Merge branch 'MDL-69776-master' of git://github.com/jleyva/moodle
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
67     'moodle/site:configview' => array(
68         'captype' => 'read',
69         'contextlevel' => CONTEXT_SYSTEM,
70         'archetypes' => array(
71             'manager' => CAP_ALLOW,
72             'coursecreator' => CAP_ALLOW,
73         )
74     ),
76     'moodle/site:readallmessages' => array(
78         'riskbitmask' => RISK_PERSONAL,
80         'captype' => 'read',
81         'contextlevel' => CONTEXT_SYSTEM,
82         'archetypes' => array(
83             'manager' => CAP_ALLOW,
84             'editingteacher' => CAP_ALLOW
85         )
86     ),
88     'moodle/site:manageallmessaging' => array(
90         'riskbitmask' => RISK_PERSONAL,
92         'captype' => 'write',
93         'contextlevel' => CONTEXT_SYSTEM,
94         'archetypes' => array(
95             'manager' => CAP_ALLOW
96         )
97     ),
99     'moodle/site:deleteanymessage' => array(
101         'riskbitmask' => RISK_DATALOSS,
103         'captype' => 'write',
104         'contextlevel' => CONTEXT_SYSTEM,
105         'archetypes' => array(
106             'manager' => CAP_ALLOW
107         )
108     ),
110     'moodle/site:sendmessage' => array(
112         'riskbitmask' => RISK_SPAM,
114         'captype' => 'write',
115         'contextlevel' => CONTEXT_SYSTEM,
116         'archetypes' => array(
117             'manager' => CAP_ALLOW,
118             'user' => CAP_ALLOW
119         )
120     ),
122     'moodle/site:senderrormessage' => [
123         'riskbitmask' => RISK_SPAM,
124         'captype' => 'write',
125         'contextlevel' => CONTEXT_SYSTEM,
126         'archetypes' => array(
127             'user' => CAP_ALLOW
128         )
129     ],
131     'moodle/site:deleteownmessage' => array(
133         'captype' => 'write',
134         'contextlevel' => CONTEXT_SYSTEM,
135         'archetypes' => array(
136             'user' => CAP_ALLOW
137         )
138     ),
140     'moodle/site:approvecourse' => array(
142         'riskbitmask' => RISK_XSS,
144         'captype' => 'write',
145         'contextlevel' => CONTEXT_COURSECAT,
146         'archetypes' => array(
147             'manager' => CAP_ALLOW
148         )
149     ),
151     'moodle/backup:backupcourse' => array(
153         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
155         'captype' => 'write',
156         'contextlevel' => CONTEXT_COURSE,
157         'archetypes' => array(
158             'editingteacher' => CAP_ALLOW,
159             'manager' => CAP_ALLOW
160         ),
162         'clonepermissionsfrom' =>  'moodle/site:backup'
163     ),
165     'moodle/backup:backupsection' => array(
167         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
169         'captype' => 'write',
170         'contextlevel' => CONTEXT_COURSE,
171         'archetypes' => array(
172             'editingteacher' => CAP_ALLOW,
173             'manager' => CAP_ALLOW
174         ),
176         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
177     ),
179     'moodle/backup:backupactivity' => array(
181         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
183         'captype' => 'write',
184         'contextlevel' => CONTEXT_MODULE,
185         'archetypes' => array(
186             'editingteacher' => CAP_ALLOW,
187             'manager' => CAP_ALLOW
188         ),
190         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
191     ),
193     'moodle/backup:backuptargetimport' => array(
195         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
197         'captype' => 'read',
198         'contextlevel' => CONTEXT_COURSE,
199         'archetypes' => array(
200             'editingteacher' => CAP_ALLOW,
201             'manager' => CAP_ALLOW
202         ),
204         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
205     ),
207     'moodle/backup:downloadfile' => array(
209         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
211         'captype' => 'write',
212         'contextlevel' => CONTEXT_COURSE,
213         'archetypes' => array(
214             'editingteacher' => CAP_ALLOW,
215             'manager' => CAP_ALLOW
216         ),
218         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
219     ),
221     'moodle/backup:configure' => array(
223         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
225         'captype' => 'write',
226         'contextlevel' => CONTEXT_COURSE,
227         'archetypes' => array(
228             'editingteacher' => CAP_ALLOW,
229             'manager' => CAP_ALLOW
230         )
231     ),
233     'moodle/backup:userinfo' => array(
235         'riskbitmask' => RISK_PERSONAL,
237         'captype' => 'read',
238         'contextlevel' => CONTEXT_COURSE,
239         'archetypes' => array(
240             'manager' => CAP_ALLOW
241         )
242     ),
244     'moodle/backup:anonymise' => array(
246         'riskbitmask' => RISK_PERSONAL,
248         'captype' => 'read',
249         'contextlevel' => CONTEXT_COURSE,
250         'archetypes' => array(
251             'manager' => CAP_ALLOW
252         )
253     ),
255     'moodle/restore:restorecourse' => array(
257         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
259         'captype' => 'write',
260         'contextlevel' => CONTEXT_COURSE,
261         'archetypes' => array(
262             'editingteacher' => CAP_ALLOW,
263             'manager' => CAP_ALLOW
264         ),
266         'clonepermissionsfrom' =>  'moodle/site:restore'
267     ),
269     'moodle/restore:restoresection' => array(
271         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
273         'captype' => 'write',
274         'contextlevel' => CONTEXT_COURSE,
275         'archetypes' => array(
276             'editingteacher' => CAP_ALLOW,
277             'manager' => CAP_ALLOW
278         ),
280         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
281     ),
283     'moodle/restore:restoreactivity' => array(
285         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
287         'captype' => 'write',
288         'contextlevel' => CONTEXT_COURSE,
289         'archetypes' => array(
290             'editingteacher' => CAP_ALLOW,
291             'manager' => CAP_ALLOW
292         ),
294         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
295     ),
297     'moodle/restore:viewautomatedfilearea' => array(
299         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
301         'captype' => 'write',
302         'contextlevel' => CONTEXT_COURSE,
303         'archetypes' => array(
304             'editingteacher' => CAP_ALLOW,
305             'manager' => CAP_ALLOW
306         ),
307     ),
309     'moodle/restore:restoretargetimport' => array(
311         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
313         'captype' => 'write',
314         'contextlevel' => CONTEXT_COURSE,
315         'archetypes' => array(
316             'editingteacher' => CAP_ALLOW,
317             'manager' => CAP_ALLOW
318         ),
320         'clonepermissionsfrom' =>  'moodle/site:import'
321     ),
323     'moodle/restore:uploadfile' => array(
325         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
327         'captype' => 'write',
328         'contextlevel' => CONTEXT_COURSE,
329         'archetypes' => array(
330             'editingteacher' => CAP_ALLOW,
331             'manager' => CAP_ALLOW
332         ),
334         'clonepermissionsfrom' =>  'moodle/site:backupupload'
335     ),
337     'moodle/restore:configure' => array(
339         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
341         'captype' => 'write',
342         'contextlevel' => CONTEXT_COURSE,
343         'archetypes' => array(
344             'editingteacher' => CAP_ALLOW,
345             'manager' => CAP_ALLOW
346         )
347     ),
349     'moodle/restore:rolldates' => array(
351         'captype' => 'write',
352         'contextlevel' => CONTEXT_COURSE,
353         'archetypes' => array(
354             'coursecreator' => CAP_ALLOW,
355             'manager' => CAP_ALLOW
356         )
357     ),
359     'moodle/restore:userinfo' => array(
361         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
363         'captype' => 'write',
364         'contextlevel' => CONTEXT_COURSE,
365         'archetypes' => array(
366             'manager' => CAP_ALLOW
367         )
368     ),
370     'moodle/restore:createuser' => array(
372         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
374         'captype' => 'write',
375         'contextlevel' => CONTEXT_SYSTEM,
376         'archetypes' => array(
377             'manager' => CAP_ALLOW
378         )
379     ),
381     'moodle/site:manageblocks' => array(
383         'riskbitmask' => RISK_SPAM | RISK_XSS,
385         'captype' => 'write',
386         'contextlevel' => CONTEXT_BLOCK,
387         'archetypes' => array(
388             'editingteacher' => CAP_ALLOW,
389             'manager' => CAP_ALLOW
390         )
391     ),
393     'moodle/site:accessallgroups' => array(
395         'captype' => 'read',
396         'contextlevel' => CONTEXT_MODULE,
397         'archetypes' => array(
398             'editingteacher' => CAP_ALLOW,
399             'manager' => CAP_ALLOW
400         )
401     ),
403     'moodle/site:viewanonymousevents' => array(
405         'riskbitmask' => RISK_PERSONAL,
407         'captype' => 'read',
408         'contextlevel' => CONTEXT_MODULE,
409         'archetypes' => array(
410             'manager' => CAP_ALLOW,
411         )
412     ),
414     'moodle/site:viewfullnames' => array(
416         'captype' => 'read',
417         'contextlevel' => CONTEXT_MODULE,
418         'archetypes' => array(
419             'teacher' => CAP_ALLOW,
420             'editingteacher' => CAP_ALLOW,
421             'manager' => CAP_ALLOW
422         )
423     ),
425     // In reports that give lists of users, extra information about each user's
426     // identity (the fields configured in site option showuseridentity) will be
427     // displayed to users who have this capability.
428     'moodle/site:viewuseridentity' => array(
430         'captype' => 'read',
431         'contextlevel' => CONTEXT_MODULE,
432         'archetypes' => array(
433             'teacher' => CAP_ALLOW,
434             'editingteacher' => CAP_ALLOW,
435             'manager' => CAP_ALLOW
436         )
437     ),
439     'moodle/site:viewreports' => array(
441         'riskbitmask' => RISK_PERSONAL,
443         'captype' => 'read',
444         'contextlevel' => CONTEXT_COURSE,
445         'archetypes' => array(
446             'teacher' => CAP_ALLOW,
447             'editingteacher' => CAP_ALLOW,
448             'manager' => CAP_ALLOW
449         )
450     ),
452     'moodle/site:trustcontent' => array(
454         'riskbitmask' => RISK_XSS,
456         'captype' => 'write',
457         'contextlevel' => CONTEXT_MODULE,
458         'archetypes' => array(
459             'editingteacher' => CAP_ALLOW,
460             'manager' => CAP_ALLOW
461         )
462     ),
464     'moodle/site:uploadusers' => array(
466         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
468         'captype' => 'write',
469         'contextlevel' => CONTEXT_SYSTEM,
470         'archetypes' => array(
471             'manager' => CAP_ALLOW
472         )
473     ),
475     // Permission to manage filter setting overrides in subcontexts.
