MDL-30070 message: Optimised search for users over multiple courses
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
68     'moodle/site:readallmessages' => array(
70         'riskbitmask' => RISK_PERSONAL,
72         'captype' => 'read',
73         'contextlevel' => CONTEXT_SYSTEM,
74         'archetypes' => array(
75             'manager' => CAP_ALLOW,
76             'editingteacher' => CAP_ALLOW
77         )
78     ),
80     'moodle/site:sendmessage' => array(
82         'riskbitmask' => RISK_SPAM,
84         'captype' => 'write',
85         'contextlevel' => CONTEXT_SYSTEM,
86         'archetypes' => array(
87             'manager' => CAP_ALLOW,
88             'user' => CAP_ALLOW
89         )
90     ),
92     'moodle/site:approvecourse' => array(
94         'riskbitmask' => RISK_XSS,
96         'captype' => 'write',
97         'contextlevel' => CONTEXT_SYSTEM,
98         'archetypes' => array(
99             'manager' => CAP_ALLOW
100         )
101     ),
103     'moodle/backup:backupcourse' => array(
105         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
107         'captype' => 'write',
108         'contextlevel' => CONTEXT_COURSE,
109         'archetypes' => array(
110             'editingteacher' => CAP_ALLOW,
111             'manager' => CAP_ALLOW
112         ),
114         'clonepermissionsfrom' =>  'moodle/site:backup'
115     ),
117     'moodle/backup:backupsection' => array(
119         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
121         'captype' => 'write',
122         'contextlevel' => CONTEXT_COURSE,
123         'archetypes' => array(
124             'editingteacher' => CAP_ALLOW,
125             'manager' => CAP_ALLOW
126         ),
128         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
129     ),
131     'moodle/backup:backupactivity' => array(
133         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
135         'captype' => 'write',
136         'contextlevel' => CONTEXT_MODULE,
137         'archetypes' => array(
138             'editingteacher' => CAP_ALLOW,
139             'manager' => CAP_ALLOW
140         ),
142         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
143     ),
145     'moodle/backup:backuptargethub' => array(
147         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
149         'captype' => 'write',
150         'contextlevel' => CONTEXT_COURSE,
151         'archetypes' => array(
152             'editingteacher' => CAP_ALLOW,
153             'manager' => CAP_ALLOW
154         ),
156         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
157     ),
159     'moodle/backup:backuptargetimport' => array(
161         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
163         'captype' => 'write',
164         'contextlevel' => CONTEXT_COURSE,
165         'archetypes' => array(
166             'editingteacher' => CAP_ALLOW,
167             'manager' => CAP_ALLOW
168         ),
170         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
171     ),
173     'moodle/backup:downloadfile' => array(
175         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
177         'captype' => 'write',
178         'contextlevel' => CONTEXT_COURSE,
179         'archetypes' => array(
180             'editingteacher' => CAP_ALLOW,
181             'manager' => CAP_ALLOW
182         ),
184         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
185     ),
187     'moodle/backup:configure' => array(
189         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
191         'captype' => 'write',
192         'contextlevel' => CONTEXT_COURSE,
193         'archetypes' => array(
194             'editingteacher' => CAP_ALLOW,
195             'manager' => CAP_ALLOW
196         )
197     ),
199     'moodle/backup:userinfo' => array(
201         'riskbitmask' => RISK_PERSONAL,
203         'captype' => 'read',
204         'contextlevel' => CONTEXT_COURSE,
205         'archetypes' => array(
206             'manager' => CAP_ALLOW
207         )
208     ),
210     'moodle/backup:anonymise' => array(
212         'riskbitmask' => RISK_PERSONAL,
214         'captype' => 'read',
215         'contextlevel' => CONTEXT_COURSE,
216         'archetypes' => array(
217             'manager' => CAP_ALLOW
218         )
219     ),
221     'moodle/restore:restorecourse' => array(
223         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
225         'captype' => 'write',
226         'contextlevel' => CONTEXT_COURSE,
227         'archetypes' => array(
228             'editingteacher' => CAP_ALLOW,
229             'manager' => CAP_ALLOW
230         ),
232         'clonepermissionsfrom' =>  'moodle/site:restore'
233     ),
235     'moodle/restore:restoresection' => array(
237         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
239         'captype' => 'write',
240         'contextlevel' => CONTEXT_COURSE,
241         'archetypes' => array(
242             'editingteacher' => CAP_ALLOW,
243             'manager' => CAP_ALLOW
244         ),
246         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
247     ),
249     'moodle/restore:restoreactivity' => array(
251         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
253         'captype' => 'write',
254         'contextlevel' => CONTEXT_COURSE,
255         'archetypes' => array(
256             'editingteacher' => CAP_ALLOW,
257             'manager' => CAP_ALLOW
258         ),
260         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
261     ),
263     'moodle/restore:viewautomatedfilearea' => array(
265         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
267         'captype' => 'write',
268         'contextlevel' => CONTEXT_COURSE,
269     ),
271     'moodle/restore:restoretargethub' => array(
273         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
275         'captype' => 'write',
276         'contextlevel' => CONTEXT_COURSE,
277         'archetypes' => array(
278             'editingteacher' => CAP_ALLOW,
279             'manager' => CAP_ALLOW
280         ),
282         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
283     ),
285     'moodle/restore:restoretargetimport' => array(
287         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
289         'captype' => 'write',
290         'contextlevel' => CONTEXT_COURSE,
291         'archetypes' => array(
292             'editingteacher' => CAP_ALLOW,
293             'manager' => CAP_ALLOW
294         ),
296         'clonepermissionsfrom' =>  'moodle/site:import'
297     ),
299     'moodle/restore:uploadfile' => array(
301         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
303         'captype' => 'write',
304         'contextlevel' => CONTEXT_COURSE,
305         'archetypes' => array(
306             'editingteacher' => CAP_ALLOW,
307             'manager' => CAP_ALLOW
308         ),
310         'clonepermissionsfrom' =>  'moodle/site:backupupload'
311     ),
313     'moodle/restore:configure' => array(
315         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
317         'captype' => 'write',
318         'contextlevel' => CONTEXT_COURSE,
319         'archetypes' => array(
320             'editingteacher' => CAP_ALLOW,
321             'manager' => CAP_ALLOW
322         )
323     ),
325     'moodle/restore:rolldates' => array(
327         'captype' => 'write',
328         'contextlevel' => CONTEXT_COURSE,
329         'archetypes' => array(
330             'coursecreator' => CAP_ALLOW,
331             'manager' => CAP_ALLOW
332         )
333     ),
335     'moodle/restore:userinfo' => array(
337         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
339         'captype' => 'write',
340         'contextlevel' => CONTEXT_COURSE,
341         'archetypes' => array(
342             'manager' => CAP_ALLOW
343         )
344     ),
346     'moodle/restore:createuser' => array(
348         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
350         'captype' => 'write',
351         'contextlevel' => CONTEXT_SYSTEM,
352         'archetypes' => array(
353             'manager' => CAP_ALLOW
354         )
355     ),
357     'moodle/site:manageblocks' => array(
359         'riskbitmask' => RISK_SPAM | RISK_XSS,
361         'captype' => 'write',
362         'contextlevel' => CONTEXT_BLOCK,
363         'archetypes' => array(
364             'editingteacher' => CAP_ALLOW,
365             'manager' => CAP_ALLOW
366         )
367     ),
369     'moodle/site:accessallgroups' => array(
371         'captype' => 'read',
372         'contextlevel' => CONTEXT_COURSE,
373         'archetypes' => array(
374             'teacher' => CAP_ALLOW,
375             'editingteacher' => CAP_ALLOW,
376             'manager' => CAP_ALLOW
377         )
378     ),
380     'moodle/site:viewfullnames' => array(
382         'captype' => 'read',
383         'contextlevel' => CONTEXT_COURSE,
384         'archetypes' => array(
385             'teacher' => CAP_ALLOW,
386             'editingteacher' => CAP_ALLOW,
387             'manager' => CAP_ALLOW
388         )
389     ),
391     // In reports that give lists of users, extra information about each user's
392     // identity (the fields configured in site option showuseridentity) will be
393     // displayed to users who have this capability.
