'moodle/course:view' => array(
849
850 'captype' => 'read',
851 'contextlevel' => CONTEXT_COURSE,
852 'archetypes' => array(
853 'manager' => CAP_ALLOW,
854 )
855 ),
856
857 /* review course enrolments - no group restrictions, it is really full access to all participants info*/
858 'moodle/course:enrolreview' => array(
859
860 'riskbitmask' => RISK_PERSONAL,
861
862 'captype' => 'read',
863 'contextlevel' => CONTEXT_COURSE,
864 'archetypes' => array(
865 'editingteacher' => CAP_ALLOW,
866 'manager' => CAP_ALLOW,
867 )
868 ),
869
870 /* add, remove, hide enrol instances in courses */
871 'moodle/course:enrolconfig' => array(
872
873 'riskbitmask' => RISK_PERSONAL,
874
875 'captype' => 'write',
876 'contextlevel' => CONTEXT_COURSE,
877 'archetypes' => array(
878 'editingteacher' => CAP_ALLOW,
879 'manager' => CAP_ALLOW,
880 )
881 ),
882
883 'moodle/course:reviewotherusers' => array(
884
885 'captype' => 'read',
886 'contextlevel' => CONTEXT_COURSE,
887 'archetypes' => array(
888 'editingteacher' => CAP_ALLOW,
889 'manager' => CAP_ALLOW,
890 ),
891 'clonepermissionsfrom' => 'moodle/role:assign'
892 ),
893
894 'moodle/course:bulkmessaging' => array(
895
896 'riskbitmask' => RISK_SPAM,
897
898 'captype' => 'write',
899 'contextlevel' => CONTEXT_COURSE,
900 'archetypes' => array(
901 'teacher' => CAP_ALLOW,
902 'editingteacher' => CAP_ALLOW,
903 'manager' => CAP_ALLOW
904 )
905 ),
906
907 'moodle/course:viewhiddenuserfields' => array(
908
909 'riskbitmask' => RISK_PERSONAL,
910
911 'captype' => 'read',
912 'contextlevel' => CONTEXT_COURSE,
913 'archetypes' => array(
914 'teacher' => CAP_ALLOW,
915 'editingteacher' => CAP_ALLOW,
916 'manager' => CAP_ALLOW
917 )
918 ),
919
920 'moodle/course:viewhiddencourses' => array(
921
922 'captype' => 'read',
923 'contextlevel' => CONTEXT_COURSE,
924 'archetypes' => array(
925 'coursecreator' => CAP_ALLOW,
926 'teacher' => CAP_ALLOW,
927 'editingteacher' => CAP_ALLOW,
928 'manager' => CAP_ALLOW
929 )
930 ),
931
932 'moodle/course:visibility' => array(
933
934 'captype' => 'write',
935 'contextlevel' => CONTEXT_COURSE,
936 'archetypes' => array(
937 'editingteacher' => CAP_ALLOW,
938 'manager' => CAP_ALLOW
939 )
940 ),
941
942 'moodle/course:managefiles' => array(
943
944 'riskbitmask' => RISK_XSS,
945
946 'captype' => 'write',
947 'contextlevel' => CONTEXT_COURSE,
948 'archetypes' => array(
949 'editingteacher' => CAP_ALLOW,
950 'manager' => CAP_ALLOW
951 )
952 ),
953
954 'moodle/course:ignoreavailabilityrestrictions' => array(
955 'captype' => 'read',
956 'contextlevel' => CONTEXT_MODULE,
957 'archetypes' => array(
958 'manager' => CAP_ALLOW,
959 'coursecreator' => CAP_ALLOW,
960 'editingteacher' => CAP_ALLOW,
961 'teacher' => CAP_ALLOW,
962 ),
963 'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities'
964 ),
965
966 'moodle/course:ignorefilesizelimits' => array(
967
968 'captype' => 'write',
969 'contextlevel' => CONTEXT_COURSE,
970 'archetypes' => array(
971 )
972 ),
973
974 'moodle/course:manageactivities' => array(
975
976 'riskbitmask' => RISK_XSS,
977
978 'captype' => 'write',
979 'contextlevel' => CONTEXT_MODULE,
980 'archetypes' => array(
981 'editingteacher' => CAP_ALLOW,
982 'manager' => CAP_ALLOW
983 )
984 ),
985
986 'moodle/course:activityvisibility' => array(
987
988 'captype' => 'write',
989 'contextlevel' => CONTEXT_MODULE,
990 'archetypes' => array(
991 'editingteacher' => CAP_ALLOW,
992 'manager' => CAP_ALLOW
993 )
994 ),
995
996 'moodle/course:viewhiddenactivities' => array(
997
998 'captype' => 'read',
999 'contextlevel' => CONTEXT_MODULE,
1000 'archetypes' => array(
1001 'teacher' => CAP_ALLOW,
1002 'editingteacher' => CAP_ALLOW,
1003 'manager' => CAP_ALLOW
1004 )
1005 ),
1006
1007 'moodle/course:viewparticipants' => array(
1008
1009 'captype' => 'read',
1010 'contextlevel' => CONTEXT_COURSE,
1011 'archetypes' => array(
1012 'student' => CAP_ALLOW,
1013 'teacher' => CAP_ALLOW,
1014 'editingteacher' => CAP_ALLOW,
1015 'manager' => CAP_ALLOW
1016 )
1017 ),
1018
1019 'moodle/course:changefullname' => array(
1020
1021 'riskbitmask' => RISK_XSS,
1022
1023 'captype' => 'write',
1024 'contextlevel' => CONTEXT_COURSE,
1025 'archetypes' => array(
1026 'editingteacher' => CAP_ALLOW,
1027 'manager' => CAP_ALLOW
1028 ),
1029 'clonepermissionsfrom' => 'moodle/course:update'
1030 ),
1031
1032 'moodle/course:changeshortname' => array(
1033
1034 'riskbitmask' => RISK_XSS,
1035
1036 'captype' => 'write',
1037 'contextlevel' => CONTEXT_COURSE,
1038 'archetypes' => array(
1039 'editingteacher' => CAP_ALLOW,
1040 'manager' => CAP_ALLOW
1041 ),
1042 'clonepermissionsfrom' => 'moodle/course:update'
1043 ),
1044
1045 'moodle/course:changelockedcustomfields' => array(
1046
1047 'riskbitmask' => RISK_SPAM,
1048
1049 'captype' => 'write',
1050 'contextlevel' => CONTEXT_COURSE,
1051 'archetypes' => array(
1052 'manager' => CAP_ALLOW
1053 ),
1054 ),
1055
1056 'moodle/course:configurecustomfields' => array(
1057
1058 'riskbitmask' => RISK_SPAM,
1059
1060 'captype' => 'write',
1061 'contextlevel' => CONTEXT_SYSTEM,
1062 'clonepermissionsfrom' => 'moodle/site:config'
1063 ),
1064
1065 'moodle/course:renameroles' => array(
1066 'captype' => 'write',
1067 'contextlevel' => CONTEXT_COURSE,
1068 'archetypes' => array(
1069 'editingteacher' => CAP_ALLOW,
1070 'manager' => CAP_ALLOW
1071 ),
1072 'clonepermissionsfrom' => 'moodle/course:update'
1073 ),
1074
1075 'moodle/course:changeidnumber' => array(
1076
1077 'riskbitmask' => RISK_XSS,
1078
1079 'captype' => 'write',
1080 'contextlevel' => CONTEXT_COURSE,
1081 'archetypes' => array(
1082 'editingteacher' => CAP_ALLOW,
1083 'manager' => CAP_ALLOW
1084 ),
1085 'clonepermissionsfrom' => 'moodle/course:update'
1086 ),
1087 'moodle/course:changecategory' => array(
1088 'riskbitmask' => RISK_XSS,
1089
1090 'captype' => 'write',
1091 'contextlevel' => CONTEXT_COURSE,
1092 'archetypes' => array(
1093 'editingteacher' => CAP_ALLOW,
1094 'manager' => CAP_ALLOW
1095 ),
1096 'clonepermissionsfrom' => 'moodle/course:update'
1097 ),
1098
1099 'moodle/course:changesummary' => array(
1100 'riskbitmask' => RISK_XSS,
1101
1102 'captype' => 'write',
1103 'contextlevel' => CONTEXT_COURSE,
1104 'archetypes' => array(
1105 'editingteacher' => CAP_ALLOW,
1106 'manager' => CAP_ALLOW
1107 ),
1108 'clonepermissionsfrom' => 'moodle/course:update'
1109 ),
1110
1111 // Ability to set a forced language for a course or activity.
