Moodle release 3.0rc3
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
68     'moodle/site:readallmessages' => array(
70         'riskbitmask' => RISK_PERSONAL,
72         'captype' => 'read',
73         'contextlevel' => CONTEXT_SYSTEM,
74         'archetypes' => array(
75             'manager' => CAP_ALLOW,
76             'editingteacher' => CAP_ALLOW
77         )
78     ),
80     'moodle/site:deleteanymessage' => array(
82         'riskbitmask' => RISK_DATALOSS,
84         'captype' => 'write',
85         'contextlevel' => CONTEXT_SYSTEM,
86         'archetypes' => array(
87             'manager' => CAP_ALLOW
88         )
89     ),
91     'moodle/site:sendmessage' => array(
93         'riskbitmask' => RISK_SPAM,
95         'captype' => 'write',
96         'contextlevel' => CONTEXT_SYSTEM,
97         'archetypes' => array(
98             'manager' => CAP_ALLOW,
99             'user' => CAP_ALLOW
100         )
101     ),
103     'moodle/site:deleteownmessage' => array(
105         'captype' => 'write',
106         'contextlevel' => CONTEXT_SYSTEM,
107         'archetypes' => array(
108             'user' => CAP_ALLOW
109         )
110     ),
112     'moodle/site:approvecourse' => array(
114         'riskbitmask' => RISK_XSS,
116         'captype' => 'write',
117         'contextlevel' => CONTEXT_SYSTEM,
118         'archetypes' => array(
119             'manager' => CAP_ALLOW
120         )
121     ),
123     'moodle/backup:backupcourse' => array(
125         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
127         'captype' => 'write',
128         'contextlevel' => CONTEXT_COURSE,
129         'archetypes' => array(
130             'editingteacher' => CAP_ALLOW,
131             'manager' => CAP_ALLOW
132         ),
134         'clonepermissionsfrom' =>  'moodle/site:backup'
135     ),
137     'moodle/backup:backupsection' => array(
139         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
141         'captype' => 'write',
142         'contextlevel' => CONTEXT_COURSE,
143         'archetypes' => array(
144             'editingteacher' => CAP_ALLOW,
145             'manager' => CAP_ALLOW
146         ),
148         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
149     ),
151     'moodle/backup:backupactivity' => array(
153         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
155         'captype' => 'write',
156         'contextlevel' => CONTEXT_MODULE,
157         'archetypes' => array(
158             'editingteacher' => CAP_ALLOW,
159             'manager' => CAP_ALLOW
160         ),
162         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
163     ),
165     'moodle/backup:backuptargethub' => array(
167         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
169         'captype' => 'write',
170         'contextlevel' => CONTEXT_COURSE,
171         'archetypes' => array(
172             'editingteacher' => CAP_ALLOW,
173             'manager' => CAP_ALLOW
174         ),
176         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
177     ),
179     'moodle/backup:backuptargetimport' => array(
181         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
183         'captype' => 'write',
184         'contextlevel' => CONTEXT_COURSE,
185         'archetypes' => array(
186             'editingteacher' => CAP_ALLOW,
187             'manager' => CAP_ALLOW
188         ),
190         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
191     ),
193     'moodle/backup:downloadfile' => array(
195         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
197         'captype' => 'write',
198         'contextlevel' => CONTEXT_COURSE,
199         'archetypes' => array(
200             'editingteacher' => CAP_ALLOW,
201             'manager' => CAP_ALLOW
202         ),
204         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
205     ),
207     'moodle/backup:configure' => array(
209         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
211         'captype' => 'write',
212         'contextlevel' => CONTEXT_COURSE,
213         'archetypes' => array(
214             'editingteacher' => CAP_ALLOW,
215             'manager' => CAP_ALLOW
216         )
217     ),
219     'moodle/backup:userinfo' => array(
221         'riskbitmask' => RISK_PERSONAL,
223         'captype' => 'read',
224         'contextlevel' => CONTEXT_COURSE,
225         'archetypes' => array(
226             'manager' => CAP_ALLOW
227         )
228     ),
230     'moodle/backup:anonymise' => array(
232         'riskbitmask' => RISK_PERSONAL,
234         'captype' => 'read',
235         'contextlevel' => CONTEXT_COURSE,
236         'archetypes' => array(
237             'manager' => CAP_ALLOW
238         )
239     ),
241     'moodle/restore:restorecourse' => array(
243         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
245         'captype' => 'write',
246         'contextlevel' => CONTEXT_COURSE,
247         'archetypes' => array(
248             'editingteacher' => CAP_ALLOW,
249             'manager' => CAP_ALLOW
250         ),
252         'clonepermissionsfrom' =>  'moodle/site:restore'
253     ),
255     'moodle/restore:restoresection' => array(
257         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
259         'captype' => 'write',
260         'contextlevel' => CONTEXT_COURSE,
261         'archetypes' => array(
262             'editingteacher' => CAP_ALLOW,
263             'manager' => CAP_ALLOW
264         ),
266         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
267     ),
269     'moodle/restore:restoreactivity' => array(
271         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
273         'captype' => 'write',
274         'contextlevel' => CONTEXT_COURSE,
275         'archetypes' => array(
276             'editingteacher' => CAP_ALLOW,
277             'manager' => CAP_ALLOW
278         ),
280         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
281     ),
283     'moodle/restore:viewautomatedfilearea' => array(
285         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
287         'captype' => 'write',
288         'contextlevel' => CONTEXT_COURSE,
289     ),
291     'moodle/restore:restoretargethub' => array(
293         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
295         'captype' => 'write',
296         'contextlevel' => CONTEXT_COURSE,
297         'archetypes' => array(
298             'editingteacher' => CAP_ALLOW,
299             'manager' => CAP_ALLOW
300         ),
302         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
303     ),
305     'moodle/restore:restoretargetimport' => array(
307         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
309         'captype' => 'write',
310         'contextlevel' => CONTEXT_COURSE,
311         'archetypes' => array(
312             'editingteacher' => CAP_ALLOW,
313             'manager' => CAP_ALLOW
314         ),
316         'clonepermissionsfrom' =>  'moodle/site:import'
317     ),
319     'moodle/restore:uploadfile' => array(
321         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
323         'captype' => 'write',
324         'contextlevel' => CONTEXT_COURSE,
325         'archetypes' => array(
326             'editingteacher' => CAP_ALLOW,
327             'manager' => CAP_ALLOW
328         ),
330         'clonepermissionsfrom' =>  'moodle/site:backupupload'
331     ),
333     'moodle/restore:configure' => array(
335         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
337         'captype' => 'write',
338         'contextlevel' => CONTEXT_COURSE,
339         'archetypes' => array(
340             'editingteacher' => CAP_ALLOW,
341             'manager' => CAP_ALLOW
342         )
343     ),
345     'moodle/restore:rolldates' => array(
347         'captype' => 'write',
348         'contextlevel' => CONTEXT_COURSE,
349         'archetypes' => array(
350             'coursecreator' => CAP_ALLOW,
351             'manager' => CAP_ALLOW
352         )
353     ),
355     'moodle/restore:userinfo' => array(
357         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
359         'captype' => 'write',
360         'contextlevel' => CONTEXT_COURSE,
361         'archetypes' => array(
362             'manager' => CAP_ALLOW
363         )
364     ),
366     'moodle/restore:createuser' => array(
368         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
370         'captype' => 'write',
371         'contextlevel' => CONTEXT_SYSTEM,
372         'archetypes' => array(
373             'manager' => CAP_ALLOW
374         )
375     ),
377     'moodle/site:manageblocks' => array(
379         'riskbitmask' => RISK_SPAM | RISK_XSS,
381         'captype' => 'write',
382         'contextlevel' => CONTEXT_BLOCK,
383         'archetypes' => array(
384             'editingteacher' => CAP_ALLOW,
385             'manager' => CAP_ALLOW
386         )
387     ),
389     'moodle/site:accessallgroups' => array(
391         'captype' => 'read',
392         'contextlevel' => CONTEXT_COURSE,
393         'archetypes' => array(
394             'teacher' => CAP_ALLOW,
395             'editingteacher' => CAP_ALLOW,
396             'manager' => CAP_ALLOW
397         )
398     ),
400     'moodle/site:viewfullnames' => array(
402         'captype' => 'read',
403         'contextlevel' => CONTEXT_COURSE,
404         'archetypes' => array(
405             'teacher' => CAP_ALLOW,
406             'editingteacher' => CAP_ALLOW,
407             'manager' => CAP_ALLOW
408         )
409     ),
411     // In reports that give lists of users, extra information about each user's
412     // identity (the fields configured in site option showuseridentity) will be
413     // displayed to users who have this capability.
