56b8f5a4aa084f9e504f8ff03b282a7b73acb2d9
[moodle.git] / lib / db / access.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * Capability definitions for Moodle core.
20  *
21  * The capabilities are loaded into the database table when the module is
22  * installed or updated. Whenever the capability definitions are updated,
23  * the module version number should be bumped up.
24  *
25  * The system has four possible values for a capability:
26  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
27  *
28  *
29  * CAPABILITY NAMING CONVENTION
30  *
31  * It is important that capability names are unique. The naming convention
32  * for capabilities that are specific to modules and blocks is as follows:
33  *   [mod/block]/<plugin_name>:<capabilityname>
34  *
35  * component_name should be the same as the directory name of the mod or block.
36  *
37  * Core moodle capabilities are defined thus:
38  *    moodle/<capabilityclass>:<capabilityname>
39  *
40  * Examples: mod/forum:viewpost
41  *           block/recent_activity:view
42  *           moodle/site:deleteuser
43  *
44  * The variable name for the capability definitions array is $capabilities
45  *
46  * @package    core
47  * @subpackage role
48  * @copyright  2006 onwards Martin Dougiamas  http://dougiamas.com
49  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
50  */
52 defined('MOODLE_INTERNAL') || die();
54 $capabilities = array(
55     'moodle/site:config' => array(
57         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
59         'captype' => 'write',
60         'contextlevel' => CONTEXT_SYSTEM,
61         'archetypes' => array(
62         )
63     ),
65     'moodle/site:readallmessages' => array(
67         'riskbitmask' => RISK_PERSONAL,
69         'captype' => 'read',
70         'contextlevel' => CONTEXT_SYSTEM,
71         'archetypes' => array(
72             'manager' => CAP_ALLOW,
73             'editingteacher' => CAP_ALLOW
74         )
75     ),
77     'moodle/site:sendmessage' => array(
79         'riskbitmask' => RISK_SPAM,
81         'captype' => 'write',
82         'contextlevel' => CONTEXT_SYSTEM,
83         'archetypes' => array(
84             'manager' => CAP_ALLOW,
85             'user' => CAP_ALLOW
86         )
87     ),
89     'moodle/site:approvecourse' => array(
91         'riskbitmask' => RISK_XSS,
93         'captype' => 'write',
94         'contextlevel' => CONTEXT_SYSTEM,
95         'archetypes' => array(
96             'manager' => CAP_ALLOW
97         )
98     ),
100     'moodle/backup:backupcourse' => array(
102         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
104         'captype' => 'write',
105         'contextlevel' => CONTEXT_COURSE,
106         'archetypes' => array(
107             'editingteacher' => CAP_ALLOW,
108             'manager' => CAP_ALLOW
109         ),
111         'clonepermissionsfrom' =>  'moodle/site:backup'
112     ),
114     'moodle/backup:backupsection' => array(
116         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
118         'captype' => 'write',
119         'contextlevel' => CONTEXT_COURSE,
120         'archetypes' => array(
121             'editingteacher' => CAP_ALLOW,
122             'manager' => CAP_ALLOW
123         ),
125         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
126     ),
128     'moodle/backup:backupactivity' => array(
130         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
132         'captype' => 'write',
133         'contextlevel' => CONTEXT_MODULE,
134         'archetypes' => array(
135             'editingteacher' => CAP_ALLOW,
136             'manager' => CAP_ALLOW
137         ),
139         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
140     ),
142     'moodle/backup:backuptargethub' => array(
144         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
146         'captype' => 'write',
147         'contextlevel' => CONTEXT_COURSE,
148         'archetypes' => array(
149             'editingteacher' => CAP_ALLOW,
150             'manager' => CAP_ALLOW
151         ),
153         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
154     ),
156     'moodle/backup:backuptargetimport' => array(
158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
160         'captype' => 'write',
161         'contextlevel' => CONTEXT_COURSE,
162         'archetypes' => array(
163             'editingteacher' => CAP_ALLOW,
164             'manager' => CAP_ALLOW
165         ),
167         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
168     ),
170     'moodle/backup:downloadfile' => array(
172         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
174         'captype' => 'write',
175         'contextlevel' => CONTEXT_COURSE,
176         'archetypes' => array(
177             'editingteacher' => CAP_ALLOW,
178             'manager' => CAP_ALLOW
179         ),
181         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
182     ),
184     'moodle/backup:configure' => array(
186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
188         'captype' => 'write',
189         'contextlevel' => CONTEXT_COURSE,
190         'archetypes' => array(
191             'editingteacher' => CAP_ALLOW,
192             'manager' => CAP_ALLOW
193         )
194     ),
196     'moodle/backup:userinfo' => array(
198         'riskbitmask' => RISK_PERSONAL,
200         'captype' => 'read',
201         'contextlevel' => CONTEXT_COURSE,
202         'archetypes' => array(
203             'manager' => CAP_ALLOW
204         )
205     ),
207     'moodle/backup:anonymise' => array(
209         'riskbitmask' => RISK_PERSONAL,
211         'captype' => 'read',
212         'contextlevel' => CONTEXT_COURSE,
213         'archetypes' => array(
214             'manager' => CAP_ALLOW
215         )
216     ),
218     'moodle/restore:restorecourse' => array(
220         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
222         'captype' => 'write',
223         'contextlevel' => CONTEXT_COURSE,
224         'archetypes' => array(
225             'editingteacher' => CAP_ALLOW,
226             'manager' => CAP_ALLOW
227         ),
229         'clonepermissionsfrom' =>  'moodle/site:restore'
230     ),
232     'moodle/restore:restoresection' => array(
234         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
236         'captype' => 'write',
237         'contextlevel' => CONTEXT_COURSE,
238         'archetypes' => array(
239             'editingteacher' => CAP_ALLOW,
240             'manager' => CAP_ALLOW
241         ),
243         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
244     ),
246     'moodle/restore:restoreactivity' => array(
248         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
250         'captype' => 'write',
251         'contextlevel' => CONTEXT_MODULE,
252         'archetypes' => array(
253             'editingteacher' => CAP_ALLOW,
254             'manager' => CAP_ALLOW
255         ),
257         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
258     ),
260     'moodle/restore:restoretargethub' => array(
262         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
264         'captype' => 'write',
265         'contextlevel' => CONTEXT_COURSE,
266         'archetypes' => array(
267             'editingteacher' => CAP_ALLOW,