1112 'moodle/course:setforcedlanguage' => array(
1113 'captype' => 'write',
1114 'contextlevel' => CONTEXT_COURSE,
1115 'archetypes' => array(
1116 'editingteacher' => CAP_ALLOW,
1117 'manager' => CAP_ALLOW
1118 ),
1119 'clonepermissionsfrom' => 'moodle/course:update'
1120 ),
1121
1122
1123 'moodle/site:viewparticipants' => array(
1124
1125 'captype' => 'read',
1126 'contextlevel' => CONTEXT_SYSTEM,
1127 'archetypes' => array(
1128 'manager' => CAP_ALLOW
1129 )
1130 ),
1131
1132 'moodle/course:isincompletionreports' => array(
1133 'captype' => 'read',
1134 'contextlevel' => CONTEXT_COURSE,
1135 'archetypes' => array(
1136 'student' => CAP_ALLOW,
1137 ),
1138 ),
1139
1140 'moodle/course:viewscales' => array(
1141
1142 'captype' => 'read',
1143 'contextlevel' => CONTEXT_COURSE,
1144 'archetypes' => array(
1145 'student' => CAP_ALLOW,
1146 'teacher' => CAP_ALLOW,
1147 'editingteacher' => CAP_ALLOW,
1148 'manager' => CAP_ALLOW
1149 )
1150 ),
1151
1152 'moodle/course:managescales' => array(
1153
1154 'captype' => 'write',
1155 'contextlevel' => CONTEXT_COURSE,
1156 'archetypes' => array(
1157 'editingteacher' => CAP_ALLOW,
1158 'manager' => CAP_ALLOW
1159 )
1160 ),
1161
1162 'moodle/course:managegroups' => array(
1163 'riskbitmask' => RISK_XSS,
1164
1165 'captype' => 'write',
1166 'contextlevel' => CONTEXT_COURSE,
1167 'archetypes' => array(
1168 'editingteacher' => CAP_ALLOW,
1169 'manager' => CAP_ALLOW
1170 )
1171 ),
1172
1173 'moodle/course:viewhiddengroups' => array(
1174 'riskbitmask' => RISK_PERSONAL,
1175 'captype' => 'READ',
1176 'contextlevel' => CONTEXT_COURSE,
1177 'archetypes' => array(
1178 'teacher' => CAP_ALLOW,
1179 'editingteacher' => CAP_ALLOW,
1180 'manager' => CAP_ALLOW
1181 )
1182 ),
1183
1184 'moodle/course:reset' => array(
1185
1186 'riskbitmask' => RISK_DATALOSS,
1187
1188 'captype' => 'write',
1189 'contextlevel' => CONTEXT_COURSE,
1190 'archetypes' => array(
1191 'editingteacher' => CAP_ALLOW,
1192 'manager' => CAP_ALLOW
1193 )
1194 ),
1195
1196 'moodle/course:viewsuspendedusers' => array(
1197
1198 'captype' => 'read',
1199 'contextlevel' => CONTEXT_COURSE,
1200 'archetypes' => array(
1201 'editingteacher' => CAP_ALLOW,
1202 'manager' => CAP_ALLOW
1203 )
1204 ),
1205
1206 'moodle/course:tag' => array(
1207 'riskbitmask' => RISK_SPAM,
1208 'captype' => 'write',
1209 'contextlevel' => CONTEXT_COURSE,
1210 'archetypes' => array(
1211 'manager' => CAP_ALLOW,
1212 'editingteacher' => CAP_ALLOW,
1213 ),
1214 'clonepermissionsfrom' => 'moodle/course:update'
1215 ),
1216
1217 'moodle/blog:view' => array(
1218
1219 'captype' => 'read',
1220 'contextlevel' => CONTEXT_SYSTEM,
1221 'archetypes' => array(
1222 'guest' => CAP_ALLOW,
1223 'user' => CAP_ALLOW,
1224 'student' => CAP_ALLOW,
1225 'teacher' => CAP_ALLOW,
1226 'editingteacher' => CAP_ALLOW,
1227 'manager' => CAP_ALLOW
1228 )
1229 ),
1230
1231 'moodle/blog:search' => array(
1232 'captype' => 'read',
1233 'contextlevel' => CONTEXT_SYSTEM,
1234 'archetypes' => array(
1235 'guest' => CAP_ALLOW,
1236 'user' => CAP_ALLOW,
1237 'student' => CAP_ALLOW,
1238 'teacher' => CAP_ALLOW,
1239 'editingteacher' => CAP_ALLOW,
1240 'manager' => CAP_ALLOW
1241 )
1242 ),
1243
1244 'moodle/blog:viewdrafts' => array(
1245
1246 'riskbitmask' => RISK_PERSONAL,
1247 'captype' => 'read',
1248 'contextlevel' => CONTEXT_SYSTEM,
1249 'archetypes' => array(
1250 'manager' => CAP_ALLOW
1251 )
1252 ),
1253
1254 'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1255
1256 'riskbitmask' => RISK_SPAM,
1257
1258 'captype' => 'write',
1259 'contextlevel' => CONTEXT_SYSTEM,
1260 'archetypes' => array(
1261 'user' => CAP_ALLOW,
1262 'manager' => CAP_ALLOW
1263 )
1264 ),
1265
1266 'moodle/blog:manageentries' => array(
1267
1268 'riskbitmask' => RISK_SPAM,
1269
1270 'captype' => 'write',
1271 'contextlevel' => CONTEXT_SYSTEM,
1272 'archetypes' => array(
1273 'teacher' => CAP_ALLOW,
1274 'editingteacher' => CAP_ALLOW,
1275 'manager' => CAP_ALLOW
1276 )
1277 ),
1278
1279 'moodle/blog:manageexternal' => array(
1280
1281 'riskbitmask' => RISK_SPAM,
1282
1283 'captype' => 'write',
1284 'contextlevel' => CONTEXT_SYSTEM,
1285 'archetypes' => array(
1286 'student' => CAP_ALLOW,
1287 'user' => CAP_ALLOW,
1288 'teacher' => CAP_ALLOW,
1289 'editingteacher' => CAP_ALLOW,
1290 'manager' => CAP_ALLOW
1291 )
1292 ),
1293
1294 'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1295
1296 'riskbitmask' => RISK_SPAM,
1297
1298 'captype' => 'write',
1299 'contextlevel' => CONTEXT_COURSE,
1300 'archetypes' => array(
1301 'user' => CAP_ALLOW,
1302 'manager' => CAP_ALLOW
1303 )
1304 ),
1305
1306 'moodle/calendar:managegroupentries' => array(
1307
1308 'riskbitmask' => RISK_SPAM,
1309
1310 'captype' => 'write',
1311 'contextlevel' => CONTEXT_COURSE,
1312 'archetypes' => array(
1313 'teacher' => CAP_ALLOW,
1314 'editingteacher' => CAP_ALLOW,
1315 'manager' => CAP_ALLOW
1316 )
1317 ),
1318
1319 'moodle/calendar:manageentries' => array(
1320
1321 'riskbitmask' => RISK_SPAM,
1322
1323 'captype' => 'write',
1324 'contextlevel' => CONTEXT_COURSE,
1325 'archetypes' => array(
1326 'teacher' => CAP_ALLOW,
1327 'editingteacher' => CAP_ALLOW,
1328 'manager' => CAP_ALLOW
1329 )
1330 ),
1331
1332 'moodle/user:editprofile' => array(
1333
1334 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1335
1336 'captype' => 'write',
1337 'contextlevel' => CONTEXT_USER,
1338 'archetypes' => array(
1339 'manager' => CAP_ALLOW
1340 )
1341 ),
1342
1343 'moodle/user:editownprofile' => array(
1344
1345 'riskbitmask' => RISK_SPAM,
1346
1347 'captype' => 'write',
1348 'contextlevel' => CONTEXT_SYSTEM,
1349 'archetypes' => array(
1350 'guest' => CAP_PROHIBIT,
1351 'user' => CAP_ALLOW,
1352 'manager' => CAP_ALLOW
1353 )
1354 ),
1355
1356 'moodle/user:changeownpassword' => array(
1357
1358 'captype' => 'write',
1359 'contextlevel' => CONTEXT_SYSTEM,
1360 'archetypes' => array(
1361 'guest' => CAP_PROHIBIT,
1362 'user' => CAP_ALLOW,
1363 'manager' => CAP_ALLOW
1364 )
1365 ),
1366
1367 // The next 3 might make no sense for some roles, e.g teacher, etc.