394     'moodle/site:viewuseridentity' => array(
396         'captype' => 'read',
397         'contextlevel' => CONTEXT_COURSE,
398         'archetypes' => array(
399             'teacher' => CAP_ALLOW,
400             'editingteacher' => CAP_ALLOW,
401             'manager' => CAP_ALLOW
402         )
403     ),
405     'moodle/site:viewreports' => array(
407         'riskbitmask' => RISK_PERSONAL,
409         'captype' => 'read',
410         'contextlevel' => CONTEXT_COURSE,
411         'archetypes' => array(
412             'teacher' => CAP_ALLOW,
413             'editingteacher' => CAP_ALLOW,
414             'manager' => CAP_ALLOW
415         )
416     ),
418     'moodle/site:trustcontent' => array(
420         'riskbitmask' => RISK_XSS,
422         'captype' => 'write',
423         'contextlevel' => CONTEXT_COURSE,
424         'archetypes' => array(
425             'editingteacher' => CAP_ALLOW,
426             'manager' => CAP_ALLOW
427         )
428     ),
430     'moodle/site:uploadusers' => array(
432         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
434         'captype' => 'write',
435         'contextlevel' => CONTEXT_SYSTEM,
436         'archetypes' => array(
437             'manager' => CAP_ALLOW
438         )
439     ),
441     // Permission to manage filter setting overrides in subcontexts.
442     'moodle/filter:manage' => array(
444         'captype' => 'write',
445         'contextlevel' => CONTEXT_COURSE,
446         'archetypes' => array(
447             'editingteacher' => CAP_ALLOW,
448             'manager' => CAP_ALLOW,
449         )
450     ),
452     'moodle/user:create' => array(
454         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
456         'captype' => 'write',
457         'contextlevel' => CONTEXT_SYSTEM,
458         'archetypes' => array(
459             'manager' => CAP_ALLOW
460         )
461     ),
463     'moodle/user:delete' => array(
465         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
467         'captype' => 'write',
468         'contextlevel' => CONTEXT_SYSTEM,
469         'archetypes' => array(
470             'manager' => CAP_ALLOW
471         )
472     ),
474     'moodle/user:update' => array(
476         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
478         'captype' => 'write',
479         'contextlevel' => CONTEXT_SYSTEM,
480         'archetypes' => array(
481             'manager' => CAP_ALLOW
482         )
483     ),
485     'moodle/user:viewdetails' => array(
487         'captype' => 'read',
488         'contextlevel' => CONTEXT_COURSE,
489         'archetypes' => array(
490             'guest' => CAP_ALLOW,
491             'student' => CAP_ALLOW,
492             'teacher' => CAP_ALLOW,
493             'editingteacher' => CAP_ALLOW,
494             'manager' => CAP_ALLOW
495         )
496     ),
498     'moodle/user:viewalldetails' => array(
499         'riskbitmask' => RISK_PERSONAL,
500         'captype' => 'read',
501         'contextlevel' => CONTEXT_USER,
502         'archetypes' => array(
503             'manager' => CAP_ALLOW
504         ),
505         'clonepermissionsfrom' => 'moodle/user:update'
506     ),
508     'moodle/user:viewhiddendetails' => array(
510         'riskbitmask' => RISK_PERSONAL,
512         'captype' => 'read',
513         'contextlevel' => CONTEXT_COURSE,
514         'archetypes' => array(
515             'teacher' => CAP_ALLOW,
516             'editingteacher' => CAP_ALLOW,
517             'manager' => CAP_ALLOW
518         )
519     ),
521     'moodle/user:loginas' => array(
523         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
525         'captype' => 'write',
526         'contextlevel' => CONTEXT_COURSE,
527         'archetypes' => array(
528             'manager' => CAP_ALLOW
529         )
530     ),
532     // can the user manage the system default profile page?
533     'moodle/user:managesyspages' => array(
535         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
537         'captype' => 'write',
538         'contextlevel' => CONTEXT_SYSTEM,
539         'archetypes' => array(
540             'manager' => CAP_ALLOW
541         )
542     ),
544     // can the user manage another user's profile page?
545     'moodle/user:manageblocks' => array(
547         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
549         'captype' => 'write',
550         'contextlevel' => CONTEXT_USER
551     ),
553     // can the user manage their own profile page?
554     'moodle/user:manageownblocks' => array(
556         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
558         'captype' => 'write',
559         'contextlevel' => CONTEXT_SYSTEM,
560         'archetypes' => array(
561             'user' => CAP_ALLOW
562         )
563     ),
565     // can the user manage their own files?
566     'moodle/user:manageownfiles' => array(
568         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
570         'captype' => 'write',
571         'contextlevel' => CONTEXT_SYSTEM,
572         'archetypes' => array(
573             'user' => CAP_ALLOW
574         )
575     ),
577     // Can the user ignore the setting userquota?
578     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
579     'moodle/user:ignoreuserquota' => array(
580         'riskbitmap' => RISK_SPAM,
581         'captype' => 'write',
582         'contextlevel' => CONTEXT_SYSTEM,
583         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
584     ),
586     // can the user manage the system default dashboard page?