414     'moodle/site:viewuseridentity' => array(
416         'captype' => 'read',
417         'contextlevel' => CONTEXT_COURSE,
418         'archetypes' => array(
419             'teacher' => CAP_ALLOW,
420             'editingteacher' => CAP_ALLOW,
421             'manager' => CAP_ALLOW
422         )
423     ),
425     'moodle/site:viewreports' => array(
427         'riskbitmask' => RISK_PERSONAL,
429         'captype' => 'read',
430         'contextlevel' => CONTEXT_COURSE,
431         'archetypes' => array(
432             'teacher' => CAP_ALLOW,
433             'editingteacher' => CAP_ALLOW,
434             'manager' => CAP_ALLOW
435         )
436     ),
438     'moodle/site:trustcontent' => array(
440         'riskbitmask' => RISK_XSS,
442         'captype' => 'write',
443         'contextlevel' => CONTEXT_COURSE,
444         'archetypes' => array(
445             'editingteacher' => CAP_ALLOW,
446             'manager' => CAP_ALLOW
447         )
448     ),
450     'moodle/site:uploadusers' => array(
452         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
454         'captype' => 'write',
455         'contextlevel' => CONTEXT_SYSTEM,
456         'archetypes' => array(
457             'manager' => CAP_ALLOW
458         )
459     ),
461     // Permission to manage filter setting overrides in subcontexts.
462     'moodle/filter:manage' => array(
464         'captype' => 'write',
465         'contextlevel' => CONTEXT_COURSE,
466         'archetypes' => array(
467             'editingteacher' => CAP_ALLOW,
468             'manager' => CAP_ALLOW,
469         )
470     ),
472     'moodle/user:create' => array(
474         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
476         'captype' => 'write',
477         'contextlevel' => CONTEXT_SYSTEM,
478         'archetypes' => array(
479             'manager' => CAP_ALLOW
480         )
481     ),
483     'moodle/user:delete' => array(
485         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
487         'captype' => 'write',
488         'contextlevel' => CONTEXT_SYSTEM,
489         'archetypes' => array(
490             'manager' => CAP_ALLOW
491         )
492     ),
494     'moodle/user:update' => array(
496         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
498         'captype' => 'write',
499         'contextlevel' => CONTEXT_SYSTEM,
500         'archetypes' => array(
501             'manager' => CAP_ALLOW
502         )
503     ),
505     'moodle/user:viewdetails' => array(
507         'captype' => 'read',
508         'contextlevel' => CONTEXT_COURSE,
509         'archetypes' => array(
510             'guest' => CAP_ALLOW,
511             'student' => CAP_ALLOW,
512             'teacher' => CAP_ALLOW,
513             'editingteacher' => CAP_ALLOW,
514             'manager' => CAP_ALLOW
515         )
516     ),
518     'moodle/user:viewalldetails' => array(
519         'riskbitmask' => RISK_PERSONAL,
520         'captype' => 'read',
521         'contextlevel' => CONTEXT_USER,
522         'archetypes' => array(
523             'manager' => CAP_ALLOW
524         ),
525         'clonepermissionsfrom' => 'moodle/user:update'
526     ),
528     'moodle/user:viewlastip' => array(
529         'riskbitmask' => RISK_PERSONAL,
530         'captype' => 'read',
531         'contextlevel' => CONTEXT_USER,
532         'archetypes' => array(
533             'manager' => CAP_ALLOW
534         ),
535         'clonepermissionsfrom' => 'moodle/user:update'
536     ),
538     'moodle/user:viewhiddendetails' => array(
540         'riskbitmask' => RISK_PERSONAL,
542         'captype' => 'read',
543         'contextlevel' => CONTEXT_COURSE,
544         'archetypes' => array(
545             'teacher' => CAP_ALLOW,
546             'editingteacher' => CAP_ALLOW,
547             'manager' => CAP_ALLOW
548         )
549     ),
551     'moodle/user:loginas' => array(
553         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
555         'captype' => 'write',
556         'contextlevel' => CONTEXT_COURSE,
557         'archetypes' => array(
558             'manager' => CAP_ALLOW
559         )
560     ),
562     // can the user manage the system default profile page?
563     'moodle/user:managesyspages' => array(
565         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
567         'captype' => 'write',
568         'contextlevel' => CONTEXT_SYSTEM,
569         'archetypes' => array(
570             'manager' => CAP_ALLOW
571         )
572     ),
574     // can the user manage another user's profile page?
575     'moodle/user:manageblocks' => array(
577         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
579         'captype' => 'write',
580         'contextlevel' => CONTEXT_USER
581     ),
583     // can the user manage their own profile page?
584     'moodle/user:manageownblocks' => array(
586         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
588         'captype' => 'write',
589         'contextlevel' => CONTEXT_SYSTEM,
590         'archetypes' => array(
591             'user' => CAP_ALLOW
592         )
593     ),
595     // can the user manage their own files?
596     'moodle/user:manageownfiles' => array(
598         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
600         'captype' => 'write',
601         'contextlevel' => CONTEXT_SYSTEM,
602         'archetypes' => array(
603             'user' => CAP_ALLOW
604         )
605     ),
607     // Can the user ignore the setting userquota?
608     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
609     'moodle/user:ignoreuserquota' => array(
610         'riskbitmap' => RISK_SPAM,
611         'captype' => 'write',
612         'contextlevel' => CONTEXT_SYSTEM,
613         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
614     ),
616     // can the user manage the system default dashboard page?
617     'moodle/my:configsyspages' => array(
619         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
621         'captype' => 'write',
622         'contextlevel' => CONTEXT_SYSTEM,
623         'archetypes' => array(
624             'manager' => CAP_ALLOW
625         )
626     ),
628     'moodle/role:assign' => array(
630         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
632         'captype' => 'write',
633         'contextlevel' => CONTEXT_COURSE,
634         'archetypes' => array(
635             'editingteacher' => CAP_ALLOW,
636             'manager' => CAP_ALLOW
637         )
638     ),
640     'moodle/role:review' => array(
642         'riskbitmask' => RISK_PERSONAL,
644         'captype' => 'read',
645         'contextlevel' => CONTEXT_COURSE,
646         'archetypes' => array(
647             'teacher' => CAP_ALLOW,
648             'editingteacher' => CAP_ALLOW,
649             'manager' => CAP_ALLOW
650         )
651     ),
653     'moodle/role:override' => array(
655         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
657         'captype' => 'write',
658         'contextlevel' => CONTEXT_COURSE,
659         'archetypes' => array(
660             'manager' => CAP_ALLOW
661         )
662     ),
664     'moodle/role:safeoverride' => array(
666         'riskbitmask' => RISK_SPAM,
668         'captype' => 'write',
669         'contextlevel' => CONTEXT_COURSE,
670         'archetypes' => array(
671             'editingteacher' => CAP_ALLOW
672         )
673     ),
675     'moodle/role:manage' => array(
677         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
679         'captype' => 'write',
680         'contextlevel' => CONTEXT_SYSTEM,
681         'archetypes' => array(
682             'manager' => CAP_ALLOW
683         )
684     ),
686     'moodle/role:switchroles' => array(
688         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
690         'captype' => 'read',
691         'contextlevel' => CONTEXT_COURSE,
692         'archetypes' => array(
693             'editingteacher' => CAP_ALLOW,
694             'manager' => CAP_ALLOW
695         )
696     ),
698     // Create, update and delete course categories. (Deleting a course category
699     // does not let you delete the courses it contains, unless you also have
700     // moodle/course: delete.) Creating and deleting requires this permission in
701     // the parent category.