476     'moodle/filter:manage' => array(
478         'captype' => 'write',
479         'contextlevel' => CONTEXT_COURSE,
480         'archetypes' => array(
481             'editingteacher' => CAP_ALLOW,
482             'manager' => CAP_ALLOW,
483         )
484     ),
486     'moodle/user:create' => array(
488         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
490         'captype' => 'write',
491         'contextlevel' => CONTEXT_SYSTEM,
492         'archetypes' => array(
493             'manager' => CAP_ALLOW
494         )
495     ),
497     'moodle/user:delete' => array(
499         'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS,
501         'captype' => 'write',
502         'contextlevel' => CONTEXT_SYSTEM,
503         'archetypes' => array(
504             'manager' => CAP_ALLOW
505         )
506     ),
508     'moodle/user:update' => array(
510         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
512         'captype' => 'write',
513         'contextlevel' => CONTEXT_SYSTEM,
514         'archetypes' => array(
515             'manager' => CAP_ALLOW
516         )
517     ),
519     'moodle/user:viewdetails' => array(
521         'captype' => 'read',
522         'contextlevel' => CONTEXT_COURSE,
523         'archetypes' => array(
524             'guest' => CAP_ALLOW,
525             'student' => CAP_ALLOW,
526             'teacher' => CAP_ALLOW,
527             'editingteacher' => CAP_ALLOW,
528             'manager' => CAP_ALLOW
529         )
530     ),
532     'moodle/user:viewalldetails' => array(
533         'riskbitmask' => RISK_PERSONAL,
534         'captype' => 'read',
535         'contextlevel' => CONTEXT_USER,
536         'archetypes' => array(
537             'manager' => CAP_ALLOW
538         ),
539         'clonepermissionsfrom' => 'moodle/user:update'
540     ),
542     'moodle/user:viewlastip' => array(
543         'riskbitmask' => RISK_PERSONAL,
544         'captype' => 'read',
545         'contextlevel' => CONTEXT_USER,
546         'archetypes' => array(
547             'manager' => CAP_ALLOW
548         ),
549         'clonepermissionsfrom' => 'moodle/user:update'
550     ),
552     'moodle/user:viewhiddendetails' => array(
554         'riskbitmask' => RISK_PERSONAL,
556         'captype' => 'read',
557         'contextlevel' => CONTEXT_COURSE,
558         'archetypes' => array(
559             'teacher' => CAP_ALLOW,
560             'editingteacher' => CAP_ALLOW,
561             'manager' => CAP_ALLOW
562         )
563     ),
565     'moodle/user:loginas' => array(
567         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
569         'captype' => 'write',
570         'contextlevel' => CONTEXT_COURSE,
571         'archetypes' => array(
572             'manager' => CAP_ALLOW
573         )
574     ),
576     // can the user manage the system default profile page?
577     'moodle/user:managesyspages' => array(
579         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
581         'captype' => 'write',
582         'contextlevel' => CONTEXT_SYSTEM,
583         'archetypes' => array(
584             'manager' => CAP_ALLOW
585         )
586     ),
588     // can the user manage another user's profile page?
589     'moodle/user:manageblocks' => array(
591         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
593         'captype' => 'write',
594         'contextlevel' => CONTEXT_USER
595     ),
597     // can the user manage their own profile page?
598     'moodle/user:manageownblocks' => array(
600         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
602         'captype' => 'write',
603         'contextlevel' => CONTEXT_SYSTEM,
604         'archetypes' => array(
605             'user' => CAP_ALLOW
606         )
607     ),
609     // can the user manage their own files?
610     'moodle/user:manageownfiles' => array(
612         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
614         'captype' => 'write',
615         'contextlevel' => CONTEXT_SYSTEM,
616         'archetypes' => array(
617             'user' => CAP_ALLOW
618         )
619     ),
621     // Can the user ignore the setting userquota?
622     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
623     'moodle/user:ignoreuserquota' => array(
624         'riskbitmap' => RISK_SPAM,
625         'captype' => 'write',
626         'contextlevel' => CONTEXT_SYSTEM,
627         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
628     ),
630     // can the user manage the system default dashboard page?
631     'moodle/my:configsyspages' => array(
633         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
635         'captype' => 'write',
636         'contextlevel' => CONTEXT_SYSTEM,
637         'archetypes' => array(
638             'manager' => CAP_ALLOW
639         )
640     ),
642     'moodle/role:assign' => array(
644         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
646         'captype' => 'write',
647         'contextlevel' => CONTEXT_COURSE,
648         'archetypes' => array(
649             'editingteacher' => CAP_ALLOW,
650             'manager' => CAP_ALLOW
651         )
652     ),
654     'moodle/role:review' => array(
656         'riskbitmask' => RISK_PERSONAL,
658         'captype' => 'read',
659         'contextlevel' => CONTEXT_COURSE,
660         'archetypes' => array(
661             'teacher' => CAP_ALLOW,
662             'editingteacher' => CAP_ALLOW,
663             'manager' => CAP_ALLOW
664         )
665     ),
667     'moodle/role:override' => array(
669         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
671         'captype' => 'write',
672         'contextlevel' => CONTEXT_COURSE,
673         'archetypes' => array(
674             'manager' => CAP_ALLOW
675         )
676     ),
678     'moodle/role:safeoverride' => array(
680         'riskbitmask' => RISK_SPAM,
682         'captype' => 'write',
683         'contextlevel' => CONTEXT_COURSE,
684         'archetypes' => array(
685             'editingteacher' => CAP_ALLOW
686         )
687     ),
689     'moodle/role:manage' => array(
691         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
693         'captype' => 'write',
694         'contextlevel' => CONTEXT_SYSTEM,
695         'archetypes' => array(
696             'manager' => CAP_ALLOW
697         )
698     ),
700     'moodle/role:switchroles' => array(
702         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
704         'captype' => 'read',
705         'contextlevel' => CONTEXT_COURSE,
706         'archetypes' => array(
707             'editingteacher' => CAP_ALLOW,
708             'manager' => CAP_ALLOW
709         )
710     ),
712     // Create, update and delete course categories. (Deleting a course category
713     // does not let you delete the courses it contains, unless you also have
714     // moodle/course: delete.) Creating and deleting requires this permission in
715     // the parent category.
716     'moodle/category:manage' => array(
718         'riskbitmask' => RISK_XSS,
720         'captype' => 'write',
721         'contextlevel' => CONTEXT_COURSECAT,
722         'archetypes' => array(
723             'manager' => CAP_ALLOW
724         ),
725         'clonepermissionsfrom' => 'moodle/category:update'
726     ),
728     'moodle/category:viewcourselist' => array(
730         'captype' => 'read',
731         'contextlevel' => CONTEXT_COURSECAT,
732         'archetypes' => array(
733             'guest' => CAP_ALLOW,
734             'user' => CAP_ALLOW,
735         )
736     ),
738     'moodle/category:viewhiddencategories' => array(
740         'captype' => 'read',
741         'contextlevel' => CONTEXT_COURSECAT,
742         'archetypes' => array(
743             'coursecreator' => CAP_ALLOW,
744             'manager' => CAP_ALLOW
745         ),
746         'clonepermissionsfrom' => 'moodle/category:visibility'
747     ),
749     // create, delete, move cohorts in system and course categories,
750     // (cohorts with component !== null can be only moved)
751     'moodle/cohort:manage' => array(
753         'captype' => 'write',
754         'contextlevel' => CONTEXT_COURSECAT,
755         'archetypes' => array(
756             'manager' => CAP_ALLOW
757         )
758     ),
760     // add and remove cohort members (only for cohorts where component !== null)
761     'moodle/cohort:assign' => array(
763         'captype' => 'write',
764         'contextlevel' => CONTEXT_COURSECAT,
765         'archetypes' => array(
766             'manager' => CAP_ALLOW
767         )
768     ),
770     // View visible and hidden cohorts defined in the current context.