1368 // since the next level up is site. These are more for the parent role
1369 'moodle/user:readuserposts' => array(
1370
1371 'captype' => 'read',
1372 'contextlevel' => CONTEXT_USER,
1373 'archetypes' => array(
1374 'student' => CAP_ALLOW,
1375 'teacher' => CAP_ALLOW,
1376 'editingteacher' => CAP_ALLOW,
1377 'manager' => CAP_ALLOW
1378 )
1379 ),
1380
1381 'moodle/user:readuserblogs' => array(
1382
1383 'captype' => 'read',
1384 'contextlevel' => CONTEXT_USER,
1385 'archetypes' => array(
1386 'student' => CAP_ALLOW,
1387 'teacher' => CAP_ALLOW,
1388 'editingteacher' => CAP_ALLOW,
1389 'manager' => CAP_ALLOW
1390 )
1391 ),
1392
1393 // designed for parent role - not used in legacy roles
1394 'moodle/user:viewuseractivitiesreport' => array(
1395 'riskbitmask' => RISK_PERSONAL,
1396
1397 'captype' => 'read',
1398 'contextlevel' => CONTEXT_USER,
1399 'archetypes' => array(
1400 )
1401 ),
1402
1403 //capabilities designed for the new message system configuration
1404 'moodle/user:editmessageprofile' => array(
1405
1406 'riskbitmask' => RISK_SPAM,
1407
1408 'captype' => 'write',
1409 'contextlevel' => CONTEXT_USER,
1410 'archetypes' => array(
1411 'manager' => CAP_ALLOW
1412 )
1413 ),
1414
1415 'moodle/user:editownmessageprofile' => array(
1416
1417 'captype' => 'write',
1418 'contextlevel' => CONTEXT_SYSTEM,
1419 'archetypes' => array(
1420 'guest' => CAP_PROHIBIT,
1421 'user' => CAP_ALLOW,
1422 'manager' => CAP_ALLOW
1423 )
1424 ),
1425
1426 'moodle/question:managecategory' => array(
1427 'riskbitmask' => RISK_SPAM | RISK_XSS,
1428 'captype' => 'write',
1429 'contextlevel' => CONTEXT_COURSE,
1430 'archetypes' => array(
1431 'editingteacher' => CAP_ALLOW,
1432 'manager' => CAP_ALLOW
1433 )
1434 ),
1435
1436 //new in moodle 1.9
1437 'moodle/question:add' => array(
1438 'riskbitmask' => RISK_SPAM | RISK_XSS,
1439 'captype' => 'write',
1440 'contextlevel' => CONTEXT_COURSE,
1441 'archetypes' => array(
1442 'editingteacher' => CAP_ALLOW,
1443 'manager' => CAP_ALLOW
1444 ),
1445 'clonepermissionsfrom' => 'moodle/question:manage'
1446 ),
1447 'moodle/question:editmine' => array(
1448 'riskbitmask' => RISK_SPAM | RISK_XSS,
1449 'captype' => 'write',
1450 'contextlevel' => CONTEXT_COURSE,
1451 'archetypes' => array(
1452 'editingteacher' => CAP_ALLOW,
1453 'manager' => CAP_ALLOW
1454 ),
1455 'clonepermissionsfrom' => 'moodle/question:manage'
1456 ),
1457 'moodle/question:editall' => array(
1458 'riskbitmask' => RISK_SPAM | RISK_XSS,
1459 'captype' => 'write',
1460 'contextlevel' => CONTEXT_COURSE,
1461 'archetypes' => array(
1462 'editingteacher' => CAP_ALLOW,
1463 'manager' => CAP_ALLOW
1464 ),
1465 'clonepermissionsfrom' => 'moodle/question:manage'
1466 ),
1467 'moodle/question:viewmine' => array(
1468 'captype' => 'read',
1469 'contextlevel' => CONTEXT_COURSE,
1470 'archetypes' => array(
1471 'editingteacher' => CAP_ALLOW,
1472 'manager' => CAP_ALLOW
1473 ),
1474 'clonepermissionsfrom' => 'moodle/question:manage'
1475 ),
1476 'moodle/question:viewall' => array(
1477 'captype' => 'read',
1478 'contextlevel' => CONTEXT_COURSE,
1479 'archetypes' => array(
1480 'editingteacher' => CAP_ALLOW,
1481 'manager' => CAP_ALLOW
1482 ),
1483 'clonepermissionsfrom' => 'moodle/question:manage'
1484 ),
1485 'moodle/question:usemine' => array(
1486 'captype' => 'read',
1487 'contextlevel' => CONTEXT_COURSE,
1488 'archetypes' => array(
1489 'editingteacher' => CAP_ALLOW,
1490 'manager' => CAP_ALLOW
1491 ),
1492 'clonepermissionsfrom' => 'moodle/question:manage'
1493 ),
1494 'moodle/question:useall' => array(
1495 'captype' => 'read',
1496 'contextlevel' => CONTEXT_COURSE,
1497 'archetypes' => array(
1498 'editingteacher' => CAP_ALLOW,
1499 'manager' => CAP_ALLOW
1500 ),
1501 'clonepermissionsfrom' => 'moodle/question:manage'
1502 ),
1503 'moodle/question:movemine' => array(
1504 'captype' => 'write',
1505 'contextlevel' => CONTEXT_COURSE,
1506 'archetypes' => array(
1507 'editingteacher' => CAP_ALLOW,
1508 'manager' => CAP_ALLOW
1509 ),
1510 'clonepermissionsfrom' => 'moodle/question:manage'
1511 ),
1512 'moodle/question:moveall' => array(
1513 'captype' => 'write',
1514 'contextlevel' => CONTEXT_COURSE,
1515 'archetypes' => array(
1516 'editingteacher' => CAP_ALLOW,
1517 'manager' => CAP_ALLOW
1518 ),
1519 'clonepermissionsfrom' => 'moodle/question:manage'
1520 ),
1521 //END new in moodle 1.9
1522
1523 // Configure the installed question types.
1524 'moodle/question:config' => array(
1525 'riskbitmask' => RISK_CONFIG,
1526 'captype' => 'write',
1527 'contextlevel' => CONTEXT_SYSTEM,
1528 'archetypes' => array(
1529 'manager' => CAP_ALLOW
1530 )
1531 ),
1532
1533 // While attempting questions, the ability to flag particular questions for later reference.
1534 'moodle/question:flag' => array(
1535 'captype' => 'write',
1536 'contextlevel' => CONTEXT_COURSE,
1537 'archetypes' => array(
1538 'student' => CAP_ALLOW,
1539 'teacher' => CAP_ALLOW,
1540 'editingteacher' => CAP_ALLOW,
1541 'manager' => CAP_ALLOW
1542 )
1543 ),
1544
1545 // Controls whether the user can tag his own questions.
1546 'moodle/question:tagmine' => array(
1547 'captype' => 'write',
1548 'contextlevel' => CONTEXT_COURSE,
1549 'archetypes' => array(
1550 'editingteacher' => CAP_ALLOW,
1551 'manager' => CAP_ALLOW
1552 ),
1553 'clonepermissionsfrom' => 'moodle/question:editmine'
1554 ),
1555
1556 // Controls whether the user can tag all questions.