702     'moodle/category:manage' => array(
704         'riskbitmask' => RISK_XSS,
706         'captype' => 'write',
707         'contextlevel' => CONTEXT_COURSECAT,
708         'archetypes' => array(
709             'manager' => CAP_ALLOW
710         ),
711         'clonepermissionsfrom' => 'moodle/category:update'
712     ),
714     'moodle/category:viewhiddencategories' => array(
716         'captype' => 'read',
717         'contextlevel' => CONTEXT_COURSECAT,
718         'archetypes' => array(
719             'coursecreator' => CAP_ALLOW,
720             'manager' => CAP_ALLOW
721         ),
722         'clonepermissionsfrom' => 'moodle/category:visibility'
723     ),
725     // create, delete, move cohorts in system and course categories,
726     // (cohorts with component !== null can be only moved)
727     'moodle/cohort:manage' => array(
729         'captype' => 'write',
730         'contextlevel' => CONTEXT_COURSECAT,
731         'archetypes' => array(
732             'manager' => CAP_ALLOW
733         )
734     ),
736     // add and remove cohort members (only for cohorts where component !== null)
737     'moodle/cohort:assign' => array(
739         'captype' => 'write',
740         'contextlevel' => CONTEXT_COURSECAT,
741         'archetypes' => array(
742             'manager' => CAP_ALLOW
743         )
744     ),
746     // View visible and hidden cohorts defined in the current context.
747     'moodle/cohort:view' => array(
749         'captype' => 'read',
750         'contextlevel' => CONTEXT_COURSE,
751         'archetypes' => array(
752             'editingteacher' => CAP_ALLOW,
753             'manager' => CAP_ALLOW
754         )
755     ),
757     'moodle/course:create' => array(
759         'riskbitmask' => RISK_XSS,
761         'captype' => 'write',
762         'contextlevel' => CONTEXT_COURSECAT,
763         'archetypes' => array(
764             'coursecreator' => CAP_ALLOW,
765             'manager' => CAP_ALLOW
766         )
767     ),
769     'moodle/course:request' => array(
770         'captype' => 'write',
771         'contextlevel' => CONTEXT_SYSTEM,
772         'archetypes' => array(
773             'user' => CAP_ALLOW,
774         )
775     ),
777     'moodle/course:delete' => array(
779         'riskbitmask' => RISK_DATALOSS,
781         'captype' => 'write',
782         'contextlevel' => CONTEXT_COURSE,
783         'archetypes' => array(
784             'manager' => CAP_ALLOW
785         )
786     ),
788     'moodle/course:update' => array(
790         'riskbitmask' => RISK_XSS,
792         'captype' => 'write',
793         'contextlevel' => CONTEXT_COURSE,
794         'archetypes' => array(
795             'editingteacher' => CAP_ALLOW,
796             'manager' => CAP_ALLOW
797         )
798     ),
800     'moodle/course:view' => array(
802         'captype' => 'read',
803         'contextlevel' => CONTEXT_COURSE,
804         'archetypes' => array(
805             'manager' => CAP_ALLOW,
806         )
807     ),
809     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
810     'moodle/course:enrolreview' => array(
812         'riskbitmask' => RISK_PERSONAL,
814         'captype' => 'read',
815         'contextlevel' => CONTEXT_COURSE,
816         'archetypes' => array(
817             'editingteacher' => CAP_ALLOW,
818             'manager' => CAP_ALLOW,
819         )
820     ),
822     /* add, remove, hide enrol instances in courses */
823     'moodle/course:enrolconfig' => array(
825         'riskbitmask' => RISK_PERSONAL,
827         'captype' => 'write',
828         'contextlevel' => CONTEXT_COURSE,
829         'archetypes' => array(
830             'editingteacher' => CAP_ALLOW,
831             'manager' => CAP_ALLOW,
832         )
833     ),
835     'moodle/course:reviewotherusers' => array(
837         'captype' => 'read',
838         'contextlevel' => CONTEXT_COURSE,
839         'archetypes' => array(
840             'editingteacher' => CAP_ALLOW,
841             'manager' => CAP_ALLOW,
842         ),
843         'clonepermissionsfrom' => 'moodle/role:assign'
844     ),
846     'moodle/course:bulkmessaging' => array(
848         'riskbitmask' => RISK_SPAM,
850         'captype' => 'write',
851         'contextlevel' => CONTEXT_COURSE,
852         'archetypes' => array(
853             'teacher' => CAP_ALLOW,
854             'editingteacher' => CAP_ALLOW,
855             'manager' => CAP_ALLOW
856         )
857     ),
859     'moodle/course:viewhiddenuserfields' => array(
861         'riskbitmask' => RISK_PERSONAL,
863         'captype' => 'read',
864         'contextlevel' => CONTEXT_COURSE,
865         'archetypes' => array(
866             'teacher' => CAP_ALLOW,
867             'editingteacher' => CAP_ALLOW,
868             'manager' => CAP_ALLOW
869         )
870     ),
872     'moodle/course:viewhiddencourses' => array(
874         'captype' => 'read',
875         'contextlevel' => CONTEXT_COURSE,
876         'archetypes' => array(
877             'coursecreator' => CAP_ALLOW,
878             'teacher' => CAP_ALLOW,
879             'editingteacher' => CAP_ALLOW,
880             'manager' => CAP_ALLOW
881         )
882     ),
884     'moodle/course:visibility' => array(
886         'captype' => 'write',
887         'contextlevel' => CONTEXT_COURSE,
888         'archetypes' => array(
889             'editingteacher' => CAP_ALLOW,
890             'manager' => CAP_ALLOW
891         )
892     ),
894     'moodle/course:managefiles' => array(
896         'riskbitmask' => RISK_XSS,
898         'captype' => 'write',
899         'contextlevel' => CONTEXT_COURSE,
900         'archetypes' => array(
901             'editingteacher' => CAP_ALLOW,
902             'manager' => CAP_ALLOW
903         )
904     ),
906     'moodle/course:ignorefilesizelimits' => array(
908         'captype' => 'write',
909         'contextlevel' => CONTEXT_COURSE,
910         'archetypes' => array(
911         )
912     ),
914     'moodle/course:manageactivities' => array(
916         'riskbitmask' => RISK_XSS,
918         'captype' => 'write',
919         'contextlevel' => CONTEXT_MODULE,
920         'archetypes' => array(
921             'editingteacher' => CAP_ALLOW,
922             'manager' => CAP_ALLOW
923         )
924     ),
926     'moodle/course:activityvisibility' => array(
928         'captype' => 'write',
929         'contextlevel' => CONTEXT_MODULE,
930         'archetypes' => array(
931             'editingteacher' => CAP_ALLOW,
932             'manager' => CAP_ALLOW
933         )
934     ),
936     'moodle/course:viewhiddenactivities' => array(
938         'captype' => 'write',
939         'contextlevel' => CONTEXT_MODULE,
940         'archetypes' => array(
941             'teacher' => CAP_ALLOW,
942             'editingteacher' => CAP_ALLOW,
943             'manager' => CAP_ALLOW
944         )
945     ),
947     'moodle/course:viewparticipants' => array(
949         'captype' => 'read',