268             'manager' => CAP_ALLOW
269         ),
271         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
272     ),
274     'moodle/restore:restoretargetimport' => array(
276         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
278         'captype' => 'write',
279         'contextlevel' => CONTEXT_COURSE,
280         'archetypes' => array(
281             'editingteacher' => CAP_ALLOW,
282             'manager' => CAP_ALLOW
283         ),
285         'clonepermissionsfrom' =>  'moodle/site:import'
286     ),
288     'moodle/restore:uploadfile' => array(
290         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
292         'captype' => 'write',
293         'contextlevel' => CONTEXT_COURSE,
294         'archetypes' => array(
295             'editingteacher' => CAP_ALLOW,
296             'manager' => CAP_ALLOW
297         ),
299         'clonepermissionsfrom' =>  'moodle/site:backupupload'
300     ),
302     'moodle/restore:configure' => array(
304         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
306         'captype' => 'write',
307         'contextlevel' => CONTEXT_COURSE,
308         'archetypes' => array(
309             'editingteacher' => CAP_ALLOW,
310             'manager' => CAP_ALLOW
311         )
312     ),
314     'moodle/restore:rolldates' => array(
316         'captype' => 'write',
317         'contextlevel' => CONTEXT_COURSE,
318         'archetypes' => array(
319             'coursecreator' => CAP_ALLOW,
320             'manager' => CAP_ALLOW
321         )
322     ),
324     'moodle/restore:userinfo' => array(
326         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
328         'captype' => 'write',
329         'contextlevel' => CONTEXT_COURSE,
330         'archetypes' => array(
331             'manager' => CAP_ALLOW
332         )
333     ),
335     'moodle/restore:createuser' => array(
337         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
339         'captype' => 'write',
340         'contextlevel' => CONTEXT_SYSTEM,
341         'archetypes' => array(
342             'manager' => CAP_ALLOW
343         )
344     ),
346     'moodle/site:manageblocks' => array(
348         'riskbitmask' => RISK_SPAM | RISK_XSS,
350         'captype' => 'write',
351         'contextlevel' => CONTEXT_BLOCK,
352         'archetypes' => array(
353             'editingteacher' => CAP_ALLOW,
354             'manager' => CAP_ALLOW
355         )
356     ),
358     'moodle/site:accessallgroups' => array(
360         'captype' => 'read',
361         'contextlevel' => CONTEXT_COURSE,
362         'archetypes' => array(
363             'teacher' => CAP_ALLOW,
364             'editingteacher' => CAP_ALLOW,
365             'manager' => CAP_ALLOW
366         )
367     ),
369     'moodle/site:viewfullnames' => array(
371         'captype' => 'read',
372         'contextlevel' => CONTEXT_COURSE,
373         'archetypes' => array(
374             'teacher' => CAP_ALLOW,
375             'editingteacher' => CAP_ALLOW,
376             'manager' => CAP_ALLOW
377         )
378     ),
380     'moodle/site:viewreports' => array(
382         'riskbitmask' => RISK_PERSONAL,
384         'captype' => 'read',
385         'contextlevel' => CONTEXT_COURSE,
386         'archetypes' => array(
387             'teacher' => CAP_ALLOW,
388             'editingteacher' => CAP_ALLOW,
389             'manager' => CAP_ALLOW
390         )
391     ),
393     'moodle/site:trustcontent' => array(
395         'riskbitmask' => RISK_XSS,
397         'captype' => 'write',
398         'contextlevel' => CONTEXT_COURSE,
399         'archetypes' => array(
400             'editingteacher' => CAP_ALLOW,
401             'manager' => CAP_ALLOW
402         )
403     ),
405     'moodle/site:uploadusers' => array(
407         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
409         'captype' => 'write',
410         'contextlevel' => CONTEXT_SYSTEM,
411         'archetypes' => array(
412             'manager' => CAP_ALLOW
413         )
414     ),
416     // Permission to manage filter setting overrides in subcontexts.
417     'moodle/filter:manage' => array(
419         'captype' => 'write',
420         'contextlevel' => CONTEXT_COURSE,
421         'archetypes' => array(
422             'editingteacher' => CAP_ALLOW,
423             'coursecreator' => CAP_ALLOW,
424             'manager' => CAP_ALLOW,
425         )
426     ),
428     'moodle/user:create' => array(
430         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
432         'captype' => 'write',
433         'contextlevel' => CONTEXT_SYSTEM,
434         'archetypes' => array(
435             'manager' => CAP_ALLOW
436         )
437     ),
439     'moodle/user:delete' => array(
441         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
443         'captype' => 'write',
444         'contextlevel' => CONTEXT_SYSTEM,
445         'archetypes' => array(
446             'manager' => CAP_ALLOW
447         )
448     ),
450     'moodle/user:update' => array(
452         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
454         'captype' => 'write',
455         'contextlevel' => CONTEXT_SYSTEM,
456         'archetypes' => array(
457             'manager' => CAP_ALLOW
458         )
459     ),
461     'moodle/user:viewdetails' => array(
463         'captype' => 'read',
464         'contextlevel' => CONTEXT_COURSE,
465         'archetypes' => array(
466             'guest' => CAP_ALLOW,
467             'student' => CAP_ALLOW,
468             'teacher' => CAP_ALLOW,
469             'editingteacher' => CAP_ALLOW,
470             'manager' => CAP_ALLOW
471         )
472     ),
474     'moodle/user:viewhiddendetails' => array(
476         'riskbitmask' => RISK_PERSONAL,
478         'captype' => 'read',
479         'contextlevel' => CONTEXT_COURSE,
480         'archetypes' => array(
481             'teacher' => CAP_ALLOW,
482             'editingteacher' => CAP_ALLOW,
483             'manager' => CAP_ALLOW
484         )
485     ),
487     'moodle/user:loginas' => array(
489         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
491         'captype' => 'write',
492         'contextlevel' => CONTEXT_COURSE,
493         'archetypes' => array(
494             'manager' => CAP_ALLOW
495         )
496     ),
498     // can the user manage the system default profile page?
499     'moodle/user:managesyspages' => array(
501         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
503         'captype' => 'write',
504         'contextlevel' => CONTEXT_SYSTEM,
505         'archetypes' => array(
506             'manager' => CAP_ALLOW
507         )
508     ),
510     // can the user manage another user's profile page?
511     'moodle/user:manageblocks' => array(
513         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
515         'captype' => 'write',
516         'contextlevel' => CONTEXT_USER
517     ),
519     // can the user manage their own profile page?
520     'moodle/user:manageownblocks' => array(
522         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
524         'captype' => 'write',
525         'contextlevel' => CONTEXT_SYSTEM,
526         'archetypes' => array(
527             'user' => CAP_ALLOW
528         )
529     ),
531     // can the user manage their own files?