1557 'moodle/question:tagall' => array(
1558 'captype' => 'write',
1559 'contextlevel' => CONTEXT_COURSE,
1560 'archetypes' => array(
1561 'editingteacher' => CAP_ALLOW,
1562 'manager' => CAP_ALLOW
1563 ),
1564 'clonepermissionsfrom' => 'moodle/question:editall'
1565 ),
1566
1567 'moodle/site:doclinks' => array(
1568 'captype' => 'read',
1569 'contextlevel' => CONTEXT_SYSTEM,
1570 'archetypes' => array(
1571 'teacher' => CAP_ALLOW,
1572 'editingteacher' => CAP_ALLOW,
1573 'manager' => CAP_ALLOW
1574 )
1575 ),
1576
1577 'moodle/course:sectionvisibility' => array(
1578
1579 'captype' => 'write',
1580 'contextlevel' => CONTEXT_COURSE,
1581 'archetypes' => array(
1582 'editingteacher' => CAP_ALLOW,
1583 'manager' => CAP_ALLOW
1584 )
1585 ),
1586
1587 'moodle/course:useremail' => array(
1588
1589 'captype' => 'write',
1590 'contextlevel' => CONTEXT_COURSE,
1591 'archetypes' => array(
1592 'editingteacher' => CAP_ALLOW,
1593 'manager' => CAP_ALLOW
1594 )
1595 ),
1596
1597 'moodle/course:viewhiddensections' => array(
1598
1599 'captype' => 'read',
1600 'contextlevel' => CONTEXT_COURSE,
1601 'archetypes' => array(
1602 'editingteacher' => CAP_ALLOW,
1603 'manager' => CAP_ALLOW
1604 )
1605 ),
1606
1607 'moodle/course:setcurrentsection' => array(
1608
1609 'captype' => 'write',
1610 'contextlevel' => CONTEXT_COURSE,
1611 'archetypes' => array(
1612 'editingteacher' => CAP_ALLOW,
1613 'manager' => CAP_ALLOW
1614 )
1615 ),
1616
1617 'moodle/course:movesections' => array(
1618
1619 'captype' => 'write',
1620 'contextlevel' => CONTEXT_COURSE,
1621 'archetypes' => array(
1622 'editingteacher' => CAP_ALLOW,
1623 'manager' => CAP_ALLOW
1624 ),
1625 'clonepermissionsfrom' => 'moodle/course:update'
1626 ),
1627
1628 'moodle/site:mnetlogintoremote' => array(
1629
1630 'captype' => 'read',
1631 'contextlevel' => CONTEXT_SYSTEM,
1632 'archetypes' => array(
1633 )
1634 ),
1635
1636 'moodle/grade:viewall' => array(
1637 'riskbitmask' => RISK_PERSONAL,
1638 'captype' => 'read',
1639 'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1640 'archetypes' => array(
1641 'teacher' => CAP_ALLOW,
1642 'editingteacher' => CAP_ALLOW,
1643 'manager' => CAP_ALLOW
1644 ),
1645 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1646 ),
1647
1648 'moodle/grade:view' => array(
1649 'captype' => 'read',
1650 'contextlevel' => CONTEXT_COURSE,
1651 'archetypes' => array(
1652 'student' => CAP_ALLOW
1653 )
1654 ),
1655
1656 'moodle/grade:viewhidden' => array(
1657 'riskbitmask' => RISK_PERSONAL,
1658 'captype' => 'read',
1659 'contextlevel' => CONTEXT_COURSE,
1660 'archetypes' => array(
1661 'teacher' => CAP_ALLOW,
1662 'editingteacher' => CAP_ALLOW,
1663 'manager' => CAP_ALLOW
1664 ),
1665 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1666 ),
1667
1668 'moodle/grade:import' => array(
1669 'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1670 'captype' => 'write',
1671 'contextlevel' => CONTEXT_COURSE,
1672 'archetypes' => array(
1673 'editingteacher' => CAP_ALLOW,
1674 'manager' => CAP_ALLOW
1675 ),
1676 'clonepermissionsfrom' => 'moodle/course:managegrades'
1677 ),
1678
1679 'moodle/grade:export' => array(
1680 'riskbitmask' => RISK_PERSONAL,
1681 'captype' => 'read',
1682 'contextlevel' => CONTEXT_COURSE,
1683 'archetypes' => array(
1684 'teacher' => CAP_ALLOW,
1685 'editingteacher' => CAP_ALLOW,
1686 'manager' => CAP_ALLOW
1687 ),
1688 'clonepermissionsfrom' => 'moodle/course:managegrades'
1689 ),
1690
1691 'moodle/grade:manage' => array(
1692 'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1693 'captype' => 'write',
1694 'contextlevel' => CONTEXT_COURSE,
1695 'archetypes' => array(
1696 'editingteacher' => CAP_ALLOW,
1697 'manager' => CAP_ALLOW
1698 ),
1699 'clonepermissionsfrom' => 'moodle/course:managegrades'
1700 ),
1701
1702 'moodle/grade:edit' => array(
1703 'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1704 'captype' => 'write',
1705 'contextlevel' => CONTEXT_COURSE,
1706 'archetypes' => array(
1707 'editingteacher' => CAP_ALLOW,
1708 'manager' => CAP_ALLOW
1709 ),
1710 'clonepermissionsfrom' => 'moodle/course:managegrades'
1711 ),
1712
1713 // ability to define advanced grading forms in activities either from scratch
1714 // or from a shared template
1715 'moodle/grade:managegradingforms' => array(
1716 'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1717 'captype' => 'write',
1718 'contextlevel' => CONTEXT_COURSE,
1719 'archetypes' => array(
1720 'editingteacher' => CAP_ALLOW,
1721 'manager' => CAP_ALLOW
1722 ),
1723 'clonepermissionsfrom' => 'moodle/course:managegrades'
1724 ),
1725
1726 // ability to save a grading form as a new shared template and eventually edit
1727 // and remove own templates (templates originally shared by that user)
1728 'moodle/grade:sharegradingforms' => array(
1729 'riskbitmask' => RISK_XSS,
1730 'captype' => 'write',
1731 'contextlevel' => CONTEXT_SYSTEM,
1732 'archetypes' => array(
1733 'manager' => CAP_ALLOW
1734 ),
1735 ),
1736
1737 // ability to edit and remove any shared template, even those originally shared
1738 // by other users
1739 'moodle/grade:managesharedforms' => array(
1740 'riskbitmask' => RISK_XSS,
1741 'captype' => 'write',
1742 'contextlevel' => CONTEXT_SYSTEM,
1743 'archetypes' => array(
1744 'manager' => CAP_ALLOW
1745 ),
1746 ),
1747
1748 'moodle/grade:manageoutcomes' => array(
1749 'captype' => 'write',
1750 'contextlevel' => CONTEXT_COURSE,
1751 'archetypes' => array(
1752 'editingteacher' => CAP_ALLOW,
1753 'manager' => CAP_ALLOW
1754 ),
1755 'clonepermissionsfrom' => 'moodle/course:managegrades'
1756 ),
1757
1758 'moodle/grade:manageletters' => array(
1759 'captype' => 'write',
1760 'contextlevel' => CONTEXT_COURSE,
1761 'archetypes' => array(
1762 'editingteacher' => CAP_ALLOW,
1763 'manager' => CAP_ALLOW
1764 ),
1765 'clonepermissionsfrom' => 'moodle/course:managegrades'
1766 ),
1767
1768 'moodle/grade:hide' => array(
1769 'captype' => 'write',
1770 'contextlevel' => CONTEXT_COURSE,
1771 'archetypes' => array(
1772 'editingteacher' => CAP_ALLOW,
1773 'manager' => CAP_ALLOW
1774 )
1775 ),
1776
1777 'moodle/grade:lock' => array(
1778 'captype' => 'write',
1779 'contextlevel' => CONTEXT_COURSE,
1780 'archetypes' => array(
1781 'editingteacher' => CAP_ALLOW,
1782 'manager' => CAP_ALLOW
1783 )
1784 ),
1785
1786 'moodle/grade:unlock' => array(
1787 'captype' => 'write',
1788 'contextlevel' => CONTEXT_COURSE,
1789 'archetypes' => array(
1790 'editingteacher' => CAP_ALLOW,
1791 'manager' => CAP_ALLOW
1792 )
1793 ),
1794
1795 'moodle/my:manageblocks' => array(
1796 'captype' => 'write',
1797 'contextlevel' => CONTEXT_SYSTEM,
1798 'archetypes' => array(
1799 'user' => CAP_ALLOW
1800 )
1801 ),
1802
1803 'moodle/notes:view' => array(