771     'moodle/cohort:view' => array(
773         'captype' => 'read',
774         'contextlevel' => CONTEXT_COURSE,
775         'archetypes' => array(
776             'editingteacher' => CAP_ALLOW,
777             'manager' => CAP_ALLOW
778         )
779     ),
781     'moodle/course:create' => array(
783         'riskbitmask' => RISK_XSS,
785         'captype' => 'write',
786         'contextlevel' => CONTEXT_COURSECAT,
787         'archetypes' => array(
788             'coursecreator' => CAP_ALLOW,
789             'manager' => CAP_ALLOW
790         )
791     ),
793     'moodle/course:creategroupconversations' => array(
794         'riskbitmask' => RISK_XSS,
795         'captype' => 'write',
796         'contextlevel' => CONTEXT_COURSE,
797         'archetypes' => array(
798             'editingteacher' => CAP_ALLOW,
799             'manager' => CAP_ALLOW
800         )
801     ),
803     'moodle/course:request' => array(
804         'captype' => 'write',
805         'contextlevel' => CONTEXT_COURSECAT,
806     ),
808     'moodle/course:delete' => array(
810         'riskbitmask' => RISK_DATALOSS,
812         'captype' => 'write',
813         'contextlevel' => CONTEXT_COURSE,
814         'archetypes' => array(
815             'manager' => CAP_ALLOW
816         )
817     ),
819     'moodle/course:update' => array(
821         'riskbitmask' => RISK_XSS,
823         'captype' => 'write',
824         'contextlevel' => CONTEXT_COURSE,
825         'archetypes' => array(
826             'editingteacher' => CAP_ALLOW,
827             'manager' => CAP_ALLOW
828         )
829     ),
831     'moodle/course:view' => array(
833         'captype' => 'read',
834         'contextlevel' => CONTEXT_COURSE,
835         'archetypes' => array(
836             'manager' => CAP_ALLOW,
837         )
838     ),
840     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
841     'moodle/course:enrolreview' => array(
843         'riskbitmask' => RISK_PERSONAL,
845         'captype' => 'read',
846         'contextlevel' => CONTEXT_COURSE,
847         'archetypes' => array(
848             'editingteacher' => CAP_ALLOW,
849             'manager' => CAP_ALLOW,
850         )
851     ),
853     /* add, remove, hide enrol instances in courses */
854     'moodle/course:enrolconfig' => array(
856         'riskbitmask' => RISK_PERSONAL,
858         'captype' => 'write',
859         'contextlevel' => CONTEXT_COURSE,
860         'archetypes' => array(
861             'editingteacher' => CAP_ALLOW,
862             'manager' => CAP_ALLOW,
863         )
864     ),
866     'moodle/course:reviewotherusers' => array(
868         'captype' => 'read',
869         'contextlevel' => CONTEXT_COURSE,
870         'archetypes' => array(
871             'editingteacher' => CAP_ALLOW,
872             'manager' => CAP_ALLOW,
873         ),
874         'clonepermissionsfrom' => 'moodle/role:assign'
875     ),
877     'moodle/course:bulkmessaging' => array(
879         'riskbitmask' => RISK_SPAM,
881         'captype' => 'write',
882         'contextlevel' => CONTEXT_COURSE,
883         'archetypes' => array(
884             'teacher' => CAP_ALLOW,
885             'editingteacher' => CAP_ALLOW,
886             'manager' => CAP_ALLOW
887         )
888     ),
890     'moodle/course:viewhiddenuserfields' => array(
892         'riskbitmask' => RISK_PERSONAL,
894         'captype' => 'read',
895         'contextlevel' => CONTEXT_COURSE,
896         'archetypes' => array(
897             'teacher' => CAP_ALLOW,
898             'editingteacher' => CAP_ALLOW,
899             'manager' => CAP_ALLOW
900         )
901     ),
903     'moodle/course:viewhiddencourses' => array(
905         'captype' => 'read',
906         'contextlevel' => CONTEXT_COURSE,
907         'archetypes' => array(
908             'coursecreator' => CAP_ALLOW,
909             'teacher' => CAP_ALLOW,
910             'editingteacher' => CAP_ALLOW,
911             'manager' => CAP_ALLOW
912         )
913     ),
915     'moodle/course:visibility' => array(
917         'captype' => 'write',
918         'contextlevel' => CONTEXT_COURSE,
919         'archetypes' => array(
920             'editingteacher' => CAP_ALLOW,
921             'manager' => CAP_ALLOW
922         )
923     ),
925     'moodle/course:managefiles' => array(
927         'riskbitmask' => RISK_XSS,
929         'captype' => 'write',
930         'contextlevel' => CONTEXT_COURSE,
931         'archetypes' => array(
932             'editingteacher' => CAP_ALLOW,
933             'manager' => CAP_ALLOW
934         )
935     ),
937     'moodle/course:ignoreavailabilityrestrictions' => array(
938         'captype' => 'read',
939         'contextlevel' => CONTEXT_MODULE,
940         'archetypes' => array(
941             'manager' => CAP_ALLOW,
942             'coursecreator' => CAP_ALLOW,
943             'editingteacher' => CAP_ALLOW,
944             'teacher' => CAP_ALLOW,
945         ),
946         'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities'
947     ),
949     'moodle/course:ignorefilesizelimits' => array(
951         'captype' => 'write',
952         'contextlevel' => CONTEXT_COURSE,
953         'archetypes' => array(
954         )
955     ),
957     'moodle/course:manageactivities' => array(
959         'riskbitmask' => RISK_XSS,
961         'captype' => 'write',
962         'contextlevel' => CONTEXT_MODULE,
963         'archetypes' => array(
964             'editingteacher' => CAP_ALLOW,
965             'manager' => CAP_ALLOW
966         )
967     ),
969     'moodle/course:activityvisibility' => array(
971         'captype' => 'write',
972         'contextlevel' => CONTEXT_MODULE,
973         'archetypes' => array(
974             'editingteacher' => CAP_ALLOW,
975             'manager' => CAP_ALLOW
976         )
977     ),
979     'moodle/course:viewhiddenactivities' => array(
981         'captype' => 'read',
982         'contextlevel' => CONTEXT_MODULE,
983         'archetypes' => array(
984             'teacher' => CAP_ALLOW,
985             'editingteacher' => CAP_ALLOW,
986             'manager' => CAP_ALLOW
987         )
988     ),
990     'moodle/course:viewparticipants' => array(
992         'captype' => 'read',
993         'contextlevel' => CONTEXT_COURSE,
994         'archetypes' => array(
995             'student' => CAP_ALLOW,
996             'teacher' => CAP_ALLOW,
997             'editingteacher' => CAP_ALLOW,
998             'manager' => CAP_ALLOW
999         )
1000     ),
1002     'moodle/course:changefullname' => array(
1004         'riskbitmask' => RISK_XSS,
1006         'captype' => 'write',
1007         'contextlevel' => CONTEXT_COURSE,
1008         'archetypes' => array(
1009             'editingteacher' => CAP_ALLOW,
1010             'manager' => CAP_ALLOW
1011         ),
1012         'clonepermissionsfrom' => 'moodle/course:update'
1013     ),
1015     'moodle/course:changeshortname' => array(
1017         'riskbitmask' => RISK_XSS,
1019         'captype' => 'write',
1020         'contextlevel' => CONTEXT_COURSE,
1021         'archetypes' => array(
1022             'editingteacher' => CAP_ALLOW,
1023             'manager' => CAP_ALLOW
1024         ),
1025         'clonepermissionsfrom' => 'moodle/course:update'
1026     ),
1028     'moodle/course:changelockedcustomfields' => array(
1030         'riskbitmask' => RISK_SPAM,
1032         'captype' => 'write',
1033         'contextlevel' => CONTEXT_COURSE,
1034         'archetypes' => array(
1035             'manager' => CAP_ALLOW
1036         ),
1037     ),
1039     'moodle/course:configurecustomfields' => array(
1041         'riskbitmask' => RISK_SPAM,
1043         'captype' => 'write',
1044         'contextlevel' => CONTEXT_SYSTEM,
1045         'clonepermissionsfrom' => 'moodle/site:config'
1046     ),
1048     'moodle/course:renameroles' => array(
1049         'captype' => 'write',
1050         'contextlevel' => CONTEXT_COURSE,
1051         'archetypes' => array(
1052             'editingteacher' => CAP_ALLOW,
1053             'manager' => CAP_ALLOW
1054         ),
1055         'clonepermissionsfrom' => 'moodle/course:update'
1056     ),
1058     'moodle/course:changeidnumber' => array(
1060         'riskbitmask' => RISK_XSS,
1062         'captype' => 'write',
1063         'contextlevel' => CONTEXT_COURSE,
1064         'archetypes' => array(
1065             'editingteacher' => CAP_ALLOW,
1066             'manager' => CAP_ALLOW
1067         ),
1068         'clonepermissionsfrom' => 'moodle/course:update'
1069     ),
1070     'moodle/course:changecategory' => array(
1071         'riskbitmask' => RISK_XSS,
1073         'captype' => 'write',
1074         'contextlevel' => CONTEXT_COURSE,
1075         'archetypes' => array(
1076             'editingteacher' => CAP_ALLOW,
1077             'manager' => CAP_ALLOW
1078         ),
1079         'clonepermissionsfrom' => 'moodle/course:update'
1080     ),
1082     'moodle/course:changesummary' => array(
1083         'riskbitmask' => RISK_XSS,
1085         'captype' => 'write',
1086         'contextlevel' => CONTEXT_COURSE,
1087         'archetypes' => array(
1088             'editingteacher' => CAP_ALLOW,
1089             'manager' => CAP_ALLOW
1090         ),
1091         'clonepermissionsfrom' => 'moodle/course:update'
1092     ),
1094     'moodle/course:setforcedlanguage' => array(
1095         'captype' => 'write',
1096         'contextlevel' => CONTEXT_COURSE,
1097         'archetypes' => array(
1098             'editingteacher' => CAP_ALLOW,
1099             'manager' => CAP_ALLOW
1100         ),
1101         'clonepermissionsfrom' => 'moodle/course:update'
1102     ),
1105     'moodle/site:viewparticipants' => array(
1107         'captype' => 'read',
1108         'contextlevel' => CONTEXT_SYSTEM,
1109         'archetypes' => array(
1110             'manager' => CAP_ALLOW
1111         )
1112     ),
1114     'moodle/course:isincompletionreports' => array(
1115         'captype' => 'read',
1116         'contextlevel' => CONTEXT_COURSE,
1117         'archetypes' => array(
1118             'student' => CAP_ALLOW,
1119         ),
1120     ),
1122     'moodle/course:viewscales' => array(
1124         'captype' => 'read',
1125         'contextlevel' => CONTEXT_COURSE,
1126         'archetypes' => array(
1127             'student' => CAP_ALLOW,
1128             'teacher' => CAP_ALLOW,
1129             'editingteacher' => CAP_ALLOW,
1130             'manager' => CAP_ALLOW
1131         )
1132     ),
1134     'moodle/course:managescales' => array(
1136         'captype' => 'write',
1137         'contextlevel' => CONTEXT_COURSE,
1138         'archetypes' => array(
1139             'editingteacher' => CAP_ALLOW,
1140             'manager' => CAP_ALLOW
1141         )
1142     ),
1144     'moodle/course:managegroups' => array(
1145         'riskbitmask' => RISK_XSS,
1147         'captype' => 'write',
1148         'contextlevel' => CONTEXT_COURSE,
1149         'archetypes' => array(