532     'moodle/user:manageownfiles' => array(
534         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
536         'captype' => 'write',
537         'contextlevel' => CONTEXT_SYSTEM,
538         'archetypes' => array(
539             'user' => CAP_ALLOW
540         )
541     ),
543     // can the user manage the system default dashboard page?
544     'moodle/my:configsyspages' => array(
546         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
548         'captype' => 'write',
549         'contextlevel' => CONTEXT_SYSTEM,
550         'archetypes' => array(
551             'manager' => CAP_ALLOW
552         )
553     ),
555     'moodle/role:assign' => array(
557         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
559         'captype' => 'write',
560         'contextlevel' => CONTEXT_COURSE,
561         'archetypes' => array(
562             'editingteacher' => CAP_ALLOW,
563             'manager' => CAP_ALLOW
564         )
565     ),
567     'moodle/role:review' => array(
569         'riskbitmask' => RISK_PERSONAL,
571         'captype' => 'read',
572         'contextlevel' => CONTEXT_COURSE,
573         'archetypes' => array(
574             'teacher' => CAP_ALLOW,
575             'editingteacher' => CAP_ALLOW,
576             'manager' => CAP_ALLOW
577         )
578     ),
580     'moodle/role:override' => array(
582         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
584         'captype' => 'write',
585         'contextlevel' => CONTEXT_COURSE,
586         'archetypes' => array(
587             'manager' => CAP_ALLOW
588         )
589     ),
591     'moodle/role:safeoverride' => array(
593         'riskbitmask' => RISK_SPAM,
595         'captype' => 'write',
596         'contextlevel' => CONTEXT_COURSE,
597         'archetypes' => array(
598             'editingteacher' => CAP_ALLOW
599         )
600     ),
602     'moodle/role:manage' => array(
604         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
606         'captype' => 'write',
607         'contextlevel' => CONTEXT_SYSTEM,
608         'archetypes' => array(
609             'manager' => CAP_ALLOW
610         )
611     ),
613     'moodle/role:switchroles' => array(
615         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
617         'captype' => 'read',
618         'contextlevel' => CONTEXT_COURSE,
619         'archetypes' => array(
620             'editingteacher' => CAP_ALLOW,
621             'manager' => CAP_ALLOW
622         )
623     ),
625     // Create, update and delete course categories. (Deleting a course category
626     // does not let you delete the courses it contains, unless you also have
627     // moodle/course: delete.) Creating and deleting requires this permission in
628     // the parent category.
629     'moodle/category:manage' => array(
631         'riskbitmask' => RISK_XSS,
633         'captype' => 'write',
634         'contextlevel' => CONTEXT_COURSECAT,
635         'archetypes' => array(
636             'manager' => CAP_ALLOW
637         ),
638         'clonepermissionsfrom' => 'moodle/category:update'
639     ),
641     'moodle/category:viewhiddencategories' => array(
643         'captype' => 'read',
644         'contextlevel' => CONTEXT_COURSECAT,
645         'archetypes' => array(
646             'coursecreator' => CAP_ALLOW,
647             'manager' => CAP_ALLOW
648         ),
649         'clonepermissionsfrom' => 'moodle/category:visibility'
650     ),
652     // create, delete, move cohorts in system and course categories,
653     // (cohorts with component !== null can be only moved)
654     'moodle/cohort:manage' => array(
656         'captype' => 'write',
657         'contextlevel' => CONTEXT_COURSECAT,
658         'archetypes' => array(
659             'manager' => CAP_ALLOW
660         )
661     ),
663     // add and remove cohort members (only for cohorts where component !== null)
664     'moodle/cohort:assign' => array(
666         'captype' => 'write',
667         'contextlevel' => CONTEXT_COURSECAT,
668         'archetypes' => array(
669             'manager' => CAP_ALLOW
670         )
671     ),
673     // view members of a cohort, this can be used in course context too,
674     // this also controls the ability to actually use cohort
675     'moodle/cohort:view' => array(
677         'captype' => 'read',
678         'contextlevel' => CONTEXT_COURSE,
679         'archetypes' => array(
680             'editingteacher' => CAP_ALLOW,
681             'manager' => CAP_ALLOW
682         )
683     ),
685     'moodle/course:create' => array(
687         'riskbitmask' => RISK_XSS,
689         'captype' => 'write',
690         'contextlevel' => CONTEXT_COURSECAT,
691         'archetypes' => array(
692             'coursecreator' => CAP_ALLOW,
693             'manager' => CAP_ALLOW
694         )
695     ),
697     'moodle/course:request' => array(
698         'captype' => 'write',
699         'contextlevel' => CONTEXT_SYSTEM,
700         'archetypes' => array(
701             'user' => CAP_ALLOW,
702         )
703     ),
705     'moodle/course:delete' => array(
707         'riskbitmask' => RISK_DATALOSS,
709         'captype' => 'write',
710         'contextlevel' => CONTEXT_COURSE,
711         'archetypes' => array(
712             'editingteacher' => CAP_ALLOW,
713             'manager' => CAP_ALLOW
714         )
715     ),
717     'moodle/course:update' => array(
719         'riskbitmask' => RISK_XSS,
721         'captype' => 'write',
722         'contextlevel' => CONTEXT_COURSE,
723         'archetypes' => array(
724             'editingteacher' => CAP_ALLOW,
725             'manager' => CAP_ALLOW
726         )
727     ),
729     'moodle/course:view' => array(
731         'captype' => 'read',
732         'contextlevel' => CONTEXT_COURSE,
733         'archetypes' => array(
734             'manager' => CAP_ALLOW,
735         )
736     ),
738     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
739     'moodle/course:enrolreview' => array(