587     'moodle/my:configsyspages' => array(
589         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
591         'captype' => 'write',
592         'contextlevel' => CONTEXT_SYSTEM,
593         'archetypes' => array(
594             'manager' => CAP_ALLOW
595         )
596     ),
598     'moodle/role:assign' => array(
600         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
602         'captype' => 'write',
603         'contextlevel' => CONTEXT_COURSE,
604         'archetypes' => array(
605             'editingteacher' => CAP_ALLOW,
606             'manager' => CAP_ALLOW
607         )
608     ),
610     'moodle/role:review' => array(
612         'riskbitmask' => RISK_PERSONAL,
614         'captype' => 'read',
615         'contextlevel' => CONTEXT_COURSE,
616         'archetypes' => array(
617             'teacher' => CAP_ALLOW,
618             'editingteacher' => CAP_ALLOW,
619             'manager' => CAP_ALLOW
620         )
621     ),
623     'moodle/role:override' => array(
625         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
627         'captype' => 'write',
628         'contextlevel' => CONTEXT_COURSE,
629         'archetypes' => array(
630             'manager' => CAP_ALLOW
631         )
632     ),
634     'moodle/role:safeoverride' => array(
636         'riskbitmask' => RISK_SPAM,
638         'captype' => 'write',
639         'contextlevel' => CONTEXT_COURSE,
640         'archetypes' => array(
641             'editingteacher' => CAP_ALLOW
642         )
643     ),
645     'moodle/role:manage' => array(
647         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
649         'captype' => 'write',
650         'contextlevel' => CONTEXT_SYSTEM,
651         'archetypes' => array(
652             'manager' => CAP_ALLOW
653         )
654     ),
656     'moodle/role:switchroles' => array(
658         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
660         'captype' => 'read',
661         'contextlevel' => CONTEXT_COURSE,
662         'archetypes' => array(
663             'editingteacher' => CAP_ALLOW,
664             'manager' => CAP_ALLOW
665         )
666     ),
668     // Create, update and delete course categories. (Deleting a course category
669     // does not let you delete the courses it contains, unless you also have
670     // moodle/course: delete.) Creating and deleting requires this permission in
671     // the parent category.
672     'moodle/category:manage' => array(
674         'riskbitmask' => RISK_XSS,
676         'captype' => 'write',
677         'contextlevel' => CONTEXT_COURSECAT,
678         'archetypes' => array(
679             'manager' => CAP_ALLOW
680         ),
681         'clonepermissionsfrom' => 'moodle/category:update'
682     ),
684     'moodle/category:viewhiddencategories' => array(
686         'captype' => 'read',
687         'contextlevel' => CONTEXT_COURSECAT,
688         'archetypes' => array(
689             'coursecreator' => CAP_ALLOW,
690             'manager' => CAP_ALLOW
691         ),
692         'clonepermissionsfrom' => 'moodle/category:visibility'
693     ),
695     // create, delete, move cohorts in system and course categories,
696     // (cohorts with component !== null can be only moved)
697     'moodle/cohort:manage' => array(
699         'captype' => 'write',
700         'contextlevel' => CONTEXT_COURSECAT,
701         'archetypes' => array(
702             'manager' => CAP_ALLOW
703         )
704     ),
706     // add and remove cohort members (only for cohorts where component !== null)
707     'moodle/cohort:assign' => array(
709         'captype' => 'write',
710         'contextlevel' => CONTEXT_COURSECAT,
711         'archetypes' => array(
712             'manager' => CAP_ALLOW
713         )
714     ),
716     // view members of a cohort, this can be used in course context too,
717     // this also controls the ability to actually use cohort
718     'moodle/cohort:view' => array(
720         'captype' => 'read',
721         'contextlevel' => CONTEXT_COURSE,
722         'archetypes' => array(
723             'editingteacher' => CAP_ALLOW,
724             'manager' => CAP_ALLOW
725         )
726     ),
728     'moodle/course:create' => array(
730         'riskbitmask' => RISK_XSS,
732         'captype' => 'write',
733         'contextlevel' => CONTEXT_COURSECAT,
734         'archetypes' => array(
735             'coursecreator' => CAP_ALLOW,
736             'manager' => CAP_ALLOW
737         )
738     ),
740     'moodle/course:request' => array(
741         'captype' => 'write',
742         'contextlevel' => CONTEXT_SYSTEM,
743         'archetypes' => array(
744             'user' => CAP_ALLOW,
745         )
746     ),
748     'moodle/course:delete' => array(
750         'riskbitmask' => RISK_DATALOSS,
752         'captype' => 'write',
753         'contextlevel' => CONTEXT_COURSE,
754         'archetypes' => array(
755             'manager' => CAP_ALLOW
756         )
757     ),
759     'moodle/course:update' => array(
761         'riskbitmask' => RISK_XSS,
763         'captype' => 'write',
764         'contextlevel' => CONTEXT_COURSE,
765         'archetypes' => array(
766             'editingteacher' => CAP_ALLOW,
767             'manager' => CAP_ALLOW
768         )
769     ),
771     'moodle/course:view' => array(
773         'captype' => 'read',
774         'contextlevel' => CONTEXT_COURSE,
775         'archetypes' => array(
776             'manager' => CAP_ALLOW,
777         )
778     ),
780     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
781     'moodle/course:enrolreview' => array(
783         'riskbitmask' => RISK_PERSONAL,
785         'captype' => 'read',
786         'contextlevel' => CONTEXT_COURSE,
787         'archetypes' => array(
788             'editingteacher' => CAP_ALLOW,
789             'manager' => CAP_ALLOW,
790         )
791     ),
793     /* add, remove, hide enrol instances in courses */
794     'moodle/course:enrolconfig' => array(
796         'riskbitmask' => RISK_PERSONAL,
798         'captype' => 'write',
799         'contextlevel' => CONTEXT_COURSE,
800         'archetypes' => array(
801             'editingteacher' => CAP_ALLOW,
802             'manager' => CAP_ALLOW,
803         )
804     ),
806     'moodle/course:bulkmessaging' => array(
808         'riskbitmask' => RISK_SPAM,
810         'captype' => 'write',
811         'contextlevel' => CONTEXT_COURSE,
812         'archetypes' => array(
813             'teacher' => CAP_ALLOW,
814             'editingteacher' => CAP_ALLOW,
815             'manager' => CAP_ALLOW
816         )
817     ),
819     'moodle/course:viewhiddenuserfields' => array(
821         'riskbitmask' => RISK_PERSONAL,