950         'contextlevel' => CONTEXT_COURSE,
951         'archetypes' => array(
952             'student' => CAP_ALLOW,
953             'teacher' => CAP_ALLOW,
954             'editingteacher' => CAP_ALLOW,
955             'manager' => CAP_ALLOW
956         )
957     ),
959     'moodle/course:changefullname' => array(
961         'riskbitmask' => RISK_XSS,
963         'captype' => 'write',
964         'contextlevel' => CONTEXT_COURSE,
965         'archetypes' => array(
966             'editingteacher' => CAP_ALLOW,
967             'manager' => CAP_ALLOW
968         ),
969         'clonepermissionsfrom' => 'moodle/course:update'
970     ),
972     'moodle/course:changeshortname' => array(
974         'riskbitmask' => RISK_XSS,
976         'captype' => 'write',
977         'contextlevel' => CONTEXT_COURSE,
978         'archetypes' => array(
979             'editingteacher' => CAP_ALLOW,
980             'manager' => CAP_ALLOW
981         ),
982         'clonepermissionsfrom' => 'moodle/course:update'
983     ),
985     'moodle/course:changeidnumber' => array(
987         'riskbitmask' => RISK_XSS,
989         'captype' => 'write',
990         'contextlevel' => CONTEXT_COURSE,
991         'archetypes' => array(
992             'editingteacher' => CAP_ALLOW,
993             'manager' => CAP_ALLOW
994         ),
995         'clonepermissionsfrom' => 'moodle/course:update'
996     ),
997     'moodle/course:changecategory' => array(
998         'riskbitmask' => RISK_XSS,
1000         'captype' => 'write',
1001         'contextlevel' => CONTEXT_COURSE,
1002         'archetypes' => array(
1003             'editingteacher' => CAP_ALLOW,
1004             'manager' => CAP_ALLOW
1005         ),
1006         'clonepermissionsfrom' => 'moodle/course:update'
1007     ),
1009     'moodle/course:changesummary' => array(
1010         'riskbitmask' => RISK_XSS,
1012         'captype' => 'write',
1013         'contextlevel' => CONTEXT_COURSE,
1014         'archetypes' => array(
1015             'editingteacher' => CAP_ALLOW,
1016             'manager' => CAP_ALLOW
1017         ),
1018         'clonepermissionsfrom' => 'moodle/course:update'
1019     ),
1022     'moodle/site:viewparticipants' => array(
1024         'captype' => 'read',
1025         'contextlevel' => CONTEXT_SYSTEM,
1026         'archetypes' => array(
1027             'manager' => CAP_ALLOW
1028         )
1029     ),
1031     'moodle/course:isincompletionreports' => array(
1032         'captype' => 'read',
1033         'contextlevel' => CONTEXT_COURSE,
1034         'archetypes' => array(
1035             'student' => CAP_ALLOW,
1036         ),
1037     ),
1039     'moodle/course:viewscales' => array(
1041         'captype' => 'read',
1042         'contextlevel' => CONTEXT_COURSE,
1043         'archetypes' => array(
1044             'student' => CAP_ALLOW,
1045             'teacher' => CAP_ALLOW,
1046             'editingteacher' => CAP_ALLOW,
1047             'manager' => CAP_ALLOW
1048         )
1049     ),
1051     'moodle/course:managescales' => array(
1053         'captype' => 'write',
1054         'contextlevel' => CONTEXT_COURSE,
1055         'archetypes' => array(
1056             'editingteacher' => CAP_ALLOW,
1057             'manager' => CAP_ALLOW
1058         )
1059     ),
1061     'moodle/course:managegroups' => array(
1063         'captype' => 'write',
1064         'contextlevel' => CONTEXT_COURSE,
1065         'archetypes' => array(
1066             'editingteacher' => CAP_ALLOW,
1067             'manager' => CAP_ALLOW
1068         )
1069     ),
1071     'moodle/course:reset' => array(
1073         'riskbitmask' => RISK_DATALOSS,
1075         'captype' => 'write',
1076         'contextlevel' => CONTEXT_COURSE,
1077         'archetypes' => array(
1078             'editingteacher' => CAP_ALLOW,
1079             'manager' => CAP_ALLOW
1080         )
1081     ),
1083     'moodle/course:viewsuspendedusers' => array(
1085         'captype' => 'read',
1086         'contextlevel' => CONTEXT_SYSTEM,
1087         'archetypes' => array(
1088             'editingteacher' => CAP_ALLOW,
1089             'manager' => CAP_ALLOW
1090         )
1091     ),
1093     'moodle/course:tag' => array(
1094         'riskbitmask' => RISK_SPAM,
1095         'captype' => 'write',
1096         'contextlevel' => CONTEXT_COURSE,
1097         'archetypes' => array(
1098             'manager' => CAP_ALLOW,
1099             'editingteacher' => CAP_ALLOW,
1100         ),
1101         'clonepermissionsfrom' => 'moodle/course:update'
1102     ),
1104     'moodle/blog:view' => array(
1106         'captype' => 'read',
1107         'contextlevel' => CONTEXT_SYSTEM,
1108         'archetypes' => array(
1109             'guest' => CAP_ALLOW,
1110             'user' => CAP_ALLOW,
1111             'student' => CAP_ALLOW,
1112             'teacher' => CAP_ALLOW,
1113             'editingteacher' => CAP_ALLOW,
1114             'manager' => CAP_ALLOW
1115         )
1116     ),
1118     'moodle/blog:search' => array(
1119         'captype' => 'read',
1120         'contextlevel' => CONTEXT_SYSTEM,
1121         'archetypes' => array(
1122             'guest' => CAP_ALLOW,
1123             'user' => CAP_ALLOW,
1124             'student' => CAP_ALLOW,
1125             'teacher' => CAP_ALLOW,
1126             'editingteacher' => CAP_ALLOW,
1127             'manager' => CAP_ALLOW
1128         )
1129     ),
1131     'moodle/blog:viewdrafts' => array(
1133         'riskbitmask' => RISK_PERSONAL,
1134         'captype' => 'read',
1135         'contextlevel' => CONTEXT_SYSTEM,
1136         'archetypes' => array(
1137             'manager' => CAP_ALLOW
1138         )
1139     ),
1141     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1143         'riskbitmask' => RISK_SPAM,
1145         'captype' => 'write',
1146         'contextlevel' => CONTEXT_SYSTEM,
1147         'archetypes' => array(
1148             'user' => CAP_ALLOW,
1149             'manager' => CAP_ALLOW
1150         )
1151     ),
1153     'moodle/blog:manageentries' => array(
1155         'riskbitmask' => RISK_SPAM,
1157         'captype' => 'write',
1158         'contextlevel' => CONTEXT_SYSTEM,
1159         'archetypes' => array(
1160             'teacher' => CAP_ALLOW,
1161             'editingteacher' => CAP_ALLOW,
1162             'manager' => CAP_ALLOW
1163         )
1164     ),
1166     'moodle/blog:manageexternal' => array(
1168         'riskbitmask' => RISK_SPAM,
1170         'captype' => 'write',
1171         'contextlevel' => CONTEXT_SYSTEM,
1172         'archetypes' => array(
1173             'student' => CAP_ALLOW,
1174             'user' => CAP_ALLOW,
1175             'teacher' => CAP_ALLOW,
1176             'editingteacher' => CAP_ALLOW,
1177             'manager' => CAP_ALLOW
1178         )
1179     ),
1181     // TODO: Remove 'moodle/blog:associatecourse' and 'moodle/blog:associatemodule' after a few releases.