1150             'editingteacher' => CAP_ALLOW,
1151             'manager' => CAP_ALLOW
1152         )
1153     ),
1155     'moodle/course:reset' => array(
1157         'riskbitmask' => RISK_DATALOSS,
1159         'captype' => 'write',
1160         'contextlevel' => CONTEXT_COURSE,
1161         'archetypes' => array(
1162             'editingteacher' => CAP_ALLOW,
1163             'manager' => CAP_ALLOW
1164         )
1165     ),
1167     'moodle/course:viewsuspendedusers' => array(
1169         'captype' => 'read',
1170         'contextlevel' => CONTEXT_COURSE,
1171         'archetypes' => array(
1172             'editingteacher' => CAP_ALLOW,
1173             'manager' => CAP_ALLOW
1174         )
1175     ),
1177     'moodle/course:tag' => array(
1178         'riskbitmask' => RISK_SPAM,
1179         'captype' => 'write',
1180         'contextlevel' => CONTEXT_COURSE,
1181         'archetypes' => array(
1182             'manager' => CAP_ALLOW,
1183             'editingteacher' => CAP_ALLOW,
1184         ),
1185         'clonepermissionsfrom' => 'moodle/course:update'
1186     ),
1188     'moodle/blog:view' => array(
1190         'captype' => 'read',
1191         'contextlevel' => CONTEXT_SYSTEM,
1192         'archetypes' => array(
1193             'guest' => CAP_ALLOW,
1194             'user' => CAP_ALLOW,
1195             'student' => CAP_ALLOW,
1196             'teacher' => CAP_ALLOW,
1197             'editingteacher' => CAP_ALLOW,
1198             'manager' => CAP_ALLOW
1199         )
1200     ),
1202     'moodle/blog:search' => array(
1203         'captype' => 'read',
1204         'contextlevel' => CONTEXT_SYSTEM,
1205         'archetypes' => array(
1206             'guest' => CAP_ALLOW,
1207             'user' => CAP_ALLOW,
1208             'student' => CAP_ALLOW,
1209             'teacher' => CAP_ALLOW,
1210             'editingteacher' => CAP_ALLOW,
1211             'manager' => CAP_ALLOW
1212         )
1213     ),
1215     'moodle/blog:viewdrafts' => array(
1217         'riskbitmask' => RISK_PERSONAL,
1218         'captype' => 'read',
1219         'contextlevel' => CONTEXT_SYSTEM,
1220         'archetypes' => array(
1221             'manager' => CAP_ALLOW
1222         )
1223     ),
1225     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1227         'riskbitmask' => RISK_SPAM,
1229         'captype' => 'write',
1230         'contextlevel' => CONTEXT_SYSTEM,
1231         'archetypes' => array(
1232             'user' => CAP_ALLOW,
1233             'manager' => CAP_ALLOW
1234         )
1235     ),
1237     'moodle/blog:manageentries' => array(
1239         'riskbitmask' => RISK_SPAM,
1241         'captype' => 'write',
1242         'contextlevel' => CONTEXT_SYSTEM,
1243         'archetypes' => array(
1244             'teacher' => CAP_ALLOW,
1245             'editingteacher' => CAP_ALLOW,
1246             'manager' => CAP_ALLOW
1247         )
1248     ),
1250     'moodle/blog:manageexternal' => array(
1252         'riskbitmask' => RISK_SPAM,
1254         'captype' => 'write',
1255         'contextlevel' => CONTEXT_SYSTEM,
1256         'archetypes' => array(
1257             'student' => CAP_ALLOW,
1258             'user' => CAP_ALLOW,
1259             'teacher' => CAP_ALLOW,
1260             'editingteacher' => CAP_ALLOW,
1261             'manager' => CAP_ALLOW
1262         )
1263     ),
1265     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1267         'riskbitmask' => RISK_SPAM,
1269         'captype' => 'write',
1270         'contextlevel' => CONTEXT_COURSE,
1271         'archetypes' => array(
1272             'user' => CAP_ALLOW,
1273             'manager' => CAP_ALLOW
1274         )
1275     ),
1277     'moodle/calendar:managegroupentries' => array(
1279         'riskbitmask' => RISK_SPAM,
1281         'captype' => 'write',
1282         'contextlevel' => CONTEXT_COURSE,
1283         'archetypes' => array(
1284             'teacher' => CAP_ALLOW,
1285             'editingteacher' => CAP_ALLOW,
1286             'manager' => CAP_ALLOW
1287         )
1288     ),
1290     'moodle/calendar:manageentries' => array(
1292         'riskbitmask' => RISK_SPAM,
1294         'captype' => 'write',
1295         'contextlevel' => CONTEXT_COURSE,
1296         'archetypes' => array(
1297             'teacher' => CAP_ALLOW,
1298             'editingteacher' => CAP_ALLOW,
1299             'manager' => CAP_ALLOW
1300         )
1301     ),
1303     'moodle/user:editprofile' => array(
1305         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1307         'captype' => 'write',
1308         'contextlevel' => CONTEXT_USER,
1309         'archetypes' => array(
1310             'manager' => CAP_ALLOW
1311         )
1312     ),
1314     'moodle/user:editownprofile' => array(
1316         'riskbitmask' => RISK_SPAM,
1318         'captype' => 'write',
1319         'contextlevel' => CONTEXT_SYSTEM,
1320         'archetypes' => array(
1321             'guest' => CAP_PROHIBIT,
1322             'user' => CAP_ALLOW,
1323             'manager' => CAP_ALLOW
1324         )
1325     ),
1327     'moodle/user:changeownpassword' => array(
1329         'captype' => 'write',
1330         'contextlevel' => CONTEXT_SYSTEM,
1331         'archetypes' => array(
1332             'guest' => CAP_PROHIBIT,
1333             'user' => CAP_ALLOW,
1334             'manager' => CAP_ALLOW
1335         )
1336     ),
1338     // The next 3 might make no sense for some roles, e.g teacher, etc.
1339     // since the next level up is site. These are more for the parent role
1340     'moodle/user:readuserposts' => array(
1342         'captype' => 'read',
1343         'contextlevel' => CONTEXT_USER,
1344         'archetypes' => array(
1345             'student' => CAP_ALLOW,
1346             'teacher' => CAP_ALLOW,
1347             'editingteacher' => CAP_ALLOW,
1348             'manager' => CAP_ALLOW
1349         )
1350     ),
1352     'moodle/user:readuserblogs' => array(
1354         'captype' => 'read',
1355         'contextlevel' => CONTEXT_USER,
1356         'archetypes' => array(
1357             'student' => CAP_ALLOW,
1358             'teacher' => CAP_ALLOW,
1359             'editingteacher' => CAP_ALLOW,
1360             'manager' => CAP_ALLOW
1361         )
1362     ),
1364     // designed for parent role - not used in legacy roles
1365     'moodle/user:viewuseractivitiesreport' => array(
1366         'riskbitmask' => RISK_PERSONAL,
1368         'captype' => 'read',
1369         'contextlevel' => CONTEXT_USER,
1370         'archetypes' => array(
1371         )
1372     ),
1374     //capabilities designed for the new message system configuration
1375     'moodle/user:editmessageprofile' => array(
1377          'riskbitmask' => RISK_SPAM,
1379          'captype' => 'write',
1380          'contextlevel' => CONTEXT_USER,
1381          'archetypes' => array(
1382              'manager' => CAP_ALLOW
1383          )
1384      ),
1386      'moodle/user:editownmessageprofile' => array(
1388          'captype' => 'write',
1389          'contextlevel' => CONTEXT_SYSTEM,
1390          'archetypes' => array(
1391              'guest' => CAP_PROHIBIT,
1392              'user' => CAP_ALLOW,
1393              'manager' => CAP_ALLOW
1394          )
1395      ),
1397     'moodle/question:managecategory' => array(
1398         'riskbitmask' => RISK_SPAM | RISK_XSS,
1399         'captype' => 'write',
1400         'contextlevel' => CONTEXT_COURSE,
1401         'archetypes' => array(
1402             'editingteacher' => CAP_ALLOW,
1403             'manager' => CAP_ALLOW
1404         )
1405     ),
1407     //new in moodle 1.9
1408     'moodle/question:add' => array(
1409         'riskbitmask' => RISK_SPAM | RISK_XSS,
1410         'captype' => 'write',
1411         'contextlevel' => CONTEXT_COURSE,
1412         'archetypes' => array(
1413             'editingteacher' => CAP_ALLOW,
1414             'manager' => CAP_ALLOW
1415         ),
1416         'clonepermissionsfrom' =>  'moodle/question:manage'
1417     ),
1418     'moodle/question:editmine' => array(
1419         'riskbitmask' => RISK_SPAM | RISK_XSS,
1420         'captype' => 'write',
1421         'contextlevel' => CONTEXT_COURSE,
1422         'archetypes' => array(
1423             'editingteacher' => CAP_ALLOW,
1424             'manager' => CAP_ALLOW
1425         ),
1426         'clonepermissionsfrom' =>  'moodle/question:manage'
1427     ),
1428     'moodle/question:editall' => array(
1429         'riskbitmask' => RISK_SPAM | RISK_XSS,
1430         'captype' => 'write',
1431         'contextlevel' => CONTEXT_COURSE,
1432         'archetypes' => array(
1433             'editingteacher' => CAP_ALLOW,
1434             'manager' => CAP_ALLOW
1435         ),
1436         'clonepermissionsfrom' =>  'moodle/question:manage'
1437     ),
1438     'moodle/question:viewmine' => array(
1439         'captype' => 'read',
1440         'contextlevel' => CONTEXT_COURSE,
1441         'archetypes' => array(
1442             'editingteacher' => CAP_ALLOW,
1443             'manager' => CAP_ALLOW
1444         ),
1445         'clonepermissionsfrom' =>  'moodle/question:manage'
1446     ),
1447     'moodle/question:viewall' => array(
1448         'captype' => 'read',
1449         'contextlevel' => CONTEXT_COURSE,
1450         'archetypes' => array(
1451             'editingteacher' => CAP_ALLOW,
1452             'manager' => CAP_ALLOW
1453         ),
1454         'clonepermissionsfrom' =>  'moodle/question:manage'
1455     ),
1456     'moodle/question:usemine' => array(
1457         'captype' => 'read',
1458         'contextlevel' => CONTEXT_COURSE,
1459         'archetypes' => array(
1460             'editingteacher' => CAP_ALLOW,
1461             'manager' => CAP_ALLOW
1462         ),
1463         'clonepermissionsfrom' =>  'moodle/question:manage'
1464     ),
1465     'moodle/question:useall' => array(
1466         'captype' => 'read',
1467         'contextlevel' => CONTEXT_COURSE,
1468         'archetypes' => array(
1469             'editingteacher' => CAP_ALLOW,
1470             'manager' => CAP_ALLOW
1471         ),
1472         'clonepermissionsfrom' =>  'moodle/question:manage'
1473     ),
1474     'moodle/question:movemine' => array(
1475         'captype' => 'write',
1476         'contextlevel' => CONTEXT_COURSE,
1477         'archetypes' => array(
1478             'editingteacher' => CAP_ALLOW,
1479             'manager' => CAP_ALLOW
1480         ),
1481         'clonepermissionsfrom' =>  'moodle/question:manage'
1482     ),
1483     'moodle/question:moveall' => array(
1484         'captype' => 'write',
1485         'contextlevel' => CONTEXT_COURSE,
1486         'archetypes' => array(
1487             'editingteacher' => CAP_ALLOW,
1488             'manager' => CAP_ALLOW
1489         ),
1490         'clonepermissionsfrom' =>  'moodle/question:manage'
1491     ),
1492     //END new in moodle 1.9
1494     // Configure the installed question types.