823         'captype' => 'read',
824         'contextlevel' => CONTEXT_COURSE,
825         'archetypes' => array(
826             'teacher' => CAP_ALLOW,
827             'editingteacher' => CAP_ALLOW,
828             'manager' => CAP_ALLOW
829         )
830     ),
832     'moodle/course:viewhiddencourses' => array(
834         'captype' => 'read',
835         'contextlevel' => CONTEXT_COURSE,
836         'archetypes' => array(
837             'coursecreator' => CAP_ALLOW,
838             'teacher' => CAP_ALLOW,
839             'editingteacher' => CAP_ALLOW,
840             'manager' => CAP_ALLOW
841         )
842     ),
844     'moodle/course:visibility' => array(
846         'captype' => 'write',
847         'contextlevel' => CONTEXT_COURSE,
848         'archetypes' => array(
849             'editingteacher' => CAP_ALLOW,
850             'manager' => CAP_ALLOW
851         )
852     ),
854     'moodle/course:managefiles' => array(
856         'riskbitmask' => RISK_XSS,
858         'captype' => 'write',
859         'contextlevel' => CONTEXT_COURSE,
860         'archetypes' => array(
861             'editingteacher' => CAP_ALLOW,
862             'manager' => CAP_ALLOW
863         )
864     ),
866     'moodle/course:ignorefilesizelimits' => array(
868         'captype' => 'write',
869         'contextlevel' => CONTEXT_COURSE,
870         'archetypes' => array(
871         )
872     ),
874     'moodle/course:manageactivities' => array(
876         'riskbitmask' => RISK_XSS,
878         'captype' => 'write',
879         'contextlevel' => CONTEXT_MODULE,
880         'archetypes' => array(
881             'editingteacher' => CAP_ALLOW,
882             'manager' => CAP_ALLOW
883         )
884     ),
886     'moodle/course:activityvisibility' => array(
888         'captype' => 'write',
889         'contextlevel' => CONTEXT_MODULE,
890         'archetypes' => array(
891             'editingteacher' => CAP_ALLOW,
892             'manager' => CAP_ALLOW
893         )
894     ),
896     'moodle/course:viewhiddenactivities' => array(
898         'captype' => 'write',
899         'contextlevel' => CONTEXT_MODULE,
900         'archetypes' => array(
901             'teacher' => CAP_ALLOW,
902             'editingteacher' => CAP_ALLOW,
903             'manager' => CAP_ALLOW
904         )
905     ),
907     'moodle/course:viewparticipants' => array(
909         'captype' => 'read',
910         'contextlevel' => CONTEXT_COURSE,
911         'archetypes' => array(
912             'student' => CAP_ALLOW,
913             'teacher' => CAP_ALLOW,
914             'editingteacher' => CAP_ALLOW,
915             'manager' => CAP_ALLOW
916         )
917     ),
919     'moodle/course:changefullname' => array(
921         'riskbitmask' => RISK_XSS,
923         'captype' => 'write',
924         'contextlevel' => CONTEXT_COURSE,
925         'archetypes' => array(
926             'editingteacher' => CAP_ALLOW,
927             'manager' => CAP_ALLOW
928         ),
929         'clonepermissionsfrom' => 'moodle/course:update'
930     ),
932     'moodle/course:changeshortname' => array(
934         'riskbitmask' => RISK_XSS,
936         'captype' => 'write',
937         'contextlevel' => CONTEXT_COURSE,
938         'archetypes' => array(
939             'editingteacher' => CAP_ALLOW,
940             'manager' => CAP_ALLOW
941         ),
942         'clonepermissionsfrom' => 'moodle/course:update'
943     ),
945     'moodle/course:changeidnumber' => array(
947         'riskbitmask' => RISK_XSS,
949         'captype' => 'write',
950         'contextlevel' => CONTEXT_COURSE,
951         'archetypes' => array(
952             'editingteacher' => CAP_ALLOW,
953             'manager' => CAP_ALLOW
954         ),
955         'clonepermissionsfrom' => 'moodle/course:update'
956     ),
957     'moodle/course:changecategory' => array(
958         'riskbitmask' => RISK_XSS,
960         'captype' => 'write',
961         'contextlevel' => CONTEXT_COURSE,
962         'archetypes' => array(
963             'editingteacher' => CAP_ALLOW,
964             'manager' => CAP_ALLOW
965         ),
966         'clonepermissionsfrom' => 'moodle/course:update'
967     ),
969     'moodle/course:changesummary' => array(
970         'riskbitmask' => RISK_XSS,
972         'captype' => 'write',
973         'contextlevel' => CONTEXT_COURSE,
974         'archetypes' => array(
975             'editingteacher' => CAP_ALLOW,
976             'manager' => CAP_ALLOW
977         ),
978         'clonepermissionsfrom' => 'moodle/course:update'
979     ),
982     'moodle/site:viewparticipants' => array(
984         'captype' => 'read',
985         'contextlevel' => CONTEXT_SYSTEM,
986         'archetypes' => array(
987             'manager' => CAP_ALLOW
988         )
989     ),
991     'moodle/course:isincompletionreports' => array(
992         'captype' => 'read',
993         'contextlevel' => CONTEXT_COURSE,
994         'archetypes' => array(
995             'student' => CAP_ALLOW,
996         ),
997     ),
999     'moodle/course:viewscales' => array(
1001         'captype' => 'read',
1002         'contextlevel' => CONTEXT_COURSE,
1003         'archetypes' => array(
1004             'student' => CAP_ALLOW,
1005             'teacher' => CAP_ALLOW,
1006             'editingteacher' => CAP_ALLOW,
1007             'manager' => CAP_ALLOW
1008         )
1009     ),
1011     'moodle/course:managescales' => array(
1013         'captype' => 'write',
1014         'contextlevel' => CONTEXT_COURSE,
1015         'archetypes' => array(
1016             'editingteacher' => CAP_ALLOW,
1017             'manager' => CAP_ALLOW
1018         )
1019     ),
1021     'moodle/course:managegroups' => array(
1023         'captype' => 'write',
1024         'contextlevel' => CONTEXT_COURSE,
1025         'archetypes' => array(
1026             'editingteacher' => CAP_ALLOW,
1027             'manager' => CAP_ALLOW
1028         )
1029     ),
1031     'moodle/course:reset' => array(
1033         'riskbitmask' => RISK_DATALOSS,
1035         'captype' => 'write',
1036         'contextlevel' => CONTEXT_COURSE,
1037         'archetypes' => array(
1038             'editingteacher' => CAP_ALLOW,
1039             'manager' => CAP_ALLOW
1040         )
1041     ),
1043     'moodle/blog:view' => array(
1045         'captype' => 'read',
1046         'contextlevel' => CONTEXT_SYSTEM,
1047         'archetypes' => array(
1048             'guest' => CAP_ALLOW,
1049             'user' => CAP_ALLOW,
1050             'student' => CAP_ALLOW,
1051             'teacher' => CAP_ALLOW,
1052             'editingteacher' => CAP_ALLOW,
1053             'manager' => CAP_ALLOW
1054         )
1055     ),
1057     'moodle/blog:search' => array(
