weekly release 2.3dev
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * @package    core_access
46  * @category   access
47  * @copyright  2006 onwards Martin Dougiamas  http://dougiamas.com
48  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
49  */
51 defined('MOODLE_INTERNAL') || die();
53 $capabilities = array(
54     'moodle/site:config' => array(
56         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
58         'captype' => 'write',
59         'contextlevel' => CONTEXT_SYSTEM,
60         'archetypes' => array(
61         )
62     ),
64     'moodle/site:readallmessages' => array(
66         'riskbitmask' => RISK_PERSONAL,
68         'captype' => 'read',
69         'contextlevel' => CONTEXT_SYSTEM,
70         'archetypes' => array(
71             'manager' => CAP_ALLOW,
72             'editingteacher' => CAP_ALLOW
73         )
74     ),
76     'moodle/site:sendmessage' => array(
78         'riskbitmask' => RISK_SPAM,
80         'captype' => 'write',
81         'contextlevel' => CONTEXT_SYSTEM,
82         'archetypes' => array(
83             'manager' => CAP_ALLOW,
84             'user' => CAP_ALLOW
85         )
86     ),
88     'moodle/site:approvecourse' => array(
90         'riskbitmask' => RISK_XSS,
92         'captype' => 'write',
93         'contextlevel' => CONTEXT_SYSTEM,
94         'archetypes' => array(
95             'manager' => CAP_ALLOW
96         )
97     ),
99     'moodle/backup:backupcourse' => array(
101         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
103         'captype' => 'write',
104         'contextlevel' => CONTEXT_COURSE,
105         'archetypes' => array(
106             'editingteacher' => CAP_ALLOW,
107             'manager' => CAP_ALLOW
108         ),
110         'clonepermissionsfrom' =>  'moodle/site:backup'
111     ),
113     'moodle/backup:backupsection' => array(
115         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
117         'captype' => 'write',
118         'contextlevel' => CONTEXT_COURSE,
119         'archetypes' => array(
120             'editingteacher' => CAP_ALLOW,
121             'manager' => CAP_ALLOW
122         ),
124         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
125     ),
127     'moodle/backup:backupactivity' => array(
129         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
131         'captype' => 'write',
132         'contextlevel' => CONTEXT_MODULE,
133         'archetypes' => array(
134             'editingteacher' => CAP_ALLOW,
135             'manager' => CAP_ALLOW
136         ),
138         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
139     ),
141     'moodle/backup:backuptargethub' => array(
143         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
145         'captype' => 'write',
146         'contextlevel' => CONTEXT_COURSE,
147         'archetypes' => array(
148             'editingteacher' => CAP_ALLOW,
149             'manager' => CAP_ALLOW
150         ),
152         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
153     ),
155     'moodle/backup:backuptargetimport' => array(
157         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
159         'captype' => 'write',
160         'contextlevel' => CONTEXT_COURSE,
161         'archetypes' => array(
162             'editingteacher' => CAP_ALLOW,
163             'manager' => CAP_ALLOW
164         ),
166         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
167     ),
169     'moodle/backup:downloadfile' => array(
171         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
173         'captype' => 'write',
174         'contextlevel' => CONTEXT_COURSE,
175         'archetypes' => array(
176             'editingteacher' => CAP_ALLOW,
177             'manager' => CAP_ALLOW
178         ),
180         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
181     ),
183     'moodle/backup:configure' => array(
185         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
187         'captype' => 'write',
188         'contextlevel' => CONTEXT_COURSE,
189         'archetypes' => array(
190             'editingteacher' => CAP_ALLOW,
191             'manager' => CAP_ALLOW
192         )
193     ),
195     'moodle/backup:userinfo' => array(
197         'riskbitmask' => RISK_PERSONAL,
199         'captype' => 'read',
200         'contextlevel' => CONTEXT_COURSE,
201         'archetypes' => array(
202             'manager' => CAP_ALLOW
203         )
204     ),
206     'moodle/backup:anonymise' => array(
208         'riskbitmask' => RISK_PERSONAL,
210         'captype' => 'read',
211         'contextlevel' => CONTEXT_COURSE,
212         'archetypes' => array(