1804 'captype' => 'read',
1805 'contextlevel' => CONTEXT_COURSE,
1806 'archetypes' => array(
1807 'teacher' => CAP_ALLOW,
1808 'editingteacher' => CAP_ALLOW,
1809 'manager' => CAP_ALLOW
1810 )
1811 ),
1812
1813 'moodle/notes:manage' => array(
1814 'riskbitmask' => RISK_SPAM,
1815
1816 'captype' => 'write',
1817 'contextlevel' => CONTEXT_COURSE,
1818 'archetypes' => array(
1819 'teacher' => CAP_ALLOW,
1820 'editingteacher' => CAP_ALLOW,
1821 'manager' => CAP_ALLOW
1822 )
1823 ),
1824
1825 'moodle/tag:manage' => array(
1826 'riskbitmask' => RISK_SPAM,
1827
1828 'captype' => 'write',
1829 'contextlevel' => CONTEXT_SYSTEM,
1830 'archetypes' => array(
1831 'manager' => CAP_ALLOW
1832 )
1833 ),
1834
1835 'moodle/tag:edit' => array(
1836 'riskbitmask' => RISK_SPAM,
1837
1838 'captype' => 'write',
1839 'contextlevel' => CONTEXT_SYSTEM,
1840 'archetypes' => array(
1841 'manager' => CAP_ALLOW
1842 )
1843 ),
1844
1845 'moodle/tag:flag' => array(
1846 'riskbitmask' => RISK_SPAM,
1847
1848 'captype' => 'write',
1849 'contextlevel' => CONTEXT_SYSTEM,
1850 'archetypes' => array(
1851 'user' => CAP_ALLOW
1852 )
1853 ),
1854
1855 'moodle/tag:editblocks' => array(
1856 'captype' => 'write',
1857 'contextlevel' => CONTEXT_SYSTEM,
1858 'archetypes' => array(
1859 'teacher' => CAP_ALLOW,
1860 'editingteacher' => CAP_ALLOW,
1861 'manager' => CAP_ALLOW
1862 )
1863 ),
1864
1865 'moodle/block:view' => array(
1866 'captype' => 'read',
1867 'contextlevel' => CONTEXT_BLOCK,
1868 'archetypes' => array(
1869 'guest' => CAP_ALLOW,
1870 'user' => CAP_ALLOW,
1871 'student' => CAP_ALLOW,
1872 'teacher' => CAP_ALLOW,
1873 'editingteacher' => CAP_ALLOW,
1874 )
1875 ),
1876
1877 'moodle/block:edit' => array(
1878 'riskbitmask' => RISK_SPAM | RISK_XSS,
1879
1880 'captype' => 'write',
1881 'contextlevel' => CONTEXT_BLOCK,
1882 'archetypes' => array(
1883 'editingteacher' => CAP_ALLOW,
1884 'manager' => CAP_ALLOW
1885 )
1886 ),
1887
1888 'moodle/portfolio:export' => array(
1889 'captype' => 'read',
1890 'contextlevel' => CONTEXT_SYSTEM,
1891 'archetypes' => array(
1892 'user' => CAP_ALLOW,
1893 'student' => CAP_ALLOW,
1894 'teacher' => CAP_ALLOW,
1895 'editingteacher' => CAP_ALLOW,
1896 )
1897 ),
1898 'moodle/comment:view' => array(
1899 'captype' => 'read',
1900 'contextlevel' => CONTEXT_COURSE,
1901 'archetypes' => array(
1902 'frontpage' => CAP_ALLOW,
1903 'guest' => CAP_ALLOW,
1904 'user' => CAP_ALLOW,
1905 'student' => CAP_ALLOW,
1906 'teacher' => CAP_ALLOW,
1907 'editingteacher' => CAP_ALLOW,
1908 'manager' => CAP_ALLOW
1909 )
1910 ),
1911 'moodle/comment:post' => array(
1912
1913 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1914 'captype' => 'write',
1915 'contextlevel' => CONTEXT_COURSE,
1916 'archetypes' => array(
1917 'user' => CAP_ALLOW,
1918 'student' => CAP_ALLOW,
1919 'teacher' => CAP_ALLOW,
1920 'editingteacher' => CAP_ALLOW,
1921 'manager' => CAP_ALLOW
1922 )
1923 ),
1924 'moodle/comment:delete' => array(
1925
1926 'riskbitmask' => RISK_DATALOSS,
1927 'captype' => 'write',
1928 'contextlevel' => CONTEXT_COURSE,
1929 'archetypes' => array(
1930 'editingteacher' => CAP_ALLOW,
1931 'manager' => CAP_ALLOW
1932 )
1933 ),
1934 'moodle/webservice:createtoken' => array(
1935
1936 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1937 'captype' => 'write',
1938 'contextlevel' => CONTEXT_SYSTEM,
1939 'archetypes' => array(
1940 'manager' => CAP_ALLOW
1941 )
1942 ),
1943 'moodle/webservice:managealltokens' => array(
1944
1945 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL,
1946 'captype' => 'write',
1947 'contextlevel' => CONTEXT_SYSTEM,
1948 'archetypes' => array()
1949 ),
1950 'moodle/webservice:createmobiletoken' => array(
1951
1952 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1953 'captype' => 'write',
1954 'contextlevel' => CONTEXT_SYSTEM,
1955 'archetypes' => array(
1956 'user' => CAP_ALLOW
1957 )
1958 ),
1959 'moodle/rating:view' => array(
1960
1961 'captype' => 'read',
1962 'contextlevel' => CONTEXT_COURSE,
1963 'archetypes' => array(
1964 'user' => CAP_ALLOW,
1965 'student' => CAP_ALLOW,
1966 'teacher' => CAP_ALLOW,
1967 'editingteacher' => CAP_ALLOW,
1968 'manager' => CAP_ALLOW
1969 )
1970 ),
1971 'moodle/rating:viewany' => array(
1972
1973 'riskbitmask' => RISK_PERSONAL,
1974 'captype' => 'read',
1975 'contextlevel' => CONTEXT_COURSE,
1976 'archetypes' => array(
1977 'user' => CAP_ALLOW,
1978 'student' => CAP_ALLOW,
1979 'teacher' => CAP_ALLOW,
1980 'editingteacher' => CAP_ALLOW,
1981 'manager' => CAP_ALLOW
1982 )
1983 ),
1984 'moodle/rating:viewall' => array(
1985
1986 'riskbitmask' => RISK_PERSONAL,
1987 'captype' => 'read',
1988 'contextlevel' => CONTEXT_COURSE,
1989 'archetypes' => array(
1990 'user' => CAP_ALLOW,
1991 'student' => CAP_ALLOW,
1992 'teacher' => CAP_ALLOW,
1993 'editingteacher' => CAP_ALLOW,
1994 'manager' => CAP_ALLOW
1995 )
1996 ),
1997 'moodle/rating:rate' => array(
1998
1999 'captype' => 'write',
2000 'contextlevel' => CONTEXT_COURSE,
2001 'archetypes' => array(
2002 'user' => CAP_ALLOW,
2003 'student' => CAP_ALLOW,
2004 'teacher' => CAP_ALLOW,
2005 'editingteacher' => CAP_ALLOW,
2006 'manager' => CAP_ALLOW
2007 )
2008 ),
2009 'moodle/course:markcomplete' => array(
2010 'captype' => 'write',
2011 'contextlevel' => CONTEXT_COURSE,
2012 'archetypes' => array(
2013 'teacher' => CAP_ALLOW,
2014 'editingteacher' => CAP_ALLOW,
2015 'manager' => CAP_ALLOW
2016 )
2017 ),
2018 'moodle/course:overridecompletion' => array(
2019 'captype' => 'write',
2020 'contextlevel' => CONTEXT_COURSE,
2021 'archetypes' => array(
2022 'teacher' => CAP_ALLOW,
2023 'editingteacher' => CAP_ALLOW,
2024 'manager' => CAP_ALLOW
2025 )
2026 ),
2027
2028 // Badges.
2029 'moodle/badges:manageglobalsettings' => array(
2030 'riskbitmask' => RISK_DATALOSS | RISK_CONFIG,
2031 'captype' => 'write',
2032 'contextlevel' => CONTEXT_SYSTEM,
2033 'archetypes' => array(
2034 'manager' => CAP_ALLOW,
2035 )
2036 ),
2037
2038 // View available badges without earning them.
2039 'moodle/badges:viewbadges' => array(
2040 'captype' => 'read',
2041 'contextlevel' => CONTEXT_COURSE,
2042 'archetypes' => array(
2043 'user' => CAP_ALLOW,
2044 )
2045 ),
2046
2047 // Manage badges on own private badges page.
2048 'moodle/badges:manageownbadges' => array(
2049 'riskbitmap' => RISK_SPAM,
2050 'captype' => 'write',
2051 'contextlevel' => CONTEXT_USER,
2052 'archetypes' => array(
2053 'user' => CAP_ALLOW
2054 )
2055 ),
2056
2057 // View public badges in other users' profiles.
2058 'moodle/badges:viewotherbadges' => array(
2059 'riskbitmap' => RISK_PERSONAL,
2060 'captype' => 'read',
2061 'contextlevel' => CONTEXT_USER,
2062 'archetypes' => array(
2063 'user' => CAP_ALLOW
2064 )
2065 ),
2066
2067 // Earn badge.