1058         'captype' => 'read',
1059         'contextlevel' => CONTEXT_SYSTEM,
1060         'archetypes' => array(
1061             'guest' => CAP_ALLOW,
1062             'user' => CAP_ALLOW,
1063             'student' => CAP_ALLOW,
1064             'teacher' => CAP_ALLOW,
1065             'editingteacher' => CAP_ALLOW,
1066             'manager' => CAP_ALLOW
1067         )
1068     ),
1070     'moodle/blog:viewdrafts' => array(
1072         'riskbitmask' => RISK_PERSONAL,
1073         'captype' => 'read',
1074         'contextlevel' => CONTEXT_SYSTEM,
1075         'archetypes' => array(
1076             'manager' => CAP_ALLOW
1077         )
1078     ),
1080     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1082         'riskbitmask' => RISK_SPAM,
1084         'captype' => 'write',
1085         'contextlevel' => CONTEXT_SYSTEM,
1086         'archetypes' => array(
1087             'user' => CAP_ALLOW,
1088             'manager' => CAP_ALLOW
1089         )
1090     ),
1092     'moodle/blog:manageentries' => array(
1094         'riskbitmask' => RISK_SPAM,
1096         'captype' => 'write',
1097         'contextlevel' => CONTEXT_SYSTEM,
1098         'archetypes' => array(
1099             'teacher' => CAP_ALLOW,
1100             'editingteacher' => CAP_ALLOW,
1101             'manager' => CAP_ALLOW
1102         )
1103     ),
1105     'moodle/blog:manageexternal' => array(
1107         'riskbitmask' => RISK_SPAM,
1109         'captype' => 'write',
1110         'contextlevel' => CONTEXT_SYSTEM,
1111         'archetypes' => array(
1112             'student' => CAP_ALLOW,
1113             'user' => CAP_ALLOW,
1114             'teacher' => CAP_ALLOW,
1115             'editingteacher' => CAP_ALLOW,
1116             'manager' => CAP_ALLOW
1117         )
1118     ),
1120     'moodle/blog:associatecourse' => array(
1122         'captype' => 'write',
1123         'contextlevel' => CONTEXT_COURSE,
1124         'archetypes' => array(
1125             'student' => CAP_ALLOW,
1126             'user' => CAP_ALLOW,
1127             'teacher' => CAP_ALLOW,
1128             'editingteacher' => CAP_ALLOW,
1129             'manager' => CAP_ALLOW
1130         )
1131     ),
1133     'moodle/blog:associatemodule' => array(
1135         'captype' => 'write',
1136         'contextlevel' => CONTEXT_MODULE,
1137         'archetypes' => array(
1138             'student' => CAP_ALLOW,
1139             'user' => CAP_ALLOW,
1140             'teacher' => CAP_ALLOW,
1141             'editingteacher' => CAP_ALLOW,
1142             'manager' => CAP_ALLOW
1143         )
1144     ),
1146     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1148         'riskbitmask' => RISK_SPAM,
1150         'captype' => 'write',
1151         'contextlevel' => CONTEXT_COURSE,
1152         'archetypes' => array(
1153             'user' => CAP_ALLOW,
1154             'manager' => CAP_ALLOW
1155         )
1156     ),
1158     'moodle/calendar:managegroupentries' => array(
1160         'riskbitmask' => RISK_SPAM,
1162         'captype' => 'write',
1163         'contextlevel' => CONTEXT_COURSE,
1164         'archetypes' => array(
1165             'teacher' => CAP_ALLOW,
1166             'editingteacher' => CAP_ALLOW,
1167             'manager' => CAP_ALLOW
1168         )
1169     ),
1171     'moodle/calendar:manageentries' => array(
1173         'riskbitmask' => RISK_SPAM,
1175         'captype' => 'write',
1176         'contextlevel' => CONTEXT_COURSE,
1177         'archetypes' => array(
1178             'teacher' => CAP_ALLOW,
1179             'editingteacher' => CAP_ALLOW,
1180             'manager' => CAP_ALLOW
1181         )
1182     ),
1184     'moodle/user:editprofile' => array(
1186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1188         'captype' => 'write',
1189         'contextlevel' => CONTEXT_USER,
1190         'archetypes' => array(
1191             'manager' => CAP_ALLOW
1192         )
1193     ),
1195     'moodle/user:editownprofile' => array(
1197         'riskbitmask' => RISK_SPAM,
1199         'captype' => 'write',
1200         'contextlevel' => CONTEXT_SYSTEM,
1201         'archetypes' => array(
1202             'guest' => CAP_PROHIBIT,
1203             'user' => CAP_ALLOW,
1204             'manager' => CAP_ALLOW
1205         )
1206     ),
1208     'moodle/user:changeownpassword' => array(
1210         'captype' => 'write',
1211         'contextlevel' => CONTEXT_SYSTEM,
1212         'archetypes' => array(
1213             'guest' => CAP_PROHIBIT,
1214             'user' => CAP_ALLOW,
1215             'manager' => CAP_ALLOW
1216         )
1217     ),
1219     // The next 3 might make no sense for some roles, e.g teacher, etc.
1220     // since the next level up is site. These are more for the parent role
1221     'moodle/user:readuserposts' => array(
1223         'captype' => 'read',
1224         'contextlevel' => CONTEXT_USER,
1225         'archetypes' => array(
1226             'student' => CAP_ALLOW,
1227             'teacher' => CAP_ALLOW,
1228             'editingteacher' => CAP_ALLOW,
1229             'manager' => CAP_ALLOW
1230         )
1231     ),
1233     'moodle/user:readuserblogs' => array(
1235         'captype' => 'read',
1236         'contextlevel' => CONTEXT_USER,
1237         'archetypes' => array(
1238             'student' => CAP_ALLOW,
1239             'teacher' => CAP_ALLOW,
1240             'editingteacher' => CAP_ALLOW,
1241             'manager' => CAP_ALLOW
1242         )
1243     ),
1245     // designed for parent role - not used in legacy roles
1246     'moodle/user:viewuseractivitiesreport' => array(
1247         'riskbitmask' => RISK_PERSONAL,
1249         'captype' => 'read',
1250         'contextlevel' => CONTEXT_USER,
1251         'archetypes' => array(
1252         )
1253     ),
1255     //capabilities designed for the new message system configuration
1256     'moodle/user:editmessageprofile' => array(
1258          'riskbitmask' => RISK_SPAM,
1260          'captype' => 'write',
1261          'contextlevel' => CONTEXT_USER,
1262          'archetypes' => array(
1263              'manager' => CAP_ALLOW
1264          )
1265      ),
1267      'moodle/user:editownmessageprofile' => array(
1269          'captype' => 'write',
1270          'contextlevel' => CONTEXT_SYSTEM,
1271          'archetypes' => array(
1272              'guest' => CAP_PROHIBIT,
1273              'user' => CAP_ALLOW,
1274              'manager' => CAP_ALLOW
1275          )
1276      ),
1278     'moodle/question:managecategory' => array(
1279         'riskbitmask' => RISK_SPAM | RISK_XSS,
1280         'captype' => 'write',
1281         'contextlevel' => CONTEXT_COURSE,
1282         'archetypes' => array(