1495     'moodle/question:config' => array(
1496         'riskbitmask' => RISK_CONFIG,
1497         'captype' => 'write',
1498         'contextlevel' => CONTEXT_SYSTEM,
1499         'archetypes' => array(
1500             'manager' => CAP_ALLOW
1501         )
1502     ),
1504     // While attempting questions, the ability to flag particular questions for later reference.
1505     'moodle/question:flag' => array(
1506         'captype' => 'write',
1507         'contextlevel' => CONTEXT_COURSE,
1508         'archetypes' => array(
1509             'student' => CAP_ALLOW,
1510             'teacher' => CAP_ALLOW,
1511             'editingteacher' => CAP_ALLOW,
1512             'manager' => CAP_ALLOW
1513         )
1514     ),
1516     // Controls whether the user can tag his own questions.
1517     'moodle/question:tagmine' => array(
1518         'captype' => 'write',
1519         'contextlevel' => CONTEXT_COURSE,
1520         'archetypes' => array(
1521             'editingteacher' => CAP_ALLOW,
1522             'manager' => CAP_ALLOW
1523         ),
1524         'clonepermissionsfrom' => 'moodle/question:editmine'
1525     ),
1527     // Controls whether the user can tag all questions.
1528     'moodle/question:tagall' => array(
1529         'captype' => 'write',
1530         'contextlevel' => CONTEXT_COURSE,
1531         'archetypes' => array(
1532             'editingteacher' => CAP_ALLOW,
1533             'manager' => CAP_ALLOW
1534         ),
1535         'clonepermissionsfrom' => 'moodle/question:editall'
1536     ),
1538     'moodle/site:doclinks' => array(
1539         'captype' => 'read',
1540         'contextlevel' => CONTEXT_SYSTEM,
1541         'archetypes' => array(
1542             'teacher' => CAP_ALLOW,
1543             'editingteacher' => CAP_ALLOW,
1544             'manager' => CAP_ALLOW
1545         )
1546     ),
1548     'moodle/course:sectionvisibility' => array(
1550         'captype' => 'write',
1551         'contextlevel' => CONTEXT_COURSE,
1552         'archetypes' => array(
1553             'editingteacher' => CAP_ALLOW,
1554             'manager' => CAP_ALLOW
1555         )
1556     ),
1558     'moodle/course:useremail' => array(
1560         'captype' => 'write',
1561         'contextlevel' => CONTEXT_COURSE,
1562         'archetypes' => array(
1563             'editingteacher' => CAP_ALLOW,
1564             'manager' => CAP_ALLOW
1565         )
1566     ),
1568     'moodle/course:viewhiddensections' => array(
1570         'captype' => 'read',
1571         'contextlevel' => CONTEXT_COURSE,
1572         'archetypes' => array(
1573             'editingteacher' => CAP_ALLOW,
1574             'manager' => CAP_ALLOW
1575         )
1576     ),
1578     'moodle/course:setcurrentsection' => array(
1580         'captype' => 'write',
1581         'contextlevel' => CONTEXT_COURSE,
1582         'archetypes' => array(
1583             'editingteacher' => CAP_ALLOW,
1584             'manager' => CAP_ALLOW
1585         )
1586     ),
1588     'moodle/course:movesections' => array(
1590         'captype' => 'write',
1591         'contextlevel' => CONTEXT_COURSE,
1592         'archetypes' => array(
1593             'editingteacher' => CAP_ALLOW,
1594             'manager' => CAP_ALLOW
1595         ),
1596         'clonepermissionsfrom' => 'moodle/course:update'
1597     ),
1599     'moodle/site:mnetlogintoremote' => array(
1601         'captype' => 'read',
1602         'contextlevel' => CONTEXT_SYSTEM,
1603         'archetypes' => array(
1604         )
1605     ),
1607     'moodle/grade:viewall' => array(
1608         'riskbitmask' => RISK_PERSONAL,
1609         'captype' => 'read',
1610         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1611         'archetypes' => array(
1612             'teacher' => CAP_ALLOW,
1613             'editingteacher' => CAP_ALLOW,
1614             'manager' => CAP_ALLOW
1615         ),
1616         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1617     ),
1619     'moodle/grade:view' => array(
1620         'captype' => 'read',
1621         'contextlevel' => CONTEXT_COURSE,
1622         'archetypes' => array(
1623             'student' => CAP_ALLOW
1624         )
1625     ),
1627     'moodle/grade:viewhidden' => array(
1628         'riskbitmask' => RISK_PERSONAL,
1629         'captype' => 'read',
1630         'contextlevel' => CONTEXT_COURSE,
1631         'archetypes' => array(
1632             'teacher' => CAP_ALLOW,
1633             'editingteacher' => CAP_ALLOW,
1634             'manager' => CAP_ALLOW
1635         ),
1636         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1637     ),
1639     'moodle/grade:import' => array(
1640         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1641         'captype' => 'write',
1642         'contextlevel' => CONTEXT_COURSE,
1643         'archetypes' => array(
1644             'editingteacher' => CAP_ALLOW,
1645             'manager' => CAP_ALLOW
1646         ),
1647         'clonepermissionsfrom' => 'moodle/course:managegrades'
1648     ),
1650     'moodle/grade:export' => array(
1651         'riskbitmask' => RISK_PERSONAL,
1652         'captype' => 'read',
1653         'contextlevel' => CONTEXT_COURSE,
1654         'archetypes' => array(
1655             'teacher' => CAP_ALLOW,
1656             'editingteacher' => CAP_ALLOW,
1657             'manager' => CAP_ALLOW
1658         ),
1659         'clonepermissionsfrom' => 'moodle/course:managegrades'
1660     ),
1662     'moodle/grade:manage' => array(
1663         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1664         'captype' => 'write',
1665         'contextlevel' => CONTEXT_COURSE,
1666         'archetypes' => array(
1667             'editingteacher' => CAP_ALLOW,
1668             'manager' => CAP_ALLOW
1669         ),
1670         'clonepermissionsfrom' => 'moodle/course:managegrades'
1671     ),
1673     'moodle/grade:edit' => array(
1674         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1675         'captype' => 'write',
1676         'contextlevel' => CONTEXT_COURSE,
1677         'archetypes' => array(
1678             'editingteacher' => CAP_ALLOW,
1679             'manager' => CAP_ALLOW
1680         ),
1681         'clonepermissionsfrom' => 'moodle/course:managegrades'
1682     ),
1684     // ability to define advanced grading forms in activities either from scratch
1685     // or from a shared template
1686     'moodle/grade:managegradingforms' => array(
1687         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1688         'captype' => 'write',
1689         'contextlevel' => CONTEXT_COURSE,
1690         'archetypes' => array(
1691             'editingteacher' => CAP_ALLOW,
1692             'manager' => CAP_ALLOW
1693         ),
1694         'clonepermissionsfrom' => 'moodle/course:managegrades'
1695     ),
1697     // ability to save a grading form as a new shared template and eventually edit
1698     // and remove own templates (templates originally shared by that user)
1699     'moodle/grade:sharegradingforms' => array(
1700         'riskbitmask' => RISK_XSS,
1701         'captype' => 'write',
1702         'contextlevel' => CONTEXT_SYSTEM,
1703         'archetypes' => array(
1704             'manager' => CAP_ALLOW
1705         ),
1706     ),
1708     // ability to edit and remove any shared template, even those originally shared
1709     // by other users
1710     'moodle/grade:managesharedforms' => array(
1711         'riskbitmask' => RISK_XSS,
1712         'captype' => 'write',
1713         'contextlevel' => CONTEXT_SYSTEM,
1714         'archetypes' => array(
1715             'manager' => CAP_ALLOW
1716         ),
1717     ),
1719     'moodle/grade:manageoutcomes' => array(
1720         'captype' => 'write',
1721         'contextlevel' => CONTEXT_COURSE,
1722         'archetypes' => array(
1723             'editingteacher' => CAP_ALLOW,
1724             'manager' => CAP_ALLOW
1725         ),
1726         'clonepermissionsfrom' => 'moodle/course:managegrades'
1727     ),
1729     'moodle/grade:manageletters' => array(
1730         'captype' => 'write',
1731         'contextlevel' => CONTEXT_COURSE,
1732         'archetypes' => array(
1733             'editingteacher' => CAP_ALLOW,
1734             'manager' => CAP_ALLOW
1735         ),
1736         'clonepermissionsfrom' => 'moodle/course:managegrades'
1737     ),
1739     'moodle/grade:hide' => array(
1740         'captype' => 'write',
1741         'contextlevel' => CONTEXT_COURSE,
1742         'archetypes' => array(
1743             'editingteacher' => CAP_ALLOW,
1744             'manager' => CAP_ALLOW
1745         )
1746     ),
1748     'moodle/grade:lock' => array(
1749         'captype' => 'write',
1750         'contextlevel' => CONTEXT_COURSE,
1751         'archetypes' => array(
1752             'editingteacher' => CAP_ALLOW,