2068 'moodle/badges:earnbadge' => array(
2069 'captype' => 'write',
2070 'contextlevel' => CONTEXT_COURSE,
2071 'archetypes' => array(
2072 'user' => CAP_ALLOW,
2073 )
2074 ),
2075
2076 // Create/duplicate badges.
2077 'moodle/badges:createbadge' => array(
2078 'riskbitmask' => RISK_SPAM,
2079 'captype' => 'write',
2080 'contextlevel' => CONTEXT_COURSE,
2081 'archetypes' => array(
2082 'manager' => CAP_ALLOW,
2083 'editingteacher' => CAP_ALLOW,
2084 )
2085 ),
2086
2087 // Delete badges.
2088 'moodle/badges:deletebadge' => array(
2089 'riskbitmask' => RISK_DATALOSS,
2090 'captype' => 'write',
2091 'contextlevel' => CONTEXT_COURSE,
2092 'archetypes' => array(
2093 'manager' => CAP_ALLOW,
2094 'editingteacher' => CAP_ALLOW,
2095 )
2096 ),
2097
2098 // Set up/edit badge details.
2099 'moodle/badges:configuredetails' => array(
2100 'riskbitmask' => RISK_SPAM,
2101 'captype' => 'write',
2102 'contextlevel' => CONTEXT_COURSE,
2103 'archetypes' => array(
2104 'manager' => CAP_ALLOW,
2105 'editingteacher' => CAP_ALLOW,
2106 )
2107 ),
2108
2109 // Set up/edit criteria of earning a badge.
2110 'moodle/badges:configurecriteria' => array(
2111 'riskbitmask' => RISK_XSS,
2112 'captype' => 'write',
2113 'contextlevel' => CONTEXT_COURSE,
2114 'archetypes' => array(
2115 'manager' => CAP_ALLOW,
2116 'editingteacher' => CAP_ALLOW,
2117 )
2118 ),
2119
2120 // Configure badge messages.
2121 'moodle/badges:configuremessages' => array(
2122 'riskbitmask' => RISK_SPAM,
2123 'captype' => 'write',
2124 'contextlevel' => CONTEXT_COURSE,
2125 'archetypes' => array(
2126 'manager' => CAP_ALLOW,
2127 'editingteacher' => CAP_ALLOW,
2128 )
2129 ),
2130
2131 // Award badge to a user.
2132 'moodle/badges:awardbadge' => array(
2133 'riskbitmask' => RISK_SPAM,
2134 'captype' => 'write',
2135 'contextlevel' => CONTEXT_COURSE,
2136 'archetypes' => array(
2137 'manager' => CAP_ALLOW,
2138 'teacher' => CAP_ALLOW,
2139 'editingteacher' => CAP_ALLOW,
2140 )
2141 ),
2142
2143 // Revoke badge from a user.
2144 'moodle/badges:revokebadge' => array(
2145 'riskbitmask' => RISK_SPAM,
2146 'captype' => 'write',
2147 'contextlevel' => CONTEXT_COURSE,
2148 'archetypes' => array(
2149 'manager' => CAP_ALLOW,
2150 'teacher' => CAP_ALLOW,
2151 'editingteacher' => CAP_ALLOW,
2152 )
2153 ),
2154
2155 // View users who earned a specific badge without being able to award a badge.
2156 'moodle/badges:viewawarded' => array(
2157 'riskbitmask' => RISK_PERSONAL,
2158 'captype' => 'read',
2159 'contextlevel' => CONTEXT_COURSE,
2160 'archetypes' => array(
2161 'manager' => CAP_ALLOW,
2162 'teacher' => CAP_ALLOW,
2163 'editingteacher' => CAP_ALLOW,
2164 )
2165 ),
2166
2167 'moodle/site:forcelanguage' => array(
2168 'captype' => 'read',
2169 'contextlevel' => CONTEXT_SYSTEM,
2170 'archetypes' => array(
2171 )
2172 ),
2173
2174 // Perform site-wide search queries through the search API.
2175 'moodle/search:query' => array(
2176 'captype' => 'read',
2177 'contextlevel' => CONTEXT_SYSTEM,
2178 'archetypes' => array(
2179 'guest' => CAP_ALLOW,
2180 'user' => CAP_ALLOW,
2181 'student' => CAP_ALLOW,
2182 'teacher' => CAP_ALLOW,
2183 'editingteacher' => CAP_ALLOW,
2184 'manager' => CAP_ALLOW
2185 )
2186 ),
2187
2188 // Competencies.
2189 'moodle/competency:competencymanage' => array(
2190 'captype' => 'write',
2191 'contextlevel' => CONTEXT_COURSECAT,
2192 'archetypes' => array(
2193 'manager' => CAP_ALLOW
2194 )
2195 ),
2196 'moodle/competency:competencyview' => array(
2197 'captype' => 'read',
2198 'contextlevel' => CONTEXT_COURSECAT,
2199 'archetypes' => array(
2200 'user' => CAP_ALLOW
2201 ),
2202 ),
2203 'moodle/competency:competencygrade' => array(
2204 'captype' => 'write',
2205 'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER.
2206 'archetypes' => array(
2207 'editingteacher' => CAP_ALLOW,
2208 'teacher' => CAP_ALLOW,
2209 'manager' => CAP_ALLOW
2210 ),
2211 ),
2212 // Course competencies.
2213 'moodle/competency:coursecompetencymanage' => array(
2214 'captype' => 'write',
2215 'contextlevel' => CONTEXT_COURSE,
2216 'archetypes' => array(
2217 'editingteacher' => CAP_ALLOW,
2218 'manager' => CAP_ALLOW
2219 ),
2220 ),
2221 'moodle/competency:coursecompetencyconfigure' => array(
2222 'captype' => 'write',
2223 'contextlevel' => CONTEXT_MODULE,
2224 'archetypes' => array(
2225 'manager' => CAP_ALLOW
2226 ),
2227 ),
2228 'moodle/competency:coursecompetencygradable' => array(
2229 'captype' => 'read',
2230 'contextlevel' => CONTEXT_COURSE,
2231 'archetypes' => array(
2232 'student' => CAP_ALLOW
2233 ),
2234 'clonepermissionsfrom' => 'moodle/course:isincompletionreports'
2235 ),
2236 'moodle/competency:coursecompetencyview' => array(
2237 'captype' => 'read',
2238 'contextlevel' => CONTEXT_COURSE,
2239 'archetypes' => array(
2240 'user' => CAP_ALLOW
2241 ),
2242 ),
2243 // Evidence.
2244 'moodle/competency:evidencedelete' => array(
2245 'captype' => 'write',
2246 'contextlevel' => CONTEXT_USER,
2247 'archetypes' => array(
2248 ),
2249 'clonepermissionsfrom' => 'moodle/site:config'
2250 ),
2251 // User plans.