1283             'editingteacher' => CAP_ALLOW,
1284             'manager' => CAP_ALLOW
1285         )
1286     ),
1288     //new in moodle 1.9
1289     'moodle/question:add' => array(
1290         'riskbitmask' => RISK_SPAM | RISK_XSS,
1291         'captype' => 'write',
1292         'contextlevel' => CONTEXT_COURSE,
1293         'archetypes' => array(
1294             'editingteacher' => CAP_ALLOW,
1295             'manager' => CAP_ALLOW
1296         ),
1297         'clonepermissionsfrom' =>  'moodle/question:manage'
1298     ),
1299     'moodle/question:editmine' => array(
1300         'riskbitmask' => RISK_SPAM | RISK_XSS,
1301         'captype' => 'write',
1302         'contextlevel' => CONTEXT_COURSE,
1303         'archetypes' => array(
1304             'editingteacher' => CAP_ALLOW,
1305             'manager' => CAP_ALLOW
1306         ),
1307         'clonepermissionsfrom' =>  'moodle/question:manage'
1308     ),
1309     'moodle/question:editall' => array(
1310         'riskbitmask' => RISK_SPAM | RISK_XSS,
1311         'captype' => 'write',
1312         'contextlevel' => CONTEXT_COURSE,
1313         'archetypes' => array(
1314             'editingteacher' => CAP_ALLOW,
1315             'manager' => CAP_ALLOW
1316         ),
1317         'clonepermissionsfrom' =>  'moodle/question:manage'
1318     ),
1319     'moodle/question:viewmine' => array(
1320         'captype' => 'read',
1321         'contextlevel' => CONTEXT_COURSE,
1322         'archetypes' => array(
1323             'editingteacher' => CAP_ALLOW,
1324             'manager' => CAP_ALLOW
1325         ),
1326         'clonepermissionsfrom' =>  'moodle/question:manage'
1327     ),
1328     'moodle/question:viewall' => array(
1329         'captype' => 'read',
1330         'contextlevel' => CONTEXT_COURSE,
1331         'archetypes' => array(
1332             'editingteacher' => CAP_ALLOW,
1333             'manager' => CAP_ALLOW
1334         ),
1335         'clonepermissionsfrom' =>  'moodle/question:manage'
1336     ),
1337     'moodle/question:usemine' => array(
1338         'captype' => 'read',
1339         'contextlevel' => CONTEXT_COURSE,
1340         'archetypes' => array(
1341             'editingteacher' => CAP_ALLOW,
1342             'manager' => CAP_ALLOW
1343         ),
1344         'clonepermissionsfrom' =>  'moodle/question:manage'
1345     ),
1346     'moodle/question:useall' => array(
1347         'captype' => 'read',
1348         'contextlevel' => CONTEXT_COURSE,
1349         'archetypes' => array(
1350             'editingteacher' => CAP_ALLOW,
1351             'manager' => CAP_ALLOW
1352         ),
1353         'clonepermissionsfrom' =>  'moodle/question:manage'
1354     ),
1355     'moodle/question:movemine' => array(
1356         'captype' => 'write',
1357         'contextlevel' => CONTEXT_COURSE,
1358         'archetypes' => array(
1359             'editingteacher' => CAP_ALLOW,
1360             'manager' => CAP_ALLOW
1361         ),
1362         'clonepermissionsfrom' =>  'moodle/question:manage'
1363     ),
1364     'moodle/question:moveall' => array(
1365         'captype' => 'write',
1366         'contextlevel' => CONTEXT_COURSE,
1367         'archetypes' => array(
1368             'editingteacher' => CAP_ALLOW,
1369             'manager' => CAP_ALLOW
1370         ),
1371         'clonepermissionsfrom' =>  'moodle/question:manage'
1372     ),
1373     //END new in moodle 1.9
1375     // Configure the installed question types.
1376     'moodle/question:config' => array(
1377         'riskbitmask' => RISK_CONFIG,
1378         'captype' => 'write',
1379         'contextlevel' => CONTEXT_SYSTEM,
1380         'archetypes' => array(
1381             'manager' => CAP_ALLOW
1382         )
1383     ),
1385     // While attempting questions, the ability to flag particular questions for later reference.
1386     'moodle/question:flag' => array(
1387         'captype' => 'write',
1388         'contextlevel' => CONTEXT_COURSE,
1389         'archetypes' => array(
1390             'student' => CAP_ALLOW,
1391             'teacher' => CAP_ALLOW,
1392             'editingteacher' => CAP_ALLOW,
1393             'manager' => CAP_ALLOW
1394         )
1395     ),
1397     'moodle/site:doclinks' => array(
1398         'captype' => 'read',
1399         'contextlevel' => CONTEXT_SYSTEM,
1400         'archetypes' => array(
1401             'teacher' => CAP_ALLOW,
1402             'editingteacher' => CAP_ALLOW,
1403             'manager' => CAP_ALLOW
1404         )
1405     ),
1407     'moodle/course:sectionvisibility' => array(
1409         'captype' => 'write',
1410         'contextlevel' => CONTEXT_COURSE,
1411         'archetypes' => array(
1412             'editingteacher' => CAP_ALLOW,
1413             'manager' => CAP_ALLOW
1414         )
1415     ),
1417     'moodle/course:useremail' => array(
1419         'captype' => 'write',
1420         'contextlevel' => CONTEXT_COURSE,
1421         'archetypes' => array(
1422             'editingteacher' => CAP_ALLOW,
1423             'manager' => CAP_ALLOW
1424         )
1425     ),
1427     'moodle/course:viewhiddensections' => array(
1429         'captype' => 'write',
1430         'contextlevel' => CONTEXT_COURSE,
1431         'archetypes' => array(
1432             'editingteacher' => CAP_ALLOW,
1433             'manager' => CAP_ALLOW
1434         )
1435     ),
1437     'moodle/course:setcurrentsection' => array(
1439         'captype' => 'write',
1440         'contextlevel' => CONTEXT_COURSE,
1441         'archetypes' => array(
1442             'editingteacher' => CAP_ALLOW,
1443             'manager' => CAP_ALLOW
1444         )
1445     ),
1447     'moodle/course:movesections' => array(
1449         'captype' => 'write',
1450         'contextlevel' => CONTEXT_COURSE,
1451         'archetypes' => array(
1452             'editingteacher' => CAP_ALLOW,
1453             'manager' => CAP_ALLOW
1454         ),
1455         'clonepermissionsfrom' => 'moodle/course:update'
1456     ),
1458     'moodle/site:mnetlogintoremote' => array(
1460         'captype' => 'read',
1461         'contextlevel' => CONTEXT_SYSTEM,
1462         'archetypes' => array(
1463         )
1464     ),
1466     'moodle/grade:viewall' => array(
1467         'riskbitmask' => RISK_PERSONAL,
1468         'captype' => 'read',
1469         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1470         'archetypes' => array(
1471             'teacher' => CAP_ALLOW,
1472             'editingteacher' => CAP_ALLOW,
1473             'manager' => CAP_ALLOW
1474         ),
1475         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1476     ),
1478     'moodle/grade:view' => array(
1479         'captype' => 'read',