1182     'moodle/blog:associatecourse' => array(
1184         'captype' => 'write',
1185         'contextlevel' => CONTEXT_COURSE,
1186         'archetypes' => array()
1187     ),
1189     'moodle/blog:associatemodule' => array(
1191         'captype' => 'write',
1192         'contextlevel' => CONTEXT_MODULE,
1193         'archetypes' => array()
1194     ),
1196     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1198         'riskbitmask' => RISK_SPAM,
1200         'captype' => 'write',
1201         'contextlevel' => CONTEXT_COURSE,
1202         'archetypes' => array(
1203             'user' => CAP_ALLOW,
1204             'manager' => CAP_ALLOW
1205         )
1206     ),
1208     'moodle/calendar:managegroupentries' => array(
1210         'riskbitmask' => RISK_SPAM,
1212         'captype' => 'write',
1213         'contextlevel' => CONTEXT_COURSE,
1214         'archetypes' => array(
1215             'teacher' => CAP_ALLOW,
1216             'editingteacher' => CAP_ALLOW,
1217             'manager' => CAP_ALLOW
1218         )
1219     ),
1221     'moodle/calendar:manageentries' => array(
1223         'riskbitmask' => RISK_SPAM,
1225         'captype' => 'write',
1226         'contextlevel' => CONTEXT_COURSE,
1227         'archetypes' => array(
1228             'teacher' => CAP_ALLOW,
1229             'editingteacher' => CAP_ALLOW,
1230             'manager' => CAP_ALLOW
1231         )
1232     ),
1234     'moodle/user:editprofile' => array(
1236         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1238         'captype' => 'write',
1239         'contextlevel' => CONTEXT_USER,
1240         'archetypes' => array(
1241             'manager' => CAP_ALLOW
1242         )
1243     ),
1245     'moodle/user:editownprofile' => array(
1247         'riskbitmask' => RISK_SPAM,
1249         'captype' => 'write',
1250         'contextlevel' => CONTEXT_SYSTEM,
1251         'archetypes' => array(
1252             'guest' => CAP_PROHIBIT,
1253             'user' => CAP_ALLOW,
1254             'manager' => CAP_ALLOW
1255         )
1256     ),
1258     'moodle/user:changeownpassword' => array(
1260         'captype' => 'write',
1261         'contextlevel' => CONTEXT_SYSTEM,
1262         'archetypes' => array(
1263             'guest' => CAP_PROHIBIT,
1264             'user' => CAP_ALLOW,
1265             'manager' => CAP_ALLOW
1266         )
1267     ),
1269     // The next 3 might make no sense for some roles, e.g teacher, etc.
1270     // since the next level up is site. These are more for the parent role
1271     'moodle/user:readuserposts' => array(
1273         'captype' => 'read',
1274         'contextlevel' => CONTEXT_USER,
1275         'archetypes' => array(
1276             'student' => CAP_ALLOW,
1277             'teacher' => CAP_ALLOW,
1278             'editingteacher' => CAP_ALLOW,
1279             'manager' => CAP_ALLOW
1280         )
1281     ),
1283     'moodle/user:readuserblogs' => array(
1285         'captype' => 'read',
1286         'contextlevel' => CONTEXT_USER,
1287         'archetypes' => array(
1288             'student' => CAP_ALLOW,
1289             'teacher' => CAP_ALLOW,
1290             'editingteacher' => CAP_ALLOW,
1291             'manager' => CAP_ALLOW
1292         )
1293     ),
1295     // designed for parent role - not used in legacy roles
1296     'moodle/user:viewuseractivitiesreport' => array(
1297         'riskbitmask' => RISK_PERSONAL,
1299         'captype' => 'read',
1300         'contextlevel' => CONTEXT_USER,
1301         'archetypes' => array(
1302         )
1303     ),
1305     //capabilities designed for the new message system configuration
1306     'moodle/user:editmessageprofile' => array(
1308          'riskbitmask' => RISK_SPAM,
1310          'captype' => 'write',
1311          'contextlevel' => CONTEXT_USER,
1312          'archetypes' => array(
1313              'manager' => CAP_ALLOW
1314          )
1315      ),
1317      'moodle/user:editownmessageprofile' => array(
1319          'captype' => 'write',
1320          'contextlevel' => CONTEXT_SYSTEM,
1321          'archetypes' => array(
1322              'guest' => CAP_PROHIBIT,
1323              'user' => CAP_ALLOW,
1324              'manager' => CAP_ALLOW
1325          )
1326      ),
1328     'moodle/question:managecategory' => array(
1329         'riskbitmask' => RISK_SPAM | RISK_XSS,
1330         'captype' => 'write',
1331         'contextlevel' => CONTEXT_COURSE,
1332         'archetypes' => array(
1333             'editingteacher' => CAP_ALLOW,
1334             'manager' => CAP_ALLOW
1335         )
1336     ),
1338     //new in moodle 1.9
1339     'moodle/question:add' => array(
1340         'riskbitmask' => RISK_SPAM | RISK_XSS,
1341         'captype' => 'write',
1342         'contextlevel' => CONTEXT_COURSE,
1343         'archetypes' => array(
1344             'editingteacher' => CAP_ALLOW,
1345             'manager' => CAP_ALLOW
1346         ),
1347         'clonepermissionsfrom' =>  'moodle/question:manage'
1348     ),
1349     'moodle/question:editmine' => array(
1350         'riskbitmask' => RISK_SPAM | RISK_XSS,
1351         'captype' => 'write',
1352         'contextlevel' => CONTEXT_COURSE,
1353         'archetypes' => array(
1354             'editingteacher' => CAP_ALLOW,
1355             'manager' => CAP_ALLOW
1356         ),
1357         'clonepermissionsfrom' =>  'moodle/question:manage'
1358     ),
1359     'moodle/question:editall' => array(
1360         'riskbitmask' => RISK_SPAM | RISK_XSS,
1361         'captype' => 'write',
1362         'contextlevel' => CONTEXT_COURSE,
1363         'archetypes' => array(
1364             'editingteacher' => CAP_ALLOW,
1365             'manager' => CAP_ALLOW
1366         ),
1367         'clonepermissionsfrom' =>  'moodle/question:manage'
1368     ),
1369     'moodle/question:viewmine' => array(
1370         'captype' => 'read',
1371         'contextlevel' => CONTEXT_COURSE,
1372         'archetypes' => array(
1373             'editingteacher' => CAP_ALLOW,
1374             'manager' => CAP_ALLOW
1375         ),
1376         'clonepermissionsfrom' =>  'moodle/question:manage'
1377     ),
1378     'moodle/question:viewall' => array(
1379         'captype' => 'read',
1380         'contextlevel' => CONTEXT_COURSE,
1381         'archetypes' => array(
1382             'editingteacher' => CAP_ALLOW,
1383             'manager' => CAP_ALLOW
1384         ),
1385         'clonepermissionsfrom' =>  'moodle/question:manage'
1386     ),
1387     'moodle/question:usemine' => array(
1388         'captype' => 'read',
1389         'contextlevel' => CONTEXT_COURSE,
1390         'archetypes' => array(
1391             'editingteacher' => CAP_ALLOW,
1392             'manager' => CAP_ALLOW
1393         ),
1394         'clonepermissionsfrom' =>  'moodle/question:manage'
1395     ),
1396     'moodle/question:useall' => array(
1397         'captype' => 'read',
1398         'contextlevel' => CONTEXT_COURSE,
1399         'archetypes' => array(
1400             'editingteacher' => CAP_ALLOW,
1401             'manager' => CAP_ALLOW
1402         ),
1403         'clonepermissionsfrom' =>  'moodle/question:manage'
1404     ),
1405     'moodle/question:movemine' => array(
1406         'captype' => 'write',
1407         'contextlevel' => CONTEXT_COURSE,
1408         'archetypes' => array(
1409             'editingteacher' => CAP_ALLOW,
1410             'manager' => CAP_ALLOW
1411         ),
1412         'clonepermissionsfrom' =>  'moodle/question:manage'
1413     ),
1414     'moodle/question:moveall' => array(
1415         'captype' => 'write',
1416         'contextlevel' => CONTEXT_COURSE,
1417         'archetypes' => array(
1418             'editingteacher' => CAP_ALLOW,
1419             'manager' => CAP_ALLOW
1420         ),
1421         'clonepermissionsfrom' =>  'moodle/question:manage'
1422     ),
1423     //END new in moodle 1.9
1425     // Configure the installed question types.