2252 'moodle/competency:planmanage' => array(
2253 'captype' => 'write',
2254 'contextlevel' => CONTEXT_USER,
2255 'archetypes' => array(
2256 'manager' => CAP_ALLOW
2257 ),
2258 ),
2259 'moodle/competency:planmanagedraft' => array(
2260 'captype' => 'write',
2261 'contextlevel' => CONTEXT_USER,
2262 'archetypes' => array(
2263 'manager' => CAP_ALLOW
2264 ),
2265 ),
2266 'moodle/competency:planmanageown' => array(
2267 'captype' => 'write',
2268 'contextlevel' => CONTEXT_USER,
2269 'archetypes' => array(
2270 ),
2271 ),
2272 'moodle/competency:planmanageowndraft' => array(
2273 'captype' => 'write',
2274 'contextlevel' => CONTEXT_USER,
2275 'archetypes' => array(
2276 ),
2277 ),
2278 'moodle/competency:planview' => array(
2279 'captype' => 'read',
2280 'contextlevel' => CONTEXT_USER,
2281 'archetypes' => array(
2282 'manager' => CAP_ALLOW
2283 ),
2284 ),
2285 'moodle/competency:planviewdraft' => array(
2286 'captype' => 'read',
2287 'contextlevel' => CONTEXT_USER,
2288 'archetypes' => array(
2289 'manager' => CAP_ALLOW
2290 ),
2291 ),
2292 'moodle/competency:planviewown' => array(
2293 'captype' => 'read',
2294 'contextlevel' => CONTEXT_USER,
2295 'archetypes' => array(
2296 'user' => CAP_ALLOW
2297 ),
2298 ),
2299 'moodle/competency:planviewowndraft' => array(
2300 'captype' => 'read',
2301 'contextlevel' => CONTEXT_USER,
2302 'archetypes' => array(
2303 ),
2304 ),
2305 'moodle/competency:planrequestreview' => array(
2306 'captype' => 'write',
2307 'contextlevel' => CONTEXT_USER,
2308 'archetypes' => array(
2309 'manager' => CAP_ALLOW
2310 )
2311 ),
2312 'moodle/competency:planrequestreviewown' => array(
2313 'captype' => 'write',
2314 'contextlevel' => CONTEXT_USER,
2315 'archetypes' => array(
2316 'user' => CAP_ALLOW
2317 )
2318 ),
2319 'moodle/competency:planreview' => array(
2320 'captype' => 'write',
2321 'contextlevel' => CONTEXT_USER,
2322 'archetypes' => array(
2323 'manager' => CAP_ALLOW
2324 ),
2325 ),
2326 'moodle/competency:plancomment' => array(
2327 'captype' => 'write',
2328 'contextlevel' => CONTEXT_USER,
2329 'archetypes' => array(
2330 'manager' => CAP_ALLOW
2331 ),
2332 ),
2333 'moodle/competency:plancommentown' => array(
2334 'captype' => 'write',
2335 'contextlevel' => CONTEXT_USER,
2336 'archetypes' => array(
2337 'user' => CAP_ALLOW
2338 ),
2339 ),
2340 // User competencies.
2341 'moodle/competency:usercompetencyview' => array(
2342 'captype' => 'read',
2343 'contextlevel' => CONTEXT_USER, // And CONTEXT_COURSE.
2344 'archetypes' => array(
2345 'manager' => CAP_ALLOW,
2346 'editingteacher' => CAP_ALLOW,
2347 'teacher' => CAP_ALLOW
2348 )
2349 ),
2350 'moodle/competency:usercompetencyrequestreview' => array(
2351 'captype' => 'write',
2352 'contextlevel' => CONTEXT_USER,
2353 'archetypes' => array(
2354 'manager' => CAP_ALLOW
2355 )
2356 ),
2357 'moodle/competency:usercompetencyrequestreviewown' => array(
2358 'captype' => 'write',
2359 'contextlevel' => CONTEXT_USER,
2360 'archetypes' => array(
2361 'user' => CAP_ALLOW
2362 )
2363 ),
2364 'moodle/competency:usercompetencyreview' => array(
2365 'captype' => 'write',
2366 'contextlevel' => CONTEXT_USER,
2367 'archetypes' => array(
2368 'manager' => CAP_ALLOW
2369 ),
2370 ),
2371 'moodle/competency:usercompetencycomment' => array(
2372 'captype' => 'write',
2373 'contextlevel' => CONTEXT_USER,
2374 'archetypes' => array(
2375 'manager' => CAP_ALLOW
2376 ),
2377 ),
2378 'moodle/competency:usercompetencycommentown' => array(
2379 'captype' => 'write',
2380 'contextlevel' => CONTEXT_USER,
2381 'archetypes' => array(
2382 'user' => CAP_ALLOW
2383 ),
2384 ),
2385 // Template.
2386 'moodle/competency:templatemanage' => array(
2387 'captype' => 'write',
2388 'contextlevel' => CONTEXT_COURSECAT,
2389 'archetypes' => array(
2390 'manager' => CAP_ALLOW
2391 ),
2392 ),
2393 'moodle/analytics:listinsights' => array(
2394 'riskbitmask' => RISK_PERSONAL,
2395 'captype' => 'read',
2396 'contextlevel' => CONTEXT_COURSE,
2397 'archetypes' => array(
2398 'teacher' => CAP_ALLOW,
2399 'editingteacher' => CAP_ALLOW,
2400 'manager' => CAP_ALLOW
2401 )
2402 ),
2403 'moodle/analytics:managemodels' => array(
2404 'riskbitmask' => RISK_CONFIG,
2405 'captype' => 'write',
2406 'contextlevel' => CONTEXT_SYSTEM,
2407 'archetypes' => array(
2408 'manager' => CAP_ALLOW
2409 ),
2410 ),
2411 'moodle/competency:templateview' => array(
2412 'captype' => 'read',
2413 'contextlevel' => CONTEXT_COURSECAT,
2414 'archetypes' => array(
2415 'manager' => CAP_ALLOW
2416 ),
2417 ),
2418 // User evidence.
2419 'moodle/competency:userevidencemanage' => array(
2420 'captype' => 'write',
2421 'contextlevel' => CONTEXT_USER,
2422 'archetypes' => array(
2423 'manager' => CAP_ALLOW
2424 ),
2425 ),
2426 'moodle/competency:userevidencemanageown' => array(
2427 'captype' => 'write',
2428 'contextlevel' => CONTEXT_USER,
2429 'archetypes' => array(
2430 'user' => CAP_ALLOW
2431 ),
2432 ),
2433 'moodle/competency:userevidenceview' => array(
2434 'captype' => 'read',
2435 'contextlevel' => CONTEXT_USER,
2436 'archetypes' => array(
2437 'manager' => CAP_ALLOW
2438 ),
2439 ),
2440 'moodle/site:maintenanceaccess' => array(
2441 'captype' => 'write',
2442 'contextlevel' => CONTEXT_SYSTEM,
2443 'archetypes' => array(
2444 )
2445 ),
2446 // Allow message any user, regardlesss of the privacy preferences for messaging.
2447 'moodle/site:messageanyuser' => array(
2448 'riskbitmask' => RISK_SPAM,
2449 'captype' => 'write',
2450 'contextlevel' => CONTEXT_SYSTEM,
2451 'archetypes' => array(
2452 'teacher' => CAP_ALLOW,
2453 'editingteacher' => CAP_ALLOW,
2454 'manager' => CAP_ALLOW
2455 )
2456 ),
2457
2458 // Context locking/unlocking.
2459 'moodle/site:managecontextlocks' => [
2460 'captype' => 'write',
2461 'contextlevel' => CONTEXT_MODULE,
2462 'archetypes' => [
2463 ],
2464 ],
2465
2466 // Manual completion toggling.
2467 'moodle/course:togglecompletion' => [
2468 'captype' => 'write',
2469 'contextlevel' => CONTEXT_MODULE,
2470 'archetypes' => [
2471 'user' => CAP_ALLOW,
2472 ],
2473 ],
2474
2475 'moodle/analytics:listowninsights' => array(
2476 'captype' => 'read',
2477 'contextlevel' => CONTEXT_SYSTEM,
2478 'archetypes' => array(
2479 'user' => CAP_ALLOW
2480 )
2481 ),
2482
2483 // Set display option buttons to an H5P content.
2484 'moodle/h5p:setdisplayoptions' => array(
2485 'captype' => 'write',
2486 'contextlevel' => CONTEXT_MODULE,
2487 'archetypes' => array(
2488 'editingteacher' => CAP_ALLOW,
2489 )
2490 ),
2491
2492 // Allow to deploy H5P content.
2493 'moodle/h5p:deploy' => array(
2494 'riskbitmask' => RISK_XSS,
2495 'captype' => 'write',
2496 'contextlevel' => CONTEXT_MODULE,
2497 'archetypes' => array(
2498 'manager' => CAP_ALLOW,
2499 'editingteacher' => CAP_ALLOW,
2500 )
2501 ),
2502
2503 // Allow to update H5P content-type libraries.
2504 'moodle/h5p:updatelibraries' => [
2505 'riskbitmask' => RISK_XSS,
2506 'captype' => 'write',
2507 'contextlevel' => CONTEXT_MODULE,
2508 'archetypes' => [
2509 'manager' => CAP_ALLOW,
2510 ]
2511 ],
2512
2513 // Allow users to recommend activities in the activity chooser.
2514 'moodle/course:recommendactivity' => [
2515 'captype' => 'write',
2516 'contextlevel' => CONTEXT_SYSTEM,
2517 'archetypes' => [
2518 'manager' => CAP_ALLOW,
2519 ]
2520 ],
2521
2522 // Content bank capabilities.