1753             'manager' => CAP_ALLOW
1754         )
1755     ),
1757     'moodle/grade:unlock' => array(
1758         'captype' => 'write',
1759         'contextlevel' => CONTEXT_COURSE,
1760         'archetypes' => array(
1761             'editingteacher' => CAP_ALLOW,
1762             'manager' => CAP_ALLOW
1763         )
1764     ),
1766     'moodle/my:manageblocks' => array(
1767         'captype' => 'write',
1768         'contextlevel' => CONTEXT_SYSTEM,
1769         'archetypes' => array(
1770             'user' => CAP_ALLOW
1771         )
1772     ),
1774     'moodle/notes:view' => array(
1775         'captype' => 'read',
1776         'contextlevel' => CONTEXT_COURSE,
1777         'archetypes' => array(
1778             'teacher' => CAP_ALLOW,
1779             'editingteacher' => CAP_ALLOW,
1780             'manager' => CAP_ALLOW
1781         )
1782     ),
1784     'moodle/notes:manage' => array(
1785         'riskbitmask' => RISK_SPAM,
1787         'captype' => 'write',
1788         'contextlevel' => CONTEXT_COURSE,
1789         'archetypes' => array(
1790             'teacher' => CAP_ALLOW,
1791             'editingteacher' => CAP_ALLOW,
1792             'manager' => CAP_ALLOW
1793         )
1794     ),
1796     'moodle/tag:manage' => array(
1797         'riskbitmask' => RISK_SPAM,
1799         'captype' => 'write',
1800         'contextlevel' => CONTEXT_SYSTEM,
1801         'archetypes' => array(
1802             'manager' => CAP_ALLOW
1803         )
1804     ),
1806     'moodle/tag:edit' => array(
1807         'riskbitmask' => RISK_SPAM,
1809         'captype' => 'write',
1810         'contextlevel' => CONTEXT_SYSTEM,
1811         'archetypes' => array(
1812             'manager' => CAP_ALLOW
1813         )
1814     ),
1816     'moodle/tag:flag' => array(
1817         'riskbitmask' => RISK_SPAM,
1819         'captype' => 'write',
1820         'contextlevel' => CONTEXT_SYSTEM,
1821         'archetypes' => array(
1822             'user' => CAP_ALLOW
1823         )
1824     ),
1826     'moodle/tag:editblocks' => array(
1827         'captype' => 'write',
1828         'contextlevel' => CONTEXT_SYSTEM,
1829         'archetypes' => array(
1830             'teacher' => CAP_ALLOW,
1831             'editingteacher' => CAP_ALLOW,
1832             'manager' => CAP_ALLOW
1833         )
1834     ),
1836     'moodle/block:view' => array(
1837         'captype' => 'read',
1838         'contextlevel' => CONTEXT_BLOCK,
1839         'archetypes' => array(
1840             'guest' => CAP_ALLOW,
1841             'user' => CAP_ALLOW,
1842             'student' => CAP_ALLOW,
1843             'teacher' => CAP_ALLOW,
1844             'editingteacher' => CAP_ALLOW,
1845         )
1846     ),
1848     'moodle/block:edit' => array(
1849         'riskbitmask' => RISK_SPAM | RISK_XSS,
1851         'captype' => 'write',
1852         'contextlevel' => CONTEXT_BLOCK,
1853         'archetypes' => array(
1854             'editingteacher' => CAP_ALLOW,
1855             'manager' => CAP_ALLOW
1856         )
1857     ),
1859     'moodle/portfolio:export' => array(
1860         'captype' => 'read',
1861         'contextlevel' => CONTEXT_SYSTEM,
1862         'archetypes' => array(
1863             'user' => CAP_ALLOW,
1864             'student' => CAP_ALLOW,
1865             'teacher' => CAP_ALLOW,
1866             'editingteacher' => CAP_ALLOW,
1867         )
1868     ),
1869     'moodle/comment:view' => array(
1870         'captype' => 'read',
1871         'contextlevel' => CONTEXT_COURSE,
1872         'archetypes' => array(
1873             'frontpage' => CAP_ALLOW,
1874             'guest' => CAP_ALLOW,
1875             'user' => CAP_ALLOW,
1876             'student' => CAP_ALLOW,
1877             'teacher' => CAP_ALLOW,
1878             'editingteacher' => CAP_ALLOW,
1879             'manager' => CAP_ALLOW
1880         )
1881     ),
1882     'moodle/comment:post' => array(
1884         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1885         'captype' => 'write',
1886         'contextlevel' => CONTEXT_COURSE,
1887         'archetypes' => array(
1888             'user' => CAP_ALLOW,
1889             'student' => CAP_ALLOW,
1890             'teacher' => CAP_ALLOW,
1891             'editingteacher' => CAP_ALLOW,
1892             'manager' => CAP_ALLOW
1893         )
1894     ),
1895     'moodle/comment:delete' => array(
1897         'riskbitmask' => RISK_DATALOSS,
1898         'captype' => 'write',
1899         'contextlevel' => CONTEXT_COURSE,
1900         'archetypes' => array(
1901             'editingteacher' => CAP_ALLOW,
1902             'manager' => CAP_ALLOW
1903         )
1904     ),
1905     'moodle/webservice:createtoken' => array(
1907         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1908         'captype' => 'write',
1909         'contextlevel' => CONTEXT_SYSTEM,
1910         'archetypes' => array(
1911             'manager' => CAP_ALLOW
1912         )
1913     ),
1914     'moodle/webservice:managealltokens' => array(
1916         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL,
1917         'captype' => 'write',
1918         'contextlevel' => CONTEXT_SYSTEM,
1919         'archetypes' => array()
1920     ),
1921     'moodle/webservice:createmobiletoken' => array(
1923         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1924         'captype' => 'write',
1925         'contextlevel' => CONTEXT_SYSTEM,
1926         'archetypes' => array(
1927             'user' => CAP_ALLOW
1928         )
1929     ),
1930     'moodle/rating:view' => array(
1932         'captype' => 'read',
1933         'contextlevel' => CONTEXT_COURSE,
1934         'archetypes' => array(
1935             'user' => CAP_ALLOW,
1936             'student' => CAP_ALLOW,
1937             'teacher' => CAP_ALLOW,
1938             'editingteacher' => CAP_ALLOW,
1939             'manager' => CAP_ALLOW
1940         )
1941     ),
1942     'moodle/rating:viewany' => array(
1944         'riskbitmask' => RISK_PERSONAL,
1945         'captype' => 'read',
1946         'contextlevel' => CONTEXT_COURSE,
1947         'archetypes' => array(
1948             'user' => CAP_ALLOW,
1949             'student' => CAP_ALLOW,
1950             'teacher' => CAP_ALLOW,
1951             'editingteacher' => CAP_ALLOW,
1952             'manager' => CAP_ALLOW
1953         )
1954     ),
1955     'moodle/rating:viewall' => array(
1957         'riskbitmask' => RISK_PERSONAL,
1958         'captype' => 'read',
1959         'contextlevel' => CONTEXT_COURSE,
1960         'archetypes' => array(
1961             'user' => CAP_ALLOW,
1962             'student' => CAP_ALLOW,
1963             'teacher' => CAP_ALLOW,
1964             'editingteacher' => CAP_ALLOW,
1965             'manager' => CAP_ALLOW
1966         )
1967     ),
1968     'moodle/rating:rate' => array(
1970         'captype' => 'write',
1971         'contextlevel' => CONTEXT_COURSE,
1972         'archetypes' => array(
1973             'user' => CAP_ALLOW,
1974             'student' => CAP_ALLOW,
1975             'teacher' => CAP_ALLOW,
1976             'editingteacher' => CAP_ALLOW,
1977             'manager' => CAP_ALLOW
1978         )
1979     ),
1980     'moodle/course:markcomplete' => array(
1981         'captype' => 'write',
1982         'contextlevel' => CONTEXT_COURSE,
1983         'archetypes' => array(
1984             'teacher' => CAP_ALLOW,
1985             'editingteacher' => CAP_ALLOW,
1986             'manager' => CAP_ALLOW
1987         )
1988     ),
1989     'moodle/course:overridecompletion' => array(
1990         'captype' => 'write',
1991         'contextlevel' => CONTEXT_COURSE,
1992         'archetypes' => array(
1993             'teacher' => CAP_ALLOW,
1994             'editingteacher' => CAP_ALLOW,
1995             'manager' => CAP_ALLOW
1996         )
1997     ),
1999     // Badges.
2000     'moodle/badges:manageglobalsettings' => array(
2001         'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
2002         'captype'      => 'write',
2003         'contextlevel' => CONTEXT_SYSTEM,
2004         'archetypes'   => array(
2005             'manager'       => CAP_ALLOW,
2006         )
2007     ),
2009     // View available badges without earning them.
2010     'moodle/badges:viewbadges' => array(
2011         'captype'       => 'read',
2012         'contextlevel'  => CONTEXT_COURSE,
2013         'archetypes'    => array(
2014             'user'          => CAP_ALLOW,
2015         )
2016     ),
2018     // Manage badges on own private badges page.
2019     'moodle/badges:manageownbadges' => array(
2020         'riskbitmap'    => RISK_SPAM,
2021         'captype'       => 'write',
2022         'contextlevel'  => CONTEXT_USER,
2023         'archetypes'    => array(
2024             'user'    => CAP_ALLOW
2025         )
2026     ),
2028     // View public badges in other users' profiles.