1426     'moodle/question:config' => array(
1427         'riskbitmask' => RISK_CONFIG,
1428         'captype' => 'write',
1429         'contextlevel' => CONTEXT_SYSTEM,
1430         'archetypes' => array(
1431             'manager' => CAP_ALLOW
1432         )
1433     ),
1435     // While attempting questions, the ability to flag particular questions for later reference.
1436     'moodle/question:flag' => array(
1437         'captype' => 'write',
1438         'contextlevel' => CONTEXT_COURSE,
1439         'archetypes' => array(
1440             'student' => CAP_ALLOW,
1441             'teacher' => CAP_ALLOW,
1442             'editingteacher' => CAP_ALLOW,
1443             'manager' => CAP_ALLOW
1444         )
1445     ),
1447     'moodle/site:doclinks' => array(
1448         'captype' => 'read',
1449         'contextlevel' => CONTEXT_SYSTEM,
1450         'archetypes' => array(
1451             'teacher' => CAP_ALLOW,
1452             'editingteacher' => CAP_ALLOW,
1453             'manager' => CAP_ALLOW
1454         )
1455     ),
1457     'moodle/course:sectionvisibility' => array(
1459         'captype' => 'write',
1460         'contextlevel' => CONTEXT_COURSE,
1461         'archetypes' => array(
1462             'editingteacher' => CAP_ALLOW,
1463             'manager' => CAP_ALLOW
1464         )
1465     ),
1467     'moodle/course:useremail' => array(
1469         'captype' => 'write',
1470         'contextlevel' => CONTEXT_COURSE,
1471         'archetypes' => array(
1472             'editingteacher' => CAP_ALLOW,
1473             'manager' => CAP_ALLOW
1474         )
1475     ),
1477     'moodle/course:viewhiddensections' => array(
1479         'captype' => 'write',
1480         'contextlevel' => CONTEXT_COURSE,
1481         'archetypes' => array(
1482             'editingteacher' => CAP_ALLOW,
1483             'manager' => CAP_ALLOW
1484         )
1485     ),
1487     'moodle/course:setcurrentsection' => array(
1489         'captype' => 'write',
1490         'contextlevel' => CONTEXT_COURSE,
1491         'archetypes' => array(
1492             'editingteacher' => CAP_ALLOW,
1493             'manager' => CAP_ALLOW
1494         )
1495     ),
1497     'moodle/course:movesections' => array(
1499         'captype' => 'write',
1500         'contextlevel' => CONTEXT_COURSE,
1501         'archetypes' => array(
1502             'editingteacher' => CAP_ALLOW,
1503             'manager' => CAP_ALLOW
1504         ),
1505         'clonepermissionsfrom' => 'moodle/course:update'
1506     ),
1508     'moodle/site:mnetlogintoremote' => array(
1510         'captype' => 'read',
1511         'contextlevel' => CONTEXT_SYSTEM,
1512         'archetypes' => array(
1513         )
1514     ),
1516     'moodle/grade:viewall' => array(
1517         'riskbitmask' => RISK_PERSONAL,
1518         'captype' => 'read',
1519         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1520         'archetypes' => array(
1521             'teacher' => CAP_ALLOW,
1522             'editingteacher' => CAP_ALLOW,
1523             'manager' => CAP_ALLOW
1524         ),
1525         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1526     ),
1528     'moodle/grade:view' => array(
1529         'captype' => 'read',
1530         'contextlevel' => CONTEXT_COURSE,
1531         'archetypes' => array(
1532             'student' => CAP_ALLOW
1533         )
1534     ),
1536     'moodle/grade:viewhidden' => array(
1537         'riskbitmask' => RISK_PERSONAL,
1538         'captype' => 'read',
1539         'contextlevel' => CONTEXT_COURSE,
1540         'archetypes' => array(
1541             'teacher' => CAP_ALLOW,
1542             'editingteacher' => CAP_ALLOW,
1543             'manager' => CAP_ALLOW
1544         ),
1545         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1546     ),
1548     'moodle/grade:import' => array(
1549         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1550         'captype' => 'write',
1551         'contextlevel' => CONTEXT_COURSE,
1552         'archetypes' => array(
1553             'editingteacher' => CAP_ALLOW,
1554             'manager' => CAP_ALLOW
1555         ),
1556         'clonepermissionsfrom' => 'moodle/course:managegrades'
1557     ),
1559     'moodle/grade:export' => array(
1560         'riskbitmask' => RISK_PERSONAL,
1561         'captype' => 'read',
1562         'contextlevel' => CONTEXT_COURSE,
1563         'archetypes' => array(
1564             'teacher' => CAP_ALLOW,
1565             'editingteacher' => CAP_ALLOW,
1566             'manager' => CAP_ALLOW
1567         ),
1568         'clonepermissionsfrom' => 'moodle/course:managegrades'
1569     ),
1571     'moodle/grade:manage' => array(
1572         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1573         'captype' => 'write',
1574         'contextlevel' => CONTEXT_COURSE,
1575         'archetypes' => array(
1576             'editingteacher' => CAP_ALLOW,
1577             'manager' => CAP_ALLOW
1578         ),
1579         'clonepermissionsfrom' => 'moodle/course:managegrades'
1580     ),
1582     'moodle/grade:edit' => array(
1583         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1584         'captype' => 'write',
1585         'contextlevel' => CONTEXT_COURSE,
1586         'archetypes' => array(
1587             'editingteacher' => CAP_ALLOW,
1588             'manager' => CAP_ALLOW
1589         ),
1590         'clonepermissionsfrom' => 'moodle/course:managegrades'
1591     ),
1593     // ability to define advanced grading forms in activities either from scratch
1594     // or from a shared template
1595     'moodle/grade:managegradingforms' => array(
1596         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1597         'captype' => 'write',
1598         'contextlevel' => CONTEXT_COURSE,
1599         'archetypes' => array(
1600             'editingteacher' => CAP_ALLOW,
1601             'manager' => CAP_ALLOW
1602         ),
1603         'clonepermissionsfrom' => 'moodle/course:managegrades'
1604     ),
1606     // ability to save a grading form as a new shared template and eventually edit
1607     // and remove own templates (templates originally shared by that user)
1608     'moodle/grade:sharegradingforms' => array(
1609         'riskbitmask' => RISK_XSS,
1610         'captype' => 'write',
1611         'contextlevel' => CONTEXT_SYSTEM,
1612         'archetypes' => array(
1613             'manager' => CAP_ALLOW
1614         ),
1615     ),
1617     // ability to edit and remove any shared template, even those originally shared
1618     // by other users
1619     'moodle/grade:managesharedforms' => array(
1620         'riskbitmask' => RISK_XSS,
1621         'captype' => 'write',
1622         'contextlevel' => CONTEXT_SYSTEM,
1623         'archetypes' => array(
1624             'manager' => CAP_ALLOW
1625         ),
1626     ),
1628     'moodle/grade:manageoutcomes' => array(
1629         'captype' => 'write',