1480         'contextlevel' => CONTEXT_COURSE,
1481         'archetypes' => array(
1482             'student' => CAP_ALLOW
1483         )
1484     ),
1486     'moodle/grade:viewhidden' => array(
1487         'riskbitmask' => RISK_PERSONAL,
1488         'captype' => 'read',
1489         'contextlevel' => CONTEXT_COURSE,
1490         'archetypes' => array(
1491             'teacher' => CAP_ALLOW,
1492             'editingteacher' => CAP_ALLOW,
1493             'manager' => CAP_ALLOW
1494         ),
1495         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1496     ),
1498     'moodle/grade:import' => array(
1499         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1500         'captype' => 'write',
1501         'contextlevel' => CONTEXT_COURSE,
1502         'archetypes' => array(
1503             'editingteacher' => CAP_ALLOW,
1504             'manager' => CAP_ALLOW
1505         ),
1506         'clonepermissionsfrom' => 'moodle/course:managegrades'
1507     ),
1509     'moodle/grade:export' => array(
1510         'riskbitmask' => RISK_PERSONAL,
1511         'captype' => 'read',
1512         'contextlevel' => CONTEXT_COURSE,
1513         'archetypes' => array(
1514             'teacher' => CAP_ALLOW,
1515             'editingteacher' => CAP_ALLOW,
1516             'manager' => CAP_ALLOW
1517         ),
1518         'clonepermissionsfrom' => 'moodle/course:managegrades'
1519     ),
1521     'moodle/grade:manage' => array(
1522         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1523         'captype' => 'write',
1524         'contextlevel' => CONTEXT_COURSE,
1525         'archetypes' => array(
1526             'editingteacher' => CAP_ALLOW,
1527             'manager' => CAP_ALLOW
1528         ),
1529         'clonepermissionsfrom' => 'moodle/course:managegrades'
1530     ),
1532     'moodle/grade:edit' => array(
1533         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1534         'captype' => 'write',
1535         'contextlevel' => CONTEXT_COURSE,
1536         'archetypes' => array(
1537             'editingteacher' => CAP_ALLOW,
1538             'manager' => CAP_ALLOW
1539         ),
1540         'clonepermissionsfrom' => 'moodle/course:managegrades'
1541     ),
1543     // ability to define advanced grading forms in activities either from scratch
1544     // or from a shared template
1545     'moodle/grade:managegradingforms' => array(
1546         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1547         'captype' => 'write',
1548         'contextlevel' => CONTEXT_COURSE,
1549         'archetypes' => array(
1550             'editingteacher' => CAP_ALLOW,
1551             'manager' => CAP_ALLOW
1552         ),
1553         'clonepermissionsfrom' => 'moodle/course:managegrades'
1554     ),
1556     // ability to save a grading form as a new shared template and eventually edit
1557     // and remove own templates (templates originally shared by that user)
1558     'moodle/grade:sharegradingforms' => array(
1559         'riskbitmask' => RISK_XSS,
1560         'captype' => 'write',
1561         'contextlevel' => CONTEXT_SYSTEM,
1562         'archetypes' => array(
1563             'manager' => CAP_ALLOW
1564         ),
1565     ),
1567     // ability to edit and remove any shared template, even those originally shared
1568     // by other users
1569     'moodle/grade:managesharedforms' => array(
1570         'riskbitmask' => RISK_XSS,
1571         'captype' => 'write',
1572         'contextlevel' => CONTEXT_SYSTEM,
1573         'archetypes' => array(
1574             'manager' => CAP_ALLOW
1575         ),
1576     ),
1578     'moodle/grade:manageoutcomes' => array(
1579         'captype' => 'write',
1580         'contextlevel' => CONTEXT_COURSE,
1581         'archetypes' => array(
1582             'editingteacher' => CAP_ALLOW,
1583             'manager' => CAP_ALLOW
1584         ),
1585         'clonepermissionsfrom' => 'moodle/course:managegrades'
1586     ),
1588     'moodle/grade:manageletters' => array(
1589         'captype' => 'write',
1590         'contextlevel' => CONTEXT_COURSE,
1591         'archetypes' => array(
1592             'editingteacher' => CAP_ALLOW,
1593             'manager' => CAP_ALLOW
1594         ),
1595         'clonepermissionsfrom' => 'moodle/course:managegrades'
1596     ),
1598     'moodle/grade:hide' => array(
1599         'captype' => 'write',
1600         'contextlevel' => CONTEXT_COURSE,
1601         'archetypes' => array(
1602             'editingteacher' => CAP_ALLOW,
1603             'manager' => CAP_ALLOW
1604         )
1605     ),
1607     'moodle/grade:lock' => array(
1608         'captype' => 'write',
1609         'contextlevel' => CONTEXT_COURSE,
1610         'archetypes' => array(
1611             'editingteacher' => CAP_ALLOW,
1612             'manager' => CAP_ALLOW
1613         )
1614     ),
1616     'moodle/grade:unlock' => array(
1617         'captype' => 'write',
1618         'contextlevel' => CONTEXT_COURSE,
1619         'archetypes' => array(
1620             'editingteacher' => CAP_ALLOW,
1621             'manager' => CAP_ALLOW
1622         )
1623     ),
1625     'moodle/my:manageblocks' => array(
1626         'captype' => 'write',
1627         'contextlevel' => CONTEXT_SYSTEM,
1628         'archetypes' => array(
1629             'user' => CAP_ALLOW
1630         )
1631     ),
1633     'moodle/notes:view' => array(
1634         'captype' => 'read',
1635         'contextlevel' => CONTEXT_COURSE,
1636         'archetypes' => array(
1637             'teacher' => CAP_ALLOW,
1638             'editingteacher' => CAP_ALLOW,
1639             'manager' => CAP_ALLOW
1640         )
1641     ),
1643     'moodle/notes:manage' => array(
1644         'riskbitmask' => RISK_SPAM,
1646         'captype' => 'write',
1647         'contextlevel' => CONTEXT_COURSE,
1648         'archetypes' => array(
1649             'teacher' => CAP_ALLOW,
1650             'editingteacher' => CAP_ALLOW,
1651             'manager' => CAP_ALLOW
1652         )
1653     ),
1655     'moodle/tag:manage' => array(
1656         'riskbitmask' => RISK_SPAM,
1658         'captype' => 'write',
1659         'contextlevel' => CONTEXT_SYSTEM,
1660         'archetypes' => array(
1661             'teacher' => CAP_ALLOW,
1662             'editingteacher' => CAP_ALLOW,
1663             'manager' => CAP_ALLOW
1664         )
1665     ),
1667     'moodle/tag:create' => array(
1668         'riskbitmask' => RISK_SPAM,
1670         'captype' => 'write',
1671         'contextlevel' => CONTEXT_SYSTEM,
1672         'archetypes' => array(
1673             'manager' => CAP_ALLOW,
1674             'user' => CAP_ALLOW
1675         )
1676     ),
1678     'moodle/tag:edit' => array(