2029     'moodle/badges:viewotherbadges' => array(
2030         'riskbitmap'    => RISK_PERSONAL,
2031         'captype'       => 'read',
2032         'contextlevel'  => CONTEXT_USER,
2033         'archetypes'    => array(
2034             'user'    => CAP_ALLOW
2035         )
2036     ),
2038     // Earn badge.
2039     'moodle/badges:earnbadge' => array(
2040         'captype'       => 'write',
2041         'contextlevel'  => CONTEXT_COURSE,
2042         'archetypes'    => array(
2043             'user'           => CAP_ALLOW,
2044         )
2045     ),
2047     // Create/duplicate badges.
2048     'moodle/badges:createbadge' => array(
2049         'riskbitmask'  => RISK_SPAM,
2050         'captype'      => 'write',
2051         'contextlevel' => CONTEXT_COURSE,
2052         'archetypes'   => array(
2053             'manager'        => CAP_ALLOW,
2054             'editingteacher' => CAP_ALLOW,
2055         )
2056     ),
2058     // Delete badges.
2059     'moodle/badges:deletebadge' => array(
2060         'riskbitmask'  => RISK_DATALOSS,
2061         'captype'      => 'write',
2062         'contextlevel' => CONTEXT_COURSE,
2063         'archetypes'   => array(
2064             'manager'        => CAP_ALLOW,
2065             'editingteacher' => CAP_ALLOW,
2066         )
2067     ),
2069     // Set up/edit badge details.
2070     'moodle/badges:configuredetails' => array(
2071         'riskbitmask'  => RISK_SPAM,
2072         'captype'      => 'write',
2073         'contextlevel' => CONTEXT_COURSE,
2074         'archetypes'   => array(
2075             'manager'        => CAP_ALLOW,
2076             'editingteacher' => CAP_ALLOW,
2077         )
2078     ),
2080     // Set up/edit criteria of earning a badge.
2081     'moodle/badges:configurecriteria' => array(
2082         'riskbitmask'  => RISK_XSS,
2083         'captype'      => 'write',
2084         'contextlevel' => CONTEXT_COURSE,
2085         'archetypes'   => array(
2086             'manager'        => CAP_ALLOW,
2087             'editingteacher' => CAP_ALLOW,
2088         )
2089     ),
2091     // Configure badge messages.
2092     'moodle/badges:configuremessages' => array(
2093         'riskbitmask'  => RISK_SPAM,
2094         'captype'      => 'write',
2095         'contextlevel' => CONTEXT_COURSE,
2096         'archetypes'   => array(
2097             'manager'        => CAP_ALLOW,
2098             'editingteacher' => CAP_ALLOW,
2099         )
2100     ),
2102     // Award badge to a user.
2103     'moodle/badges:awardbadge' => array(
2104         'riskbitmask'  => RISK_SPAM,
2105         'captype'      => 'write',
2106         'contextlevel' => CONTEXT_COURSE,
2107         'archetypes'   => array(
2108             'manager'        => CAP_ALLOW,
2109             'teacher'        => CAP_ALLOW,
2110             'editingteacher' => CAP_ALLOW,
2111         )
2112     ),
2114     // Revoke badge from a user.
2115     'moodle/badges:revokebadge' => array(
2116         'riskbitmask'  => RISK_SPAM,
2117         'captype'      => 'write',
2118         'contextlevel' => CONTEXT_COURSE,
2119         'archetypes'   => array(
2120             'manager'        => CAP_ALLOW,
2121             'teacher'        => CAP_ALLOW,
2122             'editingteacher' => CAP_ALLOW,
2123         )
2124     ),
2126     // View users who earned a specific badge without being able to award a badge.
2127     'moodle/badges:viewawarded' => array(
2128         'riskbitmask'  => RISK_PERSONAL,
2129         'captype'      => 'read',
2130         'contextlevel' => CONTEXT_COURSE,
2131         'archetypes'   => array(
2132                 'manager'        => CAP_ALLOW,
2133                 'teacher'        => CAP_ALLOW,
2134                 'editingteacher' => CAP_ALLOW,
2135         )
2136     ),
2138     'moodle/site:forcelanguage' => array(
2139         'captype' => 'read',
2140         'contextlevel' => CONTEXT_SYSTEM,
2141         'archetypes' => array(
2142         )
2143     ),
2145     // Perform site-wide search queries through the search API.
2146     'moodle/search:query' => array(
2147         'captype' => 'read',
2148         'contextlevel' => CONTEXT_SYSTEM,
2149         'archetypes' => array(
2150             'guest' => CAP_ALLOW,
2151             'user' => CAP_ALLOW,
2152             'student' => CAP_ALLOW,
2153             'teacher' => CAP_ALLOW,
2154             'editingteacher' => CAP_ALLOW,
2155             'manager' => CAP_ALLOW
2156         )
2157     ),
2159     // Competencies.
2160     'moodle/competency:competencymanage' => array(
2161         'captype' => 'write',
2162         'contextlevel' => CONTEXT_COURSECAT,
2163         'archetypes' => array(
2164             'manager' => CAP_ALLOW
2165         )
2166     ),
2167     'moodle/competency:competencyview' => array(
2168         'captype' => 'read',
2169         'contextlevel' => CONTEXT_COURSECAT,
2170         'archetypes' => array(
2171             'user' => CAP_ALLOW
2172         ),
2173     ),
2174     'moodle/competency:competencygrade' => array(
2175         'captype' => 'write',
2176         'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER.
2177         'archetypes' => array(
2178             'editingteacher' => CAP_ALLOW,
2179             'teacher' => CAP_ALLOW,
2180             'manager' => CAP_ALLOW
2181         ),
2182     ),
2183     // Course competencies.
2184     'moodle/competency:coursecompetencymanage' => array(
2185         'captype' => 'write',
2186         'contextlevel' => CONTEXT_COURSE,
2187         'archetypes' => array(
2188             'editingteacher' => CAP_ALLOW,
2189             'manager' => CAP_ALLOW
2190         ),
2191     ),
2192     'moodle/competency:coursecompetencyconfigure' => array(
2193         'captype' => 'write',
2194         'contextlevel' => CONTEXT_MODULE,
2195         'archetypes' => array(
2196             'manager' => CAP_ALLOW
2197         ),
2198     ),
2199     'moodle/competency:coursecompetencygradable' => array(
2200         'captype' => 'read',
2201         'contextlevel' => CONTEXT_COURSE,
2202         'archetypes' => array(
2203             'student' => CAP_ALLOW
2204         ),
2205         'clonepermissionsfrom' => 'moodle/course:isincompletionreports'
2206     ),
2207     'moodle/competency:coursecompetencyview' => array(
2208         'captype' => 'read',
2209         'contextlevel' => CONTEXT_COURSE,
2210         'archetypes' => array(
2211             'user' => CAP_ALLOW
2212         ),
2213     ),
2214     // Evidence.
2215     'moodle/competency:evidencedelete' => array(
2216         'captype' => 'write',
2217         'contextlevel' => CONTEXT_USER,
2218         'archetypes' => array(
2219         ),
2220         'clonepermissionsfrom' => 'moodle/site:config'
2221     ),
2222     // User plans.
2223     'moodle/competency:planmanage' => array(
2224         'captype' => 'write',
2225         'contextlevel' => CONTEXT_USER,
2226         'archetypes' => array(
2227             'manager' => CAP_ALLOW
2228         ),
2229     ),
2230     'moodle/competency:planmanagedraft' => array(
2231         'captype' => 'write',
2232         'contextlevel' => CONTEXT_USER,
2233         'archetypes' => array(
2234             'manager' => CAP_ALLOW
2235         ),
2236     ),
2237     'moodle/competency:planmanageown' => array(
2238         'captype' => 'write',
2239         'contextlevel' => CONTEXT_USER,
2240         'archetypes' => array(
2241         ),
2242     ),
2243     'moodle/competency:planmanageowndraft' => array(
2244         'captype' => 'write',
2245         'contextlevel' => CONTEXT_USER,
2246         'archetypes' => array(
2247         ),
2248     ),
2249     'moodle/competency:planview' => array(
2250         'captype' => 'read',
2251         'contextlevel' => CONTEXT_USER,
2252         'archetypes' => array(
2253             'manager' => CAP_ALLOW
2254         ),
2255     ),
2256     'moodle/competency:planviewdraft' => array(
2257         'captype' => 'read',
2258         'contextlevel' => CONTEXT_USER,
2259         'archetypes' => array(
2260             'manager' => CAP_ALLOW
2261         ),
2262     ),
2263     'moodle/competency:planviewown' => array(
2264         'captype' => 'read',
2265         'contextlevel' => CONTEXT_USER,
2266         'archetypes' => array(
2267             'user' => CAP_ALLOW
2268         ),
2269     ),
2270     'moodle/competency:planviewowndraft' => array(
2271         'captype' => 'read',
2272         'contextlevel' => CONTEXT_USER,
2273         'archetypes' => array(
2274         ),
2275     ),
2276     'moodle/competency:planrequestreview' => array(
2277         'captype' => 'write',
2278         'contextlevel' => CONTEXT_USER,
2279         'archetypes' => array(
2280             'manager' => CAP_ALLOW
2281         )
2282     ),
2283     'moodle/competency:planrequestreviewown' => array(
2284         'captype' => 'write',
2285         'contextlevel' => CONTEXT_USER,
2286         'archetypes' => array(
2287             'user' => CAP_ALLOW
2288         )
2289     ),
2290     'moodle/competency:planreview' => array(
2291         'captype' => 'write',
2292         'contextlevel' => CONTEXT_USER,
2293         'archetypes' => array(
2294             'manager' => CAP_ALLOW
2295         ),
2296     ),
2297     'moodle/competency:plancomment' => array(
2298         'captype' => 'write',
2299         'contextlevel' => CONTEXT_USER,
2300         'archetypes' => array(
2301             'manager' => CAP_ALLOW
2302         ),
2303     ),
2304     'moodle/competency:plancommentown' => array(
2305         'captype' => 'write',
2306         'contextlevel' => CONTEXT_USER,
2307         'archetypes' => array(
2308             'user' => CAP_ALLOW
2309         ),
2310     ),
2311     // User competencies.