1630         'contextlevel' => CONTEXT_COURSE,
1631         'archetypes' => array(
1632             'editingteacher' => CAP_ALLOW,
1633             'manager' => CAP_ALLOW
1634         ),
1635         'clonepermissionsfrom' => 'moodle/course:managegrades'
1636     ),
1638     'moodle/grade:manageletters' => array(
1639         'captype' => 'write',
1640         'contextlevel' => CONTEXT_COURSE,
1641         'archetypes' => array(
1642             'editingteacher' => CAP_ALLOW,
1643             'manager' => CAP_ALLOW
1644         ),
1645         'clonepermissionsfrom' => 'moodle/course:managegrades'
1646     ),
1648     'moodle/grade:hide' => array(
1649         'captype' => 'write',
1650         'contextlevel' => CONTEXT_COURSE,
1651         'archetypes' => array(
1652             'editingteacher' => CAP_ALLOW,
1653             'manager' => CAP_ALLOW
1654         )
1655     ),
1657     'moodle/grade:lock' => array(
1658         'captype' => 'write',
1659         'contextlevel' => CONTEXT_COURSE,
1660         'archetypes' => array(
1661             'editingteacher' => CAP_ALLOW,
1662             'manager' => CAP_ALLOW
1663         )
1664     ),
1666     'moodle/grade:unlock' => array(
1667         'captype' => 'write',
1668         'contextlevel' => CONTEXT_COURSE,
1669         'archetypes' => array(
1670             'editingteacher' => CAP_ALLOW,
1671             'manager' => CAP_ALLOW
1672         )
1673     ),
1675     'moodle/my:manageblocks' => array(
1676         'captype' => 'write',
1677         'contextlevel' => CONTEXT_SYSTEM,
1678         'archetypes' => array(
1679             'user' => CAP_ALLOW
1680         )
1681     ),
1683     'moodle/notes:view' => array(
1684         'captype' => 'read',
1685         'contextlevel' => CONTEXT_COURSE,
1686         'archetypes' => array(
1687             'teacher' => CAP_ALLOW,
1688             'editingteacher' => CAP_ALLOW,
1689             'manager' => CAP_ALLOW
1690         )
1691     ),
1693     'moodle/notes:manage' => array(
1694         'riskbitmask' => RISK_SPAM,
1696         'captype' => 'write',
1697         'contextlevel' => CONTEXT_COURSE,
1698         'archetypes' => array(
1699             'teacher' => CAP_ALLOW,
1700             'editingteacher' => CAP_ALLOW,
1701             'manager' => CAP_ALLOW
1702         )
1703     ),
1705     'moodle/tag:manage' => array(
1706         'riskbitmask' => RISK_SPAM,
1708         'captype' => 'write',
1709         'contextlevel' => CONTEXT_SYSTEM,
1710         'archetypes' => array(
1711             'manager' => CAP_ALLOW
1712         )
1713     ),
1715     'moodle/tag:edit' => array(
1716         'riskbitmask' => RISK_SPAM,
1718         'captype' => 'write',
1719         'contextlevel' => CONTEXT_SYSTEM,
1720         'archetypes' => array(
1721             'manager' => CAP_ALLOW
1722         )
1723     ),
1725     'moodle/tag:flag' => array(
1726         'riskbitmask' => RISK_SPAM,
1728         'captype' => 'write',
1729         'contextlevel' => CONTEXT_SYSTEM,
1730         'archetypes' => array(
1731             'user' => CAP_ALLOW
1732         )
1733     ),
1735     'moodle/tag:editblocks' => array(
1736         'captype' => 'write',
1737         'contextlevel' => CONTEXT_SYSTEM,
1738         'archetypes' => array(
1739             'teacher' => CAP_ALLOW,
1740             'editingteacher' => CAP_ALLOW,
1741             'manager' => CAP_ALLOW
1742         )
1743     ),
1745     'moodle/block:view' => array(
1746         'captype' => 'read',
1747         'contextlevel' => CONTEXT_BLOCK,
1748         'archetypes' => array(
1749             'guest' => CAP_ALLOW,
1750             'user' => CAP_ALLOW,
1751             'student' => CAP_ALLOW,
1752             'teacher' => CAP_ALLOW,
1753             'editingteacher' => CAP_ALLOW,
1754         )
1755     ),
1757     'moodle/block:edit' => array(
1758         'riskbitmask' => RISK_SPAM | RISK_XSS,
1760         'captype' => 'write',
1761         'contextlevel' => CONTEXT_BLOCK,
1762         'archetypes' => array(
1763             'editingteacher' => CAP_ALLOW,
1764             'manager' => CAP_ALLOW
1765         )
1766     ),
1768     'moodle/portfolio:export' => array(
1769         'captype' => 'read',
1770         'contextlevel' => CONTEXT_SYSTEM,
1771         'archetypes' => array(
1772             'user' => CAP_ALLOW,
1773             'student' => CAP_ALLOW,
1774             'teacher' => CAP_ALLOW,
1775             'editingteacher' => CAP_ALLOW,
1776         )
1777     ),
1778     'moodle/comment:view' => array(
1779         'captype' => 'read',
1780         'contextlevel' => CONTEXT_COURSE,
1781         'archetypes' => array(
1782             'frontpage' => CAP_ALLOW,
1783             'guest' => CAP_ALLOW,
1784             'user' => CAP_ALLOW,
1785             'student' => CAP_ALLOW,
1786             'teacher' => CAP_ALLOW,
1787             'editingteacher' => CAP_ALLOW,
1788             'manager' => CAP_ALLOW
1789         )
1790     ),
1791     'moodle/comment:post' => array(
1793         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1794         'captype' => 'write',
1795         'contextlevel' => CONTEXT_COURSE,
1796         'archetypes' => array(
1797             'user' => CAP_ALLOW,
1798             'student' => CAP_ALLOW,
1799             'teacher' => CAP_ALLOW,
1800             'editingteacher' => CAP_ALLOW,
1801             'manager' => CAP_ALLOW
1802         )
1803     ),
1804     'moodle/comment:delete' => array(
1806         'riskbitmask' => RISK_DATALOSS,
1807         'captype' => 'write',
1808         'contextlevel' => CONTEXT_COURSE,
1809         'archetypes' => array(
1810             'editingteacher' => CAP_ALLOW,
1811             'manager' => CAP_ALLOW
1812         )
1813     ),
1814     'moodle/webservice:createtoken' => array(
1816         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1817         'captype' => 'write',
1818         'contextlevel' => CONTEXT_SYSTEM,
1819         'archetypes' => array(
1820             'manager' => CAP_ALLOW
1821         )
1822     ),
1823     'moodle/webservice:createmobiletoken' => array(
1825         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1826         'captype' => 'write',
1827         'contextlevel' => CONTEXT_SYSTEM,
1828         'archetypes' => array(
1829             'user' => CAP_ALLOW
1830         )
1831     ),
1832     'moodle/rating:view' => array(
1834         'captype' => 'read',
1835         'contextlevel' => CONTEXT_COURSE,
1836         'archetypes' => array(
1837             'user' => CAP_ALLOW,
1838             'student' => CAP_ALLOW,
1839             'teacher' => CAP_ALLOW,
1840             'editingteacher' => CAP_ALLOW,
1841             'manager' => CAP_ALLOW
1842         )
1843     ),
1844     'moodle/rating:viewany' => array(
1846         'riskbitmask' => RISK_PERSONAL,
1847         'captype' => 'read',
1848         'contextlevel' => CONTEXT_COURSE,