741         'riskbitmask' => RISK_PERSONAL,
743         'captype' => 'read',
744         'contextlevel' => CONTEXT_COURSE,
745         'archetypes' => array(
746             'editingteacher' => CAP_ALLOW,
747             'manager' => CAP_ALLOW,
748         )
749     ),
751     /* add, remove, hide enrol instances in courses */
752     'moodle/course:enrolconfig' => array(
754         'riskbitmask' => RISK_PERSONAL,
756         'captype' => 'write',
757         'contextlevel' => CONTEXT_COURSE,
758         'archetypes' => array(
759             'editingteacher' => CAP_ALLOW,
760             'manager' => CAP_ALLOW,
761         )
762     ),
764     'moodle/course:bulkmessaging' => array(
766         'riskbitmask' => RISK_SPAM,
768         'captype' => 'write',
769         'contextlevel' => CONTEXT_COURSE,
770         'archetypes' => array(
771             'teacher' => CAP_ALLOW,
772             'editingteacher' => CAP_ALLOW,
773             'manager' => CAP_ALLOW
774         )
775     ),
777     'moodle/course:viewhiddenuserfields' => array(
779         'riskbitmask' => RISK_PERSONAL,
781         'captype' => 'read',
782         'contextlevel' => CONTEXT_COURSE,
783         'archetypes' => array(
784             'teacher' => CAP_ALLOW,
785             'editingteacher' => CAP_ALLOW,
786             'manager' => CAP_ALLOW
787         )
788     ),
790     'moodle/course:viewhiddencourses' => array(
792         'captype' => 'read',
793         'contextlevel' => CONTEXT_COURSE,
794         'archetypes' => array(
795             'coursecreator' => CAP_ALLOW,
796             'teacher' => CAP_ALLOW,
797             'editingteacher' => CAP_ALLOW,
798             'manager' => CAP_ALLOW
799         )
800     ),
802     'moodle/course:visibility' => array(
804         'captype' => 'write',
805         'contextlevel' => CONTEXT_COURSE,
806         'archetypes' => array(
807             'editingteacher' => CAP_ALLOW,
808             'manager' => CAP_ALLOW
809         )
810     ),
812     'moodle/course:managefiles' => array(
814         'riskbitmask' => RISK_XSS,
816         'captype' => 'write',
817         'contextlevel' => CONTEXT_COURSE,
818         'archetypes' => array(
819             'editingteacher' => CAP_ALLOW,
820             'manager' => CAP_ALLOW
821         )
822     ),
824     'moodle/course:manageactivities' => array(
826         'riskbitmask' => RISK_XSS,
828         'captype' => 'write',
829         'contextlevel' => CONTEXT_COURSE,
830         'archetypes' => array(
831             'editingteacher' => CAP_ALLOW,
832             'manager' => CAP_ALLOW
833         )
834     ),
836     'moodle/course:activityvisibility' => array(
838         'captype' => 'write',
839         'contextlevel' => CONTEXT_COURSE,
840         'archetypes' => array(
841             'editingteacher' => CAP_ALLOW,
842             'manager' => CAP_ALLOW
843         )
844     ),
846     'moodle/course:viewhiddenactivities' => array(
848         'captype' => 'write',
849         'contextlevel' => CONTEXT_COURSE,
850         'archetypes' => array(
851             'teacher' => CAP_ALLOW,
852             'editingteacher' => CAP_ALLOW,
853             'manager' => CAP_ALLOW
854         )
855     ),
857     'moodle/course:viewparticipants' => array(
859         'captype' => 'read',
860         'contextlevel' => CONTEXT_COURSE,
861         'archetypes' => array(
862             'student' => CAP_ALLOW,
863             'teacher' => CAP_ALLOW,
864             'editingteacher' => CAP_ALLOW,
865             'manager' => CAP_ALLOW
866         )
867     ),
869     'moodle/course:changefullname' => array(
871         'riskbitmask' => RISK_XSS,
873         'captype' => 'write',
874         'contextlevel' => CONTEXT_COURSE,
875         'archetypes' => array(
876             'editingteacher' => CAP_ALLOW,
877             'manager' => CAP_ALLOW
878         ),
879         'clonepermissionsfrom' => 'moodle/course:update'
880     ),
882     'moodle/course:changeshortname' => array(
884         'riskbitmask' => RISK_XSS,
886         'captype' => 'write',
887         'contextlevel' => CONTEXT_COURSE,
888         'archetypes' => array(
889             'editingteacher' => CAP_ALLOW,
890             'manager' => CAP_ALLOW
891         ),
892         'clonepermissionsfrom' => 'moodle/course:update'
893     ),
895     'moodle/course:changeidnumber' => array(
897         'riskbitmask' => RISK_XSS,
899         'captype' => 'write',
900         'contextlevel' => CONTEXT_COURSE,
901         'archetypes' => array(
902             'editingteacher' => CAP_ALLOW,
903             'manager' => CAP_ALLOW
904         ),
905         'clonepermissionsfrom' => 'moodle/course:update'
906     ),
907     'moodle/course:changecategory' => array(
908         'riskbitmask' => RISK_XSS,
910         'captype' => 'write',
911         'contextlevel' => CONTEXT_COURSE,
912         'archetypes' => array(
913             'editingteacher' => CAP_ALLOW,
914             'manager' => CAP_ALLOW
915         ),
916         'clonepermissionsfrom' => 'moodle/course:update'
917     ),
919     'moodle/course:changesummary' => array(
920         'riskbitmask' => RISK_XSS,
922         'captype' => 'write',
923         'contextlevel' => CONTEXT_COURSE,
924         'archetypes' => array(
925             'editingteacher' => CAP_ALLOW,
926             'manager' => CAP_ALLOW
927         ),
928         'clonepermissionsfrom' => 'moodle/course:update'
929     ),
932     'moodle/site:viewparticipants' => array(
934         'captype' => 'read',
935         'contextlevel' => CONTEXT_SYSTEM,
936         'archetypes' => array(
937             'manager' => CAP_ALLOW
938         )
939     ),
941     'moodle/course:viewscales' => array(
943         'captype' => 'read',
944         'contextlevel' => CONTEXT_COURSE,
945         'archetypes' => array(
946             'student' => CAP_ALLOW,
947             'teacher' => CAP_ALLOW,
948             'editingteacher' => CAP_ALLOW,
949             'manager' => CAP_ALLOW
950         )