2523 'moodle/contentbank:access' => array(
2524 'captype' => 'read',
2525 'contextlevel' => CONTEXT_COURSE,
2526 'archetypes' => array(
2527 'manager' => CAP_ALLOW,
2528 'coursecreator' => CAP_ALLOW,
2529 'editingteacher' => CAP_ALLOW,
2530 )
2531 ),
2532
2533 'moodle/contentbank:upload' => array(
2534 'riskbitmask' => RISK_SPAM,
2535 'captype' => 'write',
2536 'contextlevel' => CONTEXT_COURSE,
2537 'archetypes' => array(
2538 'manager' => CAP_ALLOW,
2539 'coursecreator' => CAP_ALLOW,
2540 'editingteacher' => CAP_ALLOW,
2541 )
2542 ),
2543
2544 // Delete any content from the content bank.
2545 'moodle/contentbank:deleteanycontent' => [
2546 'riskbitmask' => RISK_DATALOSS,
2547 'captype' => 'write',
2548 'contextlevel' => CONTEXT_COURSE,
2549 'archetypes' => [
2550 'manager' => CAP_ALLOW,
2551 'coursecreator' => CAP_ALLOW,
2552 ]
2553 ],
2554
2555 // Delete content created by yourself.
2556 'moodle/contentbank:deleteowncontent' => [
2557 'captype' => 'write',
2558 'contextlevel' => CONTEXT_COURSE,
2559 'archetypes' => [
2560 'user' => CAP_ALLOW,
2561 ]
2562 ],
2563
2564 // Manage (rename, move, publish, share, etc.) any content from the content bank.
2565 'moodle/contentbank:manageanycontent' => [
2566 'riskbitmask' => RISK_DATALOSS,
2567 'captype' => 'write',
2568 'contextlevel' => CONTEXT_COURSE,
2569 'archetypes' => array(
2570 'manager' => CAP_ALLOW,
2571 'coursecreator' => CAP_ALLOW,
2572 )
2573 ],
2574
2575 // Manage (rename, move, publish, share, etc.) content created by yourself.
2576 'moodle/contentbank:manageowncontent' => [
2577 'captype' => 'write',
2578 'contextlevel' => CONTEXT_COURSE,
2579 'archetypes' => array(
2580 'manager' => CAP_ALLOW,
2581 'coursecreator' => CAP_ALLOW,
2582 'editingteacher' => CAP_ALLOW,
2583 )
2584 ],
2585
2586 // Allow users to create/edit content within the content bank.
2587 'moodle/contentbank:useeditor' => [
2588 'riskbitmask' => RISK_SPAM,
2589 'captype' => 'write',
2590 'contextlevel' => CONTEXT_COURSE,
2591 'archetypes' => array(
2592 'manager' => CAP_ALLOW,
2593 'coursecreator' => CAP_ALLOW,
2594 'editingteacher' => CAP_ALLOW,
2595 )
2596 ],
2597
2598 // Allow users to download content.
2599 'moodle/contentbank:downloadcontent' => [
2600 'captype' => 'read',
2601 'contextlevel' => CONTEXT_COURSE,
2602 'archetypes' => [
2603 'manager' => CAP_ALLOW,
2604 'coursecreator' => CAP_ALLOW,
2605 'editingteacher' => CAP_ALLOW,
2606 ]
2607 ],
2608
2609 // Allow users to copy content.
2610 'moodle/contentbank:copyanycontent' => [
2611 'riskbitmask' => RISK_SPAM,
2612 'captype' => 'write',
2613 'contextlevel' => CONTEXT_COURSE,
2614 'archetypes' => [
2615 'manager' => CAP_ALLOW,
2616 'coursecreator' => CAP_ALLOW,
2617 ]
2618 ],
2619
2620 // Allow users to copy content.
2621 'moodle/contentbank:copycontent' => [
2622 'riskbitmask' => RISK_SPAM,
2623 'captype' => 'write',
2624 'contextlevel' => CONTEXT_COURSE,
2625 'archetypes' => [
2626 'manager' => CAP_ALLOW,
2627 'coursecreator' => CAP_ALLOW,
2628 'editingteacher' => CAP_ALLOW,
2629 ]
2630 ],
2631
2632 // Allow users to download course content.
2633 'moodle/course:downloadcoursecontent' => [
2634 'captype' => 'read',
2635 'contextlevel' => CONTEXT_COURSE,
2636 'archetypes' => array(
2637 'student' => CAP_ALLOW,
2638 'teacher' => CAP_ALLOW,
2639 'editingteacher' => CAP_ALLOW,
2640 'manager' => CAP_ALLOW
2641 )
2642 ],
2643
2644 // Allow users to configure download course content functionality within a course, if the feature is available.
2645 'moodle/course:configuredownloadcontent' => [
2646 'captype' => 'write',
2647 'contextlevel' => CONTEXT_COURSE,
2648 'archetypes' => array(
2649 'editingteacher' => CAP_ALLOW,
2650 'manager' => CAP_ALLOW
2651 ),
2652 ],
2653
2654 // Allow to manage payment accounts.
2655 'moodle/payment:manageaccounts' => [
2656 'captype' => 'write',
2657 'riskbitmask' => RISK_PERSONAL | RISK_CONFIG | RISK_DATALOSS,
2658 'contextlevel' => CONTEXT_COURSE,
2659 'archetypes' => [],
2660 ],
2661
2662 // Allow to view payments.
2663 'moodle/payment:viewpayments' => [
2664 'captype' => 'read',
2665 'riskbitmask' => RISK_PERSONAL,
2666 'contextlevel' => CONTEXT_COURSE,
2667 'archetypes' => [],
2668 ],
2669
2670 // Allow users to view hidden content.
2671 'moodle/contentbank:viewunlistedcontent' => [
2672 'captype' => 'read',
2673 'contextlevel' => CONTEXT_COURSE,
2674 'archetypes' => [
2675 'manager' => CAP_ALLOW,
2676 'coursecreator' => CAP_ALLOW,
2677 ]
2678 ],
2679
2680 // Allow users to view custom reports.
2681 'moodle/reportbuilder:view' => [
2682 'captype' => 'read',
2683 'contextlevel' => CONTEXT_SYSTEM,
2684 'archetypes' => [
2685 'user' => CAP_ALLOW,
2686 ],
2687 ],
2688
2689 // Allow users to view all custom reports.
2690 'moodle/reportbuilder:viewall' => [
2691 'captype' => 'read',
2692 'contextlevel' => CONTEXT_SYSTEM,
2693 'archetypes' => [],
2694 ],
2695
2696 // Allow users to create/edit their own custom reports.
2697 'moodle/reportbuilder:edit' => [
2698 'captype' => 'write',
2699 'riskbitmap' => RISK_PERSONAL,
2700 'contextlevel' => CONTEXT_SYSTEM,
2701 'archetypes' => [
2702 'manager' => CAP_ALLOW,
2703 ],
2704 ],
2705
2706 // Allow users to create/edit all custom reports.
2707 'moodle/reportbuilder:editall' => [
2708 'captype' => 'write',
2709 'riskbitmap' => RISK_PERSONAL,
2710 'contextlevel' => CONTEXT_SYSTEM,
2711 'archetypes' => [],
2712 ],
2713
2714 // Allow users to schedule reports as other users.
2715 'moodle/reportbuilder:scheduleviewas' => [
2716 'captype' => 'read',
2717 'riskbitmap' => RISK_PERSONAL,
2718 'contextlevel' => CONTEXT_SYSTEM,
2719 'archetypes' => [],
2720 ],
2721
2722 // Allow users to share activities to MoodleNet.
2723 'moodle/moodlenet:shareactivity' => [
2724 'captype' => 'read',
2725 'contextlevel' => CONTEXT_COURSE,
2726 'archetypes' => [
2727 'editingteacher' => CAP_ALLOW,
2728 'manager' => CAP_ALLOW,
2729 ]
2730 ],
2731
2732 // Allow users to configure course communication rooms.
2733 'moodle/course:configurecoursecommunication' => [
2734 'captype' => 'write',
2735 'contextlevel' => CONTEXT_COURSE,
2736 'archetypes' => [
2737 'editingteacher' => CAP_ALLOW,
2738 'manager' => CAP_ALLOW,
2739 ]
2740 ],
2741
2742 // Allow users to share courses to MoodleNet.
2743 'moodle/moodlenet:sharecourse' => [
2744 'captype' => 'read',
2745 'contextlevel' => CONTEXT_COURSE,
2746 'archetypes' => [
2747 'editingteacher' => CAP_ALLOW,
2748 'manager' => CAP_ALLOW,
2749 ]
2750 ],
2751 );
Read-only mirror of the Moodle CVS