1849         'archetypes' => array(
1850             'user' => CAP_ALLOW,
1851             'student' => CAP_ALLOW,
1852             'teacher' => CAP_ALLOW,
1853             'editingteacher' => CAP_ALLOW,
1854             'manager' => CAP_ALLOW
1855         )
1856     ),
1857     'moodle/rating:viewall' => array(
1859         'riskbitmask' => RISK_PERSONAL,
1860         'captype' => 'read',
1861         'contextlevel' => CONTEXT_COURSE,
1862         'archetypes' => array(
1863             'user' => CAP_ALLOW,
1864             'student' => CAP_ALLOW,
1865             'teacher' => CAP_ALLOW,
1866             'editingteacher' => CAP_ALLOW,
1867             'manager' => CAP_ALLOW
1868         )
1869     ),
1870     'moodle/rating:rate' => array(
1872         'captype' => 'write',
1873         'contextlevel' => CONTEXT_COURSE,
1874         'archetypes' => array(
1875             'user' => CAP_ALLOW,
1876             'student' => CAP_ALLOW,
1877             'teacher' => CAP_ALLOW,
1878             'editingteacher' => CAP_ALLOW,
1879             'manager' => CAP_ALLOW
1880         )
1881     ),
1882      'moodle/course:publish' => array(
1884         'captype' => 'write',
1885         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1886         'contextlevel' => CONTEXT_SYSTEM,
1887         'archetypes' => array(
1888             'manager' => CAP_ALLOW
1889         )
1890     ),
1891     'moodle/course:markcomplete' => array(
1892         'captype' => 'write',
1893         'contextlevel' => CONTEXT_COURSE,
1894         'archetypes' => array(
1895             'teacher' => CAP_ALLOW,
1896             'editingteacher' => CAP_ALLOW,
1897             'manager' => CAP_ALLOW
1898         )
1899     ),
1900     'moodle/community:add' => array(
1901         'captype' => 'write',
1902         'contextlevel' => CONTEXT_SYSTEM,
1903         'archetypes' => array(
1904             'manager' => CAP_ALLOW,
1905             'teacher' => CAP_ALLOW,
1906             'editingteacher' => CAP_ALLOW,
1907         )
1908     ),
1909     'moodle/community:download' => array(
1910         'captype' => 'write',
1911         'contextlevel' => CONTEXT_SYSTEM,
1912         'archetypes' => array(
1913             'manager' => CAP_ALLOW,
1914             'editingteacher' => CAP_ALLOW,
1915         )
1916     ),
1918     // Badges.
1919     'moodle/badges:manageglobalsettings' => array(
1920         'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
1921         'captype'      => 'write',
1922         'contextlevel' => CONTEXT_SYSTEM,
1923         'archetypes'   => array(
1924             'manager'       => CAP_ALLOW,
1925         )
1926     ),
1928     // View available badges without earning them.
1929     'moodle/badges:viewbadges' => array(
1930         'captype'       => 'read',
1931         'contextlevel'  => CONTEXT_COURSE,
1932         'archetypes'    => array(
1933             'user'          => CAP_ALLOW,
1934         )
1935     ),
1937     // Manage badges on own private badges page.
1938     'moodle/badges:manageownbadges' => array(
1939         'riskbitmap'    => RISK_SPAM,
1940         'captype'       => 'write',
1941         'contextlevel'  => CONTEXT_USER,
1942         'archetypes'    => array(
1943             'user'    => CAP_ALLOW
1944         )
1945     ),
1947     // View public badges in other users' profiles.
1948     'moodle/badges:viewotherbadges' => array(
1949         'riskbitmap'    => RISK_PERSONAL,
1950         'captype'       => 'read',
1951         'contextlevel'  => CONTEXT_USER,
1952         'archetypes'    => array(
1953             'user'    => CAP_ALLOW
1954         )
1955     ),
1957     // Earn badge.
1958     'moodle/badges:earnbadge' => array(
1959         'captype'       => 'write',
1960         'contextlevel'  => CONTEXT_COURSE,
1961         'archetypes'    => array(
1962             'user'           => CAP_ALLOW,
1963         )
1964     ),
1966     // Create/duplicate badges.
1967     'moodle/badges:createbadge' => array(
1968         'riskbitmask'  => RISK_SPAM,
1969         'captype'      => 'write',
1970         'contextlevel' => CONTEXT_COURSE,
1971         'archetypes'   => array(
1972             'manager'        => CAP_ALLOW,
1973             'editingteacher' => CAP_ALLOW,
1974         )
1975     ),
1977     // Delete badges.
1978     'moodle/badges:deletebadge' => array(
1979         'riskbitmask'  => RISK_DATALOSS,
1980         'captype'      => 'write',
1981         'contextlevel' => CONTEXT_COURSE,
1982         'archetypes'   => array(
1983             'manager'        => CAP_ALLOW,
1984             'editingteacher' => CAP_ALLOW,
1985         )
1986     ),
1988     // Set up/edit badge details.
1989     'moodle/badges:configuredetails' => array(
1990         'riskbitmask'  => RISK_SPAM,
1991         'captype'      => 'write',
1992         'contextlevel' => CONTEXT_COURSE,
1993         'archetypes'   => array(
1994             'manager'        => CAP_ALLOW,
1995             'editingteacher' => CAP_ALLOW,
1996         )
1997     ),
1999     // Set up/edit criteria of earning a badge.
2000     'moodle/badges:configurecriteria' => array(
2001         'riskbitmask'  => RISK_XSS,
2002         'captype'      => 'write',
2003         'contextlevel' => CONTEXT_COURSE,
2004         'archetypes'   => array(
2005             'manager'        => CAP_ALLOW,
2006             'editingteacher' => CAP_ALLOW,
2007         )
2008     ),
2010     // Configure badge messages.
2011     'moodle/badges:configuremessages' => array(
2012         'riskbitmask'  => RISK_SPAM,
2013         'captype'      => 'write',
2014         'contextlevel' => CONTEXT_COURSE,
2015         'archetypes'   => array(
2016             'manager'        => CAP_ALLOW,
2017             'editingteacher' => CAP_ALLOW,
2018         )
2019     ),
2021     // Award badge to a user.
2022     'moodle/badges:awardbadge' => array(
2023         'riskbitmask'  => RISK_SPAM,
2024         'captype'      => 'write',
2025         'contextlevel' => CONTEXT_COURSE,
2026         'archetypes'   => array(
2027             'manager'        => CAP_ALLOW,
2028             'teacher'        => CAP_ALLOW,
2029             'editingteacher' => CAP_ALLOW,
2030         )
2031     ),
2033     // View users who earned a specific badge without being able to award a badge.
2034     'moodle/badges:viewawarded' => array(
2035         'riskbitmask'  => RISK_PERSONAL,
2036         'captype'      => 'read',
2037         'contextlevel' => CONTEXT_COURSE,
2038         'archetypes'   => array(
2039                 'manager'        => CAP_ALLOW,
2040                 'teacher'        => CAP_ALLOW,
2041                 'editingteacher' => CAP_ALLOW,
2042         )
2043     ),
2045     'moodle/site:forcelanguage' => array(
2046         'captype' => 'read',
2047         'contextlevel' => CONTEXT_SYSTEM,
2048         'archetypes' => array(
2049         )
2050     )
2051 );