951     ),
953     'moodle/course:managescales' => array(
955         'captype' => 'write',
956         'contextlevel' => CONTEXT_COURSE,
957         'archetypes' => array(
958             'editingteacher' => CAP_ALLOW,
959             'manager' => CAP_ALLOW
960         )
961     ),
963     'moodle/course:managegroups' => array(
965         'captype' => 'write',
966         'contextlevel' => CONTEXT_COURSE,
967         'archetypes' => array(
968             'editingteacher' => CAP_ALLOW,
969             'manager' => CAP_ALLOW
970         )
971     ),
973     'moodle/course:reset' => array(
975         'riskbitmask' => RISK_DATALOSS,
977         'captype' => 'write',
978         'contextlevel' => CONTEXT_COURSE,
979         'archetypes' => array(
980             'editingteacher' => CAP_ALLOW,
981             'manager' => CAP_ALLOW
982         )
983     ),
985     'moodle/blog:view' => array(
987         'captype' => 'read',
988         'contextlevel' => CONTEXT_SYSTEM,
989         'archetypes' => array(
990             'guest' => CAP_ALLOW,
991             'user' => CAP_ALLOW,
992             'student' => CAP_ALLOW,
993             'teacher' => CAP_ALLOW,
994             'editingteacher' => CAP_ALLOW,
995             'manager' => CAP_ALLOW
996         )
997     ),
999     'moodle/blog:search' => array(
1000         'captype' => 'read',
1001         'contextlevel' => CONTEXT_SYSTEM,
1002         'archetypes' => array(
1003             'guest' => CAP_ALLOW,
1004             'user' => CAP_ALLOW,
1005             'student' => CAP_ALLOW,
1006             'teacher' => CAP_ALLOW,
1007             'editingteacher' => CAP_ALLOW,
1008             'manager' => CAP_ALLOW
1009         )
1010     ),
1012     'moodle/blog:viewdrafts' => array(
1014         'riskbitmask' => RISK_PERSONAL,
1015         'captype' => 'read',
1016         'contextlevel' => CONTEXT_SYSTEM,
1017         'archetypes' => array(
1018             'manager' => CAP_ALLOW
1019         )
1020     ),
1022     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1024         'riskbitmask' => RISK_SPAM,
1026         'captype' => 'write',
1027         'contextlevel' => CONTEXT_SYSTEM,
1028         'archetypes' => array(
1029             'user' => CAP_ALLOW,
1030             'manager' => CAP_ALLOW
1031         )
1032     ),
1034     'moodle/blog:manageentries' => array(
1036         'riskbitmask' => RISK_SPAM,
1038         'captype' => 'write',
1039         'contextlevel' => CONTEXT_SYSTEM,
1040         'archetypes' => array(
1041             'teacher' => CAP_ALLOW,
1042             'editingteacher' => CAP_ALLOW,
1043             'manager' => CAP_ALLOW
1044         )
1045     ),
1047     'moodle/blog:manageexternal' => array(
1049         'riskbitmask' => RISK_SPAM,
1051         'captype' => 'write',
1052         'contextlevel' => CONTEXT_USER,
1053         'archetypes' => array(
1054             'student' => CAP_ALLOW,
1055             'user' => CAP_ALLOW,
1056             'teacher' => CAP_ALLOW,
1057             'editingteacher' => CAP_ALLOW,
1058             'manager' => CAP_ALLOW
1059         )
1060     ),
1062     'moodle/blog:associatecourse' => array(
1064         'captype' => 'write',
1065         'contextlevel' => CONTEXT_COURSE,
1066         'archetypes' => array(
1067             'student' => CAP_ALLOW,
1068             'user' => CAP_ALLOW,
1069             'teacher' => CAP_ALLOW,
1070             'editingteacher' => CAP_ALLOW,
1071             'manager' => CAP_ALLOW
1072         )
1073     ),
1075     'moodle/blog:associatemodule' => array(
1077         'captype' => 'write',
1078         'contextlevel' => CONTEXT_MODULE,
1079         'archetypes' => array(
1080             'student' => CAP_ALLOW,
1081             'user' => CAP_ALLOW,
1082             'teacher' => CAP_ALLOW,
1083             'editingteacher' => CAP_ALLOW,
1084             'manager' => CAP_ALLOW
1085         )
1086     ),
1088     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1090         'riskbitmask' => RISK_SPAM,
1092         'captype' => 'write',
1093         'contextlevel' => CONTEXT_COURSE,
1094         'archetypes' => array(
1095             'user' => CAP_ALLOW,
1096             'manager' => CAP_ALLOW
1097         )
1098     ),
1100     'moodle/calendar:managegroupentries' => array(
1102         'riskbitmask' => RISK_SPAM,
1104         'captype' => 'write',
1105         'contextlevel' => CONTEXT_COURSE,
1106         'archetypes' => array(
1107             'teacher' => CAP_ALLOW,
1108             'editingteacher' => CAP_ALLOW,
1109             'manager' => CAP_ALLOW
1110         )
1111     ),
1113     'moodle/calendar:manageentries' => array(
1115         'riskbitmask' => RISK_SPAM,
1117         'captype' => 'write',
1118         'contextlevel' => CONTEXT_COURSE,
1119         'archetypes' => array(
1120             'teacher' => CAP_ALLOW,
1121             'editingteacher' => CAP_ALLOW,
1122             'manager' => CAP_ALLOW
1123         )
1124     ),
1126     'moodle/user:editprofile' => array(
1128         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1130         'captype' => 'write',
1131         'contextlevel' => CONTEXT_USER,
1132         'archetypes' => array(
1133             'manager' => CAP_ALLOW
1134         )
1135     ),
1137     'moodle/user:editownprofile' => array(
1139         'riskbitmask' => RISK_SPAM,
1141         'captype' => 'write',
1142         'contextlevel' => CONTEXT_SYSTEM,
1143         'archetypes' => array(
1144             'guest' => CAP_PROHIBIT,
1145             'user' => CAP_ALLOW,
1146             'manager' => CAP_ALLOW
1147         )
1148     ),
1150     'moodle/user:changeownpassword' => array(
1152         'captype' => 'write',
1153         'contextlevel' => CONTEXT_SYSTEM,
1154         'archetypes' => array(
1155             'guest' => CAP_PROHIBIT,
1156             'user' => CAP_ALLOW,
1157             'manager' => CAP_ALLOW
1158         )
1159     ),
1161     // The next 3 might make no sense for some roles, e.g teacher, etc.