2312     'moodle/competency:usercompetencyview' => array(
2313         'captype' => 'read',
2314         'contextlevel' => CONTEXT_USER,     // And CONTEXT_COURSE.
2315         'archetypes' => array(
2316             'manager' => CAP_ALLOW,
2317             'editingteacher' => CAP_ALLOW,
2318             'teacher' => CAP_ALLOW
2319         )
2320     ),
2321     'moodle/competency:usercompetencyrequestreview' => array(
2322         'captype' => 'write',
2323         'contextlevel' => CONTEXT_USER,
2324         'archetypes' => array(
2325             'manager' => CAP_ALLOW
2326         )
2327     ),
2328     'moodle/competency:usercompetencyrequestreviewown' => array(
2329         'captype' => 'write',
2330         'contextlevel' => CONTEXT_USER,
2331         'archetypes' => array(
2332             'user' => CAP_ALLOW
2333         )
2334     ),
2335     'moodle/competency:usercompetencyreview' => array(
2336         'captype' => 'write',
2337         'contextlevel' => CONTEXT_USER,
2338         'archetypes' => array(
2339             'manager' => CAP_ALLOW
2340         ),
2341     ),
2342     'moodle/competency:usercompetencycomment' => array(
2343         'captype' => 'write',
2344         'contextlevel' => CONTEXT_USER,
2345         'archetypes' => array(
2346             'manager' => CAP_ALLOW
2347         ),
2348     ),
2349     'moodle/competency:usercompetencycommentown' => array(
2350         'captype' => 'write',
2351         'contextlevel' => CONTEXT_USER,
2352         'archetypes' => array(
2353             'user' => CAP_ALLOW
2354         ),
2355     ),
2356     // Template.
2357     'moodle/competency:templatemanage' => array(
2358         'captype' => 'write',
2359         'contextlevel' => CONTEXT_COURSECAT,
2360         'archetypes' => array(
2361             'manager' => CAP_ALLOW
2362         ),
2363     ),
2364     'moodle/analytics:listinsights' => array(
2365         'riskbitmask' => RISK_PERSONAL,
2366         'captype' => 'read',
2367         'contextlevel' => CONTEXT_COURSE,
2368         'archetypes' => array(
2369             'teacher' => CAP_ALLOW,
2370             'editingteacher' => CAP_ALLOW,
2371             'manager' => CAP_ALLOW
2372         )
2373     ),
2374     'moodle/analytics:managemodels' => array(
2375         'riskbitmask' => RISK_CONFIG,
2376         'captype' => 'write',
2377         'contextlevel' => CONTEXT_SYSTEM,
2378         'archetypes' => array(
2379             'manager' => CAP_ALLOW
2380         ),
2381     ),
2382     'moodle/competency:templateview' => array(
2383         'captype' => 'read',
2384         'contextlevel' => CONTEXT_COURSECAT,
2385         'archetypes' => array(
2386             'manager' => CAP_ALLOW
2387         ),
2388     ),
2389     // User evidence.
2390     'moodle/competency:userevidencemanage' => array(
2391         'captype' => 'write',
2392         'contextlevel' => CONTEXT_USER,
2393         'archetypes' => array(
2394             'manager' => CAP_ALLOW
2395         ),
2396     ),
2397     'moodle/competency:userevidencemanageown' => array(
2398         'captype' => 'write',
2399         'contextlevel' => CONTEXT_USER,
2400         'archetypes' => array(
2401             'user' => CAP_ALLOW
2402         ),
2403     ),
2404     'moodle/competency:userevidenceview' => array(
2405         'captype' => 'read',
2406         'contextlevel' => CONTEXT_USER,
2407         'archetypes' => array(
2408             'manager' => CAP_ALLOW
2409         ),
2410     ),
2411     'moodle/site:maintenanceaccess' => array(
2412         'captype' => 'write',
2413         'contextlevel' => CONTEXT_SYSTEM,
2414         'archetypes' => array(
2415         )
2416     ),
2417     // Allow message any user, regardlesss of the privacy preferences for messaging.
2418     'moodle/site:messageanyuser' => array(
2419         'riskbitmask' => RISK_SPAM,
2420         'captype' => 'write',
2421         'contextlevel' => CONTEXT_SYSTEM,
2422         'archetypes' => array(
2423             'teacher' => CAP_ALLOW,
2424             'editingteacher' => CAP_ALLOW,
2425             'manager' => CAP_ALLOW
2426         )
2427     ),
2429     // Context locking/unlocking.
2430     'moodle/site:managecontextlocks' => [
2431         'captype' => 'write',
2432         'contextlevel' => CONTEXT_MODULE,
2433         'archetypes' => [
2434         ],
2435     ],
2437     // Manual completion toggling.
2438     'moodle/course:togglecompletion' => [
2439         'captype' => 'write',
2440         'contextlevel' => CONTEXT_MODULE,
2441         'archetypes' => [
2442             'user' => CAP_ALLOW,
2443         ],
2444     ],
2446     'moodle/analytics:listowninsights' => array(
2447         'captype' => 'read',
2448         'contextlevel' => CONTEXT_SYSTEM,
2449         'archetypes' => array(
2450             'user' => CAP_ALLOW
2451         )
2452     ),
2454     // Set display option buttons to an H5P content.
2455     'moodle/h5p:setdisplayoptions' => array(
2456         'captype' => 'write',
2457         'contextlevel' => CONTEXT_MODULE,
2458         'archetypes' => array(
2459             'editingteacher' => CAP_ALLOW,
2460         )
2461     ),
2463     // Allow to deploy H5P content.
2464     'moodle/h5p:deploy' => array(
2465         'riskbitmask' => RISK_XSS,
2466         'captype' => 'write',
2467         'contextlevel' => CONTEXT_MODULE,
2468         'archetypes' => array(
2469             'manager'        => CAP_ALLOW,
2470             'editingteacher' => CAP_ALLOW,
2471         )
2472     ),
2474     // Allow to update H5P content-type libraries.
2475     'moodle/h5p:updatelibraries' => [
2476         'riskbitmask' => RISK_XSS,
2477         'captype' => 'write',
2478         'contextlevel' => CONTEXT_MODULE,
2479         'archetypes' => [
2480             'manager' => CAP_ALLOW,
2481         ]
2482     ],
2484     // Allow users to recommend activities in the activity chooser.
2485     'moodle/course:recommendactivity' => [
2486         'captype' => 'write',
2487         'contextlevel' => CONTEXT_SYSTEM,
2488         'archetypes' => [
2489             'manager' => CAP_ALLOW,
2490         ]
2491     ],
2493     // Content bank capabilities.
2494     'moodle/contentbank:access' => array(
2495         'captype' => 'read',
2496         'contextlevel' => CONTEXT_COURSE,
2497         'archetypes' => array(
2498             'manager' => CAP_ALLOW,
2499             'coursecreator' => CAP_ALLOW,
2500             'editingteacher' => CAP_ALLOW,
2501         )
2502     ),
2504     'moodle/contentbank:upload' => array(
2505         'riskbitmask' => RISK_SPAM,
2506         'captype' => 'write',
2507         'contextlevel' => CONTEXT_COURSE,
2508         'archetypes' => array(
2509             'manager' => CAP_ALLOW,
2510             'coursecreator' => CAP_ALLOW,
2511             'editingteacher' => CAP_ALLOW,
2512         )
2513     ),
2515     // Delete any content from the content bank.
2516     'moodle/contentbank:deleteanycontent' => [
2517         'riskbitmask' => RISK_DATALOSS,
2518         'captype' => 'write',
2519         'contextlevel' => CONTEXT_COURSE,
2520         'archetypes' => [
2521             'manager' => CAP_ALLOW,
2522             'coursecreator' => CAP_ALLOW,
2523         ]
2524     ],
2526     // Delete content created by yourself.
2527     'moodle/contentbank:deleteowncontent' => [
2528         'captype' => 'write',
2529         'contextlevel' => CONTEXT_COURSE,
2530         'archetypes' => [
2531             'user' => CAP_ALLOW,
2532         ]
2533     ],
2535     // Manage (rename, move, publish, share, etc.) any content from the content bank.
2536     'moodle/contentbank:manageanycontent' => [
2537         'riskbitmask' => RISK_DATALOSS,
2538         'captype' => 'write',
2539         'contextlevel' => CONTEXT_COURSE,
2540         'archetypes' => array(
2541             'manager' => CAP_ALLOW,
2542             'coursecreator' => CAP_ALLOW,
2543         )
2544     ],
2546     // Manage (rename, move, publish, share, etc.) content created by yourself.
2547     'moodle/contentbank:manageowncontent' => [
2548         'captype' => 'write',
2549         'contextlevel' => CONTEXT_COURSE,
2550         'archetypes' => array(
2551             'manager' => CAP_ALLOW,
2552             'coursecreator' => CAP_ALLOW,
2553             'editingteacher' => CAP_ALLOW,
2554         )
2555     ],
2557     // Allow users to create/edit content within the content bank.
2558     'moodle/contentbank:useeditor' => [
2559         'riskbitmask' => RISK_SPAM,
2560         'captype' => 'write',
2561         'contextlevel' => CONTEXT_COURSE,
2562         'archetypes' => array(
2563             'manager' => CAP_ALLOW,
2564             'coursecreator' => CAP_ALLOW,
2565             'editingteacher' => CAP_ALLOW,
2566         )
2567     ],
2569     // Allow users to download content.
2570     'moodle/contentbank:downloadcontent' => [
2571         'captype' => 'read',
2572         'contextlevel' => CONTEXT_COURSE,
2573         'archetypes' => [
2574             'manager' => CAP_ALLOW,
2575             'coursecreator' => CAP_ALLOW,
2576             'editingteacher' => CAP_ALLOW,
2577         ]
2578     ],
2579 );