1679         'riskbitmask' => RISK_SPAM,
1681         'captype' => 'write',
1682         'contextlevel' => CONTEXT_SYSTEM,
1683         'archetypes' => array(
1684             'manager' => CAP_ALLOW,
1685             'user' => CAP_ALLOW
1686         )
1687     ),
1689     'moodle/tag:flag' => array(
1690         'riskbitmask' => RISK_SPAM,
1692         'captype' => 'write',
1693         'contextlevel' => CONTEXT_SYSTEM,
1694         'archetypes' => array(
1695             'manager' => CAP_ALLOW,
1696             'user' => CAP_ALLOW
1697         )
1698     ),
1700     'moodle/tag:editblocks' => array(
1701         'captype' => 'write',
1702         'contextlevel' => CONTEXT_SYSTEM,
1703         'archetypes' => array(
1704             'teacher' => CAP_ALLOW,
1705             'editingteacher' => CAP_ALLOW,
1706             'manager' => CAP_ALLOW
1707         )
1708     ),
1710     'moodle/block:view' => array(
1711         'captype' => 'read',
1712         'contextlevel' => CONTEXT_BLOCK,
1713         'archetypes' => array(
1714             'guest' => CAP_ALLOW,
1715             'user' => CAP_ALLOW,
1716             'student' => CAP_ALLOW,
1717             'teacher' => CAP_ALLOW,
1718             'editingteacher' => CAP_ALLOW,
1719         )
1720     ),
1722     'moodle/block:edit' => array(
1723         'riskbitmask' => RISK_SPAM | RISK_XSS,
1725         'captype' => 'write',
1726         'contextlevel' => CONTEXT_BLOCK,
1727         'archetypes' => array(
1728             'editingteacher' => CAP_ALLOW,
1729             'manager' => CAP_ALLOW
1730         )
1731     ),
1733     'moodle/portfolio:export' => array(
1734         'captype' => 'read',
1735         'contextlevel' => CONTEXT_SYSTEM,
1736         'archetypes' => array(
1737             'user' => CAP_ALLOW,
1738             'student' => CAP_ALLOW,
1739             'teacher' => CAP_ALLOW,
1740             'editingteacher' => CAP_ALLOW,
1741         )
1742     ),
1743     'moodle/comment:view' => array(
1744         'captype' => 'read',
1745         'contextlevel' => CONTEXT_COURSE,
1746         'archetypes' => array(
1747             'frontpage' => CAP_ALLOW,
1748             'guest' => CAP_ALLOW,
1749             'user' => CAP_ALLOW,
1750             'student' => CAP_ALLOW,
1751             'teacher' => CAP_ALLOW,
1752             'editingteacher' => CAP_ALLOW,
1753             'manager' => CAP_ALLOW
1754         )
1755     ),
1756     'moodle/comment:post' => array(
1758         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1759         'captype' => 'write',
1760         'contextlevel' => CONTEXT_COURSE,
1761         'archetypes' => array(
1762             'user' => CAP_ALLOW,
1763             'student' => CAP_ALLOW,
1764             'teacher' => CAP_ALLOW,
1765             'editingteacher' => CAP_ALLOW,
1766             'manager' => CAP_ALLOW
1767         )
1768     ),
1769     'moodle/comment:delete' => array(
1771         'riskbitmask' => RISK_DATALOSS,
1772         'captype' => 'write',
1773         'contextlevel' => CONTEXT_COURSE,
1774         'archetypes' => array(
1775             'editingteacher' => CAP_ALLOW,
1776             'manager' => CAP_ALLOW
1777         )
1778     ),
1779     'moodle/webservice:createtoken' => array(
1781         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1782         'captype' => 'write',
1783         'contextlevel' => CONTEXT_SYSTEM,
1784         'archetypes' => array(
1785             'manager' => CAP_ALLOW
1786         )
1787     ),
1788     'moodle/webservice:createmobiletoken' => array(
1790         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1791         'captype' => 'write',
1792         'contextlevel' => CONTEXT_SYSTEM,
1793         'archetypes' => array(
1794             'user' => CAP_ALLOW
1795         )
1796     ),
1797     'moodle/rating:view' => array(
1799         'captype' => 'read',
1800         'contextlevel' => CONTEXT_COURSE,
1801         'archetypes' => array(
1802             'user' => CAP_ALLOW,
1803             'student' => CAP_ALLOW,
1804             'teacher' => CAP_ALLOW,
1805             'editingteacher' => CAP_ALLOW,
1806             'manager' => CAP_ALLOW
1807         )
1808     ),
1809     'moodle/rating:viewany' => array(
1811         'riskbitmask' => RISK_PERSONAL,
1812         'captype' => 'read',
1813         'contextlevel' => CONTEXT_COURSE,
1814         'archetypes' => array(
1815             'user' => CAP_ALLOW,
1816             'student' => CAP_ALLOW,
1817             'teacher' => CAP_ALLOW,
1818             'editingteacher' => CAP_ALLOW,
1819             'manager' => CAP_ALLOW
1820         )
1821     ),
1822     'moodle/rating:viewall' => array(
1824         'riskbitmask' => RISK_PERSONAL,
1825         'captype' => 'read',
1826         'contextlevel' => CONTEXT_COURSE,
1827         'archetypes' => array(
1828             'user' => CAP_ALLOW,
1829             'student' => CAP_ALLOW,
1830             'teacher' => CAP_ALLOW,
1831             'editingteacher' => CAP_ALLOW,
1832             'manager' => CAP_ALLOW
1833         )
1834     ),
1835     'moodle/rating:rate' => array(
1837         'captype' => 'write',
1838         'contextlevel' => CONTEXT_COURSE,
1839         'archetypes' => array(
1840             'user' => CAP_ALLOW,
1841             'student' => CAP_ALLOW,
1842             'teacher' => CAP_ALLOW,
1843             'editingteacher' => CAP_ALLOW,
1844             'manager' => CAP_ALLOW
1845         )
1846     ),
1847      'moodle/course:publish' => array(
1849         'captype' => 'write',
1850         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1851         'contextlevel' => CONTEXT_SYSTEM,
1852         'archetypes' => array(
1853             'manager' => CAP_ALLOW
1854         )
1855     ),
1856     'moodle/course:markcomplete' => array(
1857         'captype' => 'write',
1858         'contextlevel' => CONTEXT_COURSE,
1859         'archetypes' => array(
1860             'teacher' => CAP_ALLOW,
1861             'editingteacher' => CAP_ALLOW,
1862             'manager' => CAP_ALLOW
1863         )
1864     ),
1865     'moodle/community:add' => array(
1866         'captype' => 'write',
1867         'contextlevel' => CONTEXT_SYSTEM,
1868         'archetypes' => array(
1869             'manager' => CAP_ALLOW,
1870             'teacher' => CAP_ALLOW,
1871             'editingteacher' => CAP_ALLOW,
1872         )
1873     ),
1874     'moodle/community:download' => array(
1875         'captype' => 'write',
1876         'contextlevel' => CONTEXT_SYSTEM,
1877         'archetypes' => array(
1878             'manager' => CAP_ALLOW,
1879             'editingteacher' => CAP_ALLOW,
1880         )
1881     )
1882 );