1162     // since the next level up is site. These are more for the parent role
1163     'moodle/user:readuserposts' => array(
1165         'captype' => 'read',
1166         'contextlevel' => CONTEXT_USER,
1167         'archetypes' => array(
1168             'student' => CAP_ALLOW,
1169             'teacher' => CAP_ALLOW,
1170             'editingteacher' => CAP_ALLOW,
1171             'manager' => CAP_ALLOW
1172         )
1173     ),
1175     'moodle/user:readuserblogs' => array(
1177         'captype' => 'read',
1178         'contextlevel' => CONTEXT_USER,
1179         'archetypes' => array(
1180             'student' => CAP_ALLOW,
1181             'teacher' => CAP_ALLOW,
1182             'editingteacher' => CAP_ALLOW,
1183             'manager' => CAP_ALLOW
1184         )
1185     ),
1187     // designed for parent role - not used in legacy roles
1188     'moodle/user:viewuseractivitiesreport' => array(
1189         'riskbitmask' => RISK_PERSONAL,
1191         'captype' => 'read',
1192         'contextlevel' => CONTEXT_USER,
1193         'archetypes' => array(
1194         )
1195     ),
1197     //capabilities designed for the new message system configuration
1198     'moodle/user:editmessageprofile' => array(
1200          'riskbitmask' => RISK_SPAM,
1202          'captype' => 'write',
1203          'contextlevel' => CONTEXT_USER,
1204          'archetypes' => array(
1205              'manager' => CAP_ALLOW
1206          )
1207      ),
1209      'moodle/user:editownmessageprofile' => array(
1211          'captype' => 'write',
1212          'contextlevel' => CONTEXT_SYSTEM,
1213          'archetypes' => array(
1214              'guest' => CAP_PROHIBIT,
1215              'user' => CAP_ALLOW,
1216              'manager' => CAP_ALLOW
1217          )
1218      ),
1220     'moodle/question:managecategory' => array(
1221         'riskbitmask' => RISK_SPAM | RISK_XSS,
1222         'captype' => 'write',
1223         'contextlevel' => CONTEXT_COURSE,
1224         'archetypes' => array(
1225             'editingteacher' => CAP_ALLOW,
1226             'manager' => CAP_ALLOW
1227         )
1228     ),
1230     //new in moodle 1.9
1231     'moodle/question:add' => array(
1232         'riskbitmask' => RISK_SPAM | RISK_XSS,
1233         'captype' => 'write',
1234         'contextlevel' => CONTEXT_COURSE,
1235         'archetypes' => array(
1236             'editingteacher' => CAP_ALLOW,
1237             'manager' => CAP_ALLOW
1238         ),
1239         'clonepermissionsfrom' =>  'moodle/question:manage'
1240     ),
1241     'moodle/question:editmine' => array(
1242         'riskbitmask' => RISK_SPAM | RISK_XSS,
1243         'captype' => 'write',
1244         'contextlevel' => CONTEXT_COURSE,
1245         'archetypes' => array(
1246             'editingteacher' => CAP_ALLOW,
1247             'manager' => CAP_ALLOW
1248         ),
1249         'clonepermissionsfrom' =>  'moodle/question:manage'
1250     ),
1251     'moodle/question:editall' => array(
1252         'riskbitmask' => RISK_SPAM | RISK_XSS,
1253         'captype' => 'write',
1254         'contextlevel' => CONTEXT_COURSE,
1255         'archetypes' => array(
1256             'editingteacher' => CAP_ALLOW,
1257             'manager' => CAP_ALLOW
1258         ),
1259         'clonepermissionsfrom' =>  'moodle/question:manage'
1260     ),
1261     'moodle/question:viewmine' => array(
1262         'captype' => 'read',
1263         'contextlevel' => CONTEXT_COURSE,
1264         'archetypes' => array(
1265             'editingteacher' => CAP_ALLOW,
1266             'manager' => CAP_ALLOW
1267         ),
1268         'clonepermissionsfrom' =>  'moodle/question:manage'
1269     ),
1270     'moodle/question:viewall' => array(
1271         'captype' => 'read',
1272         'contextlevel' => CONTEXT_COURSE,
1273         'archetypes' => array(
1274             'editingteacher' => CAP_ALLOW,
1275             'manager' => CAP_ALLOW
1276         ),
1277         'clonepermissionsfrom' =>  'moodle/question:manage'
1278     ),
1279     'moodle/question:usemine' => array(
1280         'captype' => 'read',
1281         'contextlevel' => CONTEXT_COURSE,
1282         'archetypes' => array(
1283             'editingteacher' => CAP_ALLOW,
1284             'manager' => CAP_ALLOW
1285         ),
1286         'clonepermissionsfrom' =>  'moodle/question:manage'
1287     ),
1288     'moodle/question:useall' => array(
1289         'captype' => 'read',
1290         'contextlevel' => CONTEXT_COURSE,
1291         'archetypes' => array(
1292             'editingteacher' => CAP_ALLOW,
1293             'manager' => CAP_ALLOW
1294         ),
1295         'clonepermissionsfrom' =>  'moodle/question:manage'
1296     ),
1297     'moodle/question:movemine' => array(
1298         'captype' => 'write',
1299         'contextlevel' => CONTEXT_COURSE,
1300         'archetypes' => array(
1301             'editingteacher' => CAP_ALLOW,
1302             'manager' => CAP_ALLOW
1303         ),
1304         'clonepermissionsfrom' =>  'moodle/question:manage'
1305     ),
1306     'moodle/question:moveall' => array(
1307         'captype' => 'write',
1308         'contextlevel' => CONTEXT_COURSE,
1309         'archetypes' => array(
1310             'editingteacher' => CAP_ALLOW,
1311             'manager' => CAP_ALLOW
1312         ),
1313         'clonepermissionsfrom' =>  'moodle/question:manage'
1314     ),
1315     //END new in moodle 1.9
1317     // Configure the installed question types.
1318     'moodle/question:config' => array(
1319         'riskbitmask' => RISK_CONFIG,
1320         'captype' => 'write',
1321         'contextlevel' => CONTEXT_SYSTEM,
1322         'archetypes' => array(
1323             'manager' => CAP_ALLOW
1324         )
1325     ),
1327     // While attempting questions, the ability to flag particular questions for later reference.
1328     'moodle/question:flag' => array(
1329         'captype' => 'write',
1330         'contextlevel' => CONTEXT_COURSE,
1331         'archetypes' => array(
1332             'student' => CAP_ALLOW,
1333             'teacher' => CAP_ALLOW,
1334             'editingteacher' => CAP_ALLOW,
1335             'coursecreator' => CAP_ALLOW,
1336             'manager' => CAP_ALLOW
1337         )
1338     ),
1340     'moodle/site:doclinks' => array(
1341         'captype' => 'read',
1342         'contextlevel' => CONTEXT_SYSTEM,
1343         'archetypes' => array(
1344             'teacher' => CAP_ALLOW,
1345             'editingteacher' => CAP_ALLOW,
1346             'manager' => CAP_ALLOW
1347         )
1348     ),
1350     'moodle/course:sectionvisibility' => array(
1352         'captype' => 'write',
1353         'contextlevel' => CONTEXT_COURSE,
1354         'archetypes' => array(
1355             'editingteacher' => CAP_ALLOW,
1356             'manager' => CAP_ALLOW
1357         )
1358     ),
1360     'moodle/course:useremail' => array(
1362         'captype' => 'write',
1363         'contextlevel' => CONTEXT_COURSE,
1364         'archetypes' => array(
1365             'editingteacher' => CAP_ALLOW,
1366             'manager' => CAP_ALLOW
1367         )
1368     ),
1370     'moodle/course:viewhiddensections' => array(
1372         'captype' => 'write',
1373         'contextlevel' => CONTEXT_COURSE,
1374         'archetypes' => array(
1375             'editingteacher' => CAP_ALLOW,
1376             'manager' => CAP_ALLOW
1377         )
1378     ),
1380     'moodle/course:setcurrentsection' => array(
1382         'captype' => 'write',
1383         'contextlevel' => CONTEXT_COURSE,
1384         'archetypes' => array(
1385             'editingteacher' => CAP_ALLOW,
1386             'manager' => CAP_ALLOW
1387         )
1388     ),
1390     'moodle/site:mnetlogintoremote' => array(
1392         'captype' => 'read',
1393         'contextlevel' => CONTEXT_SYSTEM,
1394         'archetypes' => array(
1395         )
1396     ),
1398     'moodle/grade:viewall' => array(
1399         'riskbitmask' => RISK_PERSONAL,
1400         'captype' => 'read',
1401         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1402         'archetypes' => array(
1403             'teacher' => CAP_ALLOW,
1404             'editingteacher' => CAP_ALLOW,
1405             'manager' => CAP_ALLOW
1406         ),
1407         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1408     ),
1410     'moodle/grade:view' => array(
1411         'captype' => 'read',
1412         'contextlevel' => CONTEXT_COURSE,
1413         'archetypes' => array(
1414             'student' => CAP_ALLOW
1415         )
1416     ),
1418     'moodle/grade:viewhidden' => array(
1419         'riskbitmask' => RISK_PERSONAL,
1420         'captype' => 'read',
1421         'contextlevel' => CONTEXT_COURSE,
1422         'archetypes' => array(
1423             'teacher' => CAP_ALLOW,
1424             'editingteacher' => CAP_ALLOW,
1425             'manager' => CAP_ALLOW
1426         ),
1427         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1428     ),
1430     'moodle/grade:import' => array(
1431         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1432         'captype' => 'write',
1433         'contextlevel' => CONTEXT_COURSE,
1434         'archetypes' => array(
1435             'editingteacher' => CAP_ALLOW,
1436             'manager' => CAP_ALLOW
1437         ),
1438         'clonepermissionsfrom' => 'moodle/course:managegrades'
1439     ),
1441     'moodle/grade:export' => array(
1442         'riskbitmask' => RISK_PERSONAL,
1443         'captype' => 'read',
1444         'contextlevel' => CONTEXT_COURSE,
1445         'archetypes' => array(
1446             'teacher' => CAP_ALLOW,
1447             'editingteacher' => CAP_ALLOW,
1448             'manager' => CAP_ALLOW
1449         ),
1450         'clonepermissionsfrom' => 'moodle/course:managegrades'
1451     ),
1453     'moodle/grade:manage' => array(
1454         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1455         'captype' => 'write',
1456         'contextlevel' => CONTEXT_COURSE,
1457         'archetypes' => array(
1458             'editingteacher' => CAP_ALLOW,
1459             'manager' => CAP_ALLOW
1460         ),
1461         'clonepermissionsfrom' => 'moodle/course:managegrades'
1462     ),
1464     'moodle/grade:edit' => array(
1465         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1466         'captype' => 'write',
1467         'contextlevel' => CONTEXT_COURSE,
1468         'archetypes' => array(
1469             'editingteacher' => CAP_ALLOW,
1470             'manager' => CAP_ALLOW
1471         ),
1472         'clonepermissionsfrom' => 'moodle/course:managegrades'
1473     ),
1475     'moodle/grade:manageoutcomes' => array(
1476         'captype' => 'write',
1477         'contextlevel' => CONTEXT_COURSE,
1478         'archetypes' => array(
1479             'editingteacher' => CAP_ALLOW,
1480             'manager' => CAP_ALLOW
1481         ),
1482         'clonepermissionsfrom' => 'moodle/course:managegrades'
1483     ),
1485     'moodle/grade:manageletters' => array(
1486         'captype' => 'write',
1487         'contextlevel' => CONTEXT_COURSE,
1488         'archetypes' => array(
1489             'editingteacher' => CAP_ALLOW,
1490             'manager' => CAP_ALLOW
1491         ),
1492         'clonepermissionsfrom' => 'moodle/course:managegrades'
1493     ),
1495     'moodle/grade:hide' => array(
1496         'captype' => 'write',
1497         'contextlevel' => CONTEXT_COURSE,
1498         'archetypes' => array(
1499             'editingteacher' => CAP_ALLOW,
1500             'manager' => CAP_ALLOW
1501         )
1502     ),
1504     'moodle/grade:lock' => array(
1505         'captype' => 'write',
1506         'contextlevel' => CONTEXT_COURSE,
1507         'archetypes' => array(
1508             'editingteacher' => CAP_ALLOW,
1509             'manager' => CAP_ALLOW
1510         )
1511     ),
1513     'moodle/grade:unlock' => array(
1514         'captype' => 'write',
1515         'contextlevel' => CONTEXT_COURSE,
1516         'archetypes' => array(
1517             'editingteacher' => CAP_ALLOW,
1518             'manager' => CAP_ALLOW
1519         )
1520     ),
1522     'moodle/my:manageblocks' => array(
1523         'captype' => 'write',
1524         'contextlevel' => CONTEXT_SYSTEM,
1525         'archetypes' => array(
1526             'user' => CAP_ALLOW
1527         )
1528     ),
1530     'moodle/notes:view' => array(
1531         'captype' => 'read',
1532         'contextlevel' => CONTEXT_COURSE,
1533         'archetypes' => array(
1534             'teacher' => CAP_ALLOW,
1535             'editingteacher' => CAP_ALLOW,
1536             'manager' => CAP_ALLOW
1537         )
1538     ),
1540     'moodle/notes:manage' => array(
1541         'riskbitmask' => RISK_SPAM,
1543         'captype' => 'write',
1544         'contextlevel' => CONTEXT_COURSE,
1545         'archetypes' => array(
1546             'teacher' => CAP_ALLOW,
1547             'editingteacher' => CAP_ALLOW,
1548             'manager' => CAP_ALLOW
1549         )
1550     ),
1552     'moodle/tag:manage' => array(
1553         'riskbitmask' => RISK_SPAM,
1555         'captype' => 'write',
1556         'contextlevel' => CONTEXT_SYSTEM,
1557         'archetypes' => array(
1558             'teacher' => CAP_ALLOW,
1559             'editingteacher' => CAP_ALLOW,
1560             'manager' => CAP_ALLOW
1561         )
1562     ),
1564     'moodle/tag:create' => array(
1565         'riskbitmask' => RISK_SPAM,
1567         'captype' => 'write',
1568         'contextlevel' => CONTEXT_SYSTEM,
1569         'archetypes' => array(
1570             'manager' => CAP_ALLOW,
1571             'user' => CAP_ALLOW
1572         )
1573     ),
1575     'moodle/tag:edit' => array(
1576         'riskbitmask' => RISK_SPAM,
1578         'captype' => 'write',
1579         'contextlevel' => CONTEXT_SYSTEM,
1580         'archetypes' => array(
1581             'manager' => CAP_ALLOW,
1582             'user' => CAP_ALLOW
1583         )
1584     ),
1586     'moodle/tag:editblocks' => array(
1587         'captype' => 'write',
1588         'contextlevel' => CONTEXT_SYSTEM,
1589         'archetypes' => array(
1590             'teacher' => CAP_ALLOW,
1591             'editingteacher' => CAP_ALLOW,
1592             'manager' => CAP_ALLOW
1593         )
1594     ),
1596     'moodle/block:view' => array(
1597         'captype' => 'read',
1598         'contextlevel' => CONTEXT_BLOCK,
1599         'archetypes' => array(
1600             'guest' => CAP_ALLOW,
1601             'user' => CAP_ALLOW,
1602             'student' => CAP_ALLOW,
1603             'teacher' => CAP_ALLOW,
1604             'editingteacher' => CAP_ALLOW,
1605             'coursecreator' => CAP_ALLOW
1606         )
1607     ),
1609     'moodle/block:edit' => array(
1610         'riskbitmask' => RISK_SPAM | RISK_XSS,
1612         'captype' => 'write',
1613         'contextlevel' => CONTEXT_BLOCK,
1614         'archetypes' => array(
1615             'editingteacher' => CAP_ALLOW,
1616             'coursecreator' => CAP_ALLOW
1617         )
1618     ),
1620     'moodle/portfolio:export' => array(
1621         'captype' => 'read',
1622         'contextlevel' => CONTEXT_SYSTEM,
1623         'archetypes' => array(
1624             'user' => CAP_ALLOW,
1625             'student' => CAP_ALLOW,
1626             'teacher' => CAP_ALLOW,
1627             'editingteacher' => CAP_ALLOW,
1628             'coursecreator' => CAP_ALLOW
1629         )
1630     ),
1631     'moodle/comment:view' => array(
1633         'captype' => 'read',
1634         'contextlevel' => CONTEXT_COURSE,
1635         'archetypes' => array(
1636             'user' => CAP_ALLOW,
1637             'student' => CAP_ALLOW,
1638             'teacher' => CAP_ALLOW,
1639             'editingteacher' => CAP_ALLOW,
1640             'coursecreator' => CAP_ALLOW,
1641             'manager' => CAP_ALLOW
1642         )
1643     ),
1644     'moodle/comment:post' => array(
1646         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1647         'captype' => 'write',
1648         'contextlevel' => CONTEXT_COURSE,
1649         'archetypes' => array(
1650             'user' => CAP_ALLOW,
1651             'student' => CAP_ALLOW,
1652             'teacher' => CAP_ALLOW,
1653             'editingteacher' => CAP_ALLOW,
1654             'coursecreator' => CAP_ALLOW,
1655             'manager' => CAP_ALLOW
1656         )
1657     ),
1658     'moodle/comment:delete' => array(
1660         'riskbitmask' => RISK_DATALOSS,
1661         'captype' => 'write',
1662         'contextlevel' => CONTEXT_COURSE,
1663         'archetypes' => array(
1664             'editingteacher' => CAP_ALLOW,
1665             'coursecreator' => CAP_ALLOW,
1666             'manager' => CAP_ALLOW
1667         )
1668     ),
1669     'moodle/webservice:createtoken' => array(
1671         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1672         'captype' => 'write',
1673         'contextlevel' => CONTEXT_SYSTEM,
1674         'archetypes' => array(
1675             'manager' => CAP_ALLOW
1676         )
1677     ),
1678     'moodle/rating:view' => array(
1680         'captype' => 'read',
1681         'contextlevel' => CONTEXT_COURSE,
1682         'archetypes' => array(
1683             'user' => CAP_ALLOW,
1684             'student' => CAP_ALLOW,
1685             'teacher' => CAP_ALLOW,
1686             'editingteacher' => CAP_ALLOW,
1687             'manager' => CAP_ALLOW
1688         )
1689     ),
1690     'moodle/rating:viewany' => array(
1692         'riskbitmask' => RISK_PERSONAL,
1693         'captype' => 'read',
1694         'contextlevel' => CONTEXT_COURSE,
1695         'archetypes' => array(
1696             'user' => CAP_ALLOW,
1697             'student' => CAP_ALLOW,
1698             'teacher' => CAP_ALLOW,
1699             'editingteacher' => CAP_ALLOW,
1700             'manager' => CAP_ALLOW
1701         )
1702     ),
1703     'moodle/rating:viewall' => array(
1705         'riskbitmask' => RISK_PERSONAL,
1706         'captype' => 'read',
1707         'contextlevel' => CONTEXT_COURSE,
1708         'archetypes' => array(
1709             'user' => CAP_ALLOW,
1710             'student' => CAP_ALLOW,
1711             'teacher' => CAP_ALLOW,
1712             'editingteacher' => CAP_ALLOW,
1713             'manager' => CAP_ALLOW
1714         )
1715     ),
1716     'moodle/rating:rate' => array(
1718         'captype' => 'write',
1719         'contextlevel' => CONTEXT_COURSE,
1720         'archetypes' => array(
1721             'user' => CAP_ALLOW,
1722             'student' => CAP_ALLOW,
1723             'teacher' => CAP_ALLOW,
1724             'editingteacher' => CAP_ALLOW,
1725             'manager' => CAP_ALLOW
1726         )
1727     ),
1728      'moodle/course:publish' => array(
1730         'captype' => 'write',
1731         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1732         'contextlevel' => CONTEXT_SYSTEM,
1733         'archetypes' => array(
1734             'manager' => CAP_ALLOW
1735         )
1736     ),
1737     'moodle/course:markcomplete' => array(
1738         'captype' => 'write',
1739         'contextlevel' => CONTEXT_COURSE,
1740         'archetypes' => array(
1741             'teacher' => CAP_ALLOW,
1742             'editingteacher' => CAP_ALLOW,
1743             'coursecreator' => CAP_ALLOW,
1744             'manager' => CAP_ALLOW
1745         )
1746     ),
1747     'moodle/community:add' => array(
1748         'captype' => 'write',
1749         'contextlevel' => CONTEXT_SYSTEM,
1750         'archetypes' => array(
1751             'manager' => CAP_ALLOW,
1752             'teacher' => CAP_ALLOW,
1753             'editingteacher' => CAP_ALLOW,
1754             'coursecreator' => CAP_ALLOW
1755         )
1756     ),
1757     'moodle/community:download' => array(
1758         'captype' => 'write',
1759         'contextlevel' => CONTEXT_SYSTEM,
1760         'archetypes' => array(
1761             'manager' => CAP_ALLOW,
1762             'editingteacher' => CAP_ALLOW,
1763             'coursecreator' => CAP_ALLOW
1764         )
1765     )
1766 );