213             'manager' => CAP_ALLOW
214         )
215     ),
217     'moodle/restore:restorecourse' => array(
219         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
221         'captype' => 'write',
222         'contextlevel' => CONTEXT_COURSE,
223         'archetypes' => array(
224             'editingteacher' => CAP_ALLOW,
225             'manager' => CAP_ALLOW
226         ),
228         'clonepermissionsfrom' =>  'moodle/site:restore'
229     ),
231     'moodle/restore:restoresection' => array(
233         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
235         'captype' => 'write',
236         'contextlevel' => CONTEXT_COURSE,
237         'archetypes' => array(
238             'editingteacher' => CAP_ALLOW,
239             'manager' => CAP_ALLOW
240         ),
242         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
243     ),
245     'moodle/restore:restoreactivity' => array(
247         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
249         'captype' => 'write',
250         'contextlevel' => CONTEXT_COURSE,
251         'archetypes' => array(
252             'editingteacher' => CAP_ALLOW,
253             'manager' => CAP_ALLOW
254         ),
256         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
257     ),
259     'moodle/restore:viewautomatedfilearea' => array(
261         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
263         'captype' => 'write',
264         'contextlevel' => CONTEXT_COURSE,
265     ),
267     'moodle/restore:restoretargethub' => array(
269         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
271         'captype' => 'write',
272         'contextlevel' => CONTEXT_COURSE,
273         'archetypes' => array(
274             'editingteacher' => CAP_ALLOW,
275             'manager' => CAP_ALLOW
276         ),
278         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
279     ),
281     'moodle/restore:restoretargetimport' => array(
283         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
285         'captype' => 'write',
286         'contextlevel' => CONTEXT_COURSE,
287         'archetypes' => array(
288             'editingteacher' => CAP_ALLOW,
289             'manager' => CAP_ALLOW
290         ),
292         'clonepermissionsfrom' =>  'moodle/site:import'
293     ),
295     'moodle/restore:uploadfile' => array(
297         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
299         'captype' => 'write',
300         'contextlevel' => CONTEXT_COURSE,
301         'archetypes' => array(
302             'editingteacher' => CAP_ALLOW,
303             'manager' => CAP_ALLOW
304         ),
306         'clonepermissionsfrom' =>  'moodle/site:backupupload'
307     ),
309     'moodle/restore:configure' => array(
311         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
313         'captype' => 'write',
314         'contextlevel' => CONTEXT_COURSE,
315         'archetypes' => array(
316             'editingteacher' => CAP_ALLOW,
317             'manager' => CAP_ALLOW
318         )
319     ),
321     'moodle/restore:rolldates' => array(
323         'captype' => 'write',
324         'contextlevel' => CONTEXT_COURSE,
325         'archetypes' => array(
326             'coursecreator' => CAP_ALLOW,
327             'manager' => CAP_ALLOW
328         )
329     ),
331     'moodle/restore:userinfo' => array(
333         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
335         'captype' => 'write',
336         'contextlevel' => CONTEXT_COURSE,
337         'archetypes' => array(
338             'manager' => CAP_ALLOW
339         )
340     ),
342     'moodle/restore:createuser' => array(
344         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
346         'captype' => 'write',
347         'contextlevel' => CONTEXT_SYSTEM,
348         'archetypes' => array(
349             'manager' => CAP_ALLOW
350         )
351     ),
353     'moodle/site:manageblocks' => array(
355         'riskbitmask' => RISK_SPAM | RISK_XSS,
357         'captype' => 'write',
358         'contextlevel' => CONTEXT_BLOCK,
359         'archetypes' => array(
360             'editingteacher' => CAP_ALLOW,
361             'manager' => CAP_ALLOW
362         )
363     ),
365     'moodle/site:accessallgroups' => array(
367         'captype' => 'read',
368         'contextlevel' => CONTEXT_COURSE,
369         'archetypes' => array(
370             'teacher' => CAP_ALLOW,
371             'editingteacher' => CAP_ALLOW,
372             'manager' => CAP_ALLOW
373         )
374     ),
376     'moodle/site:viewfullnames' => array(
378         'captype' => 'read',
379         'contextlevel' => CONTEXT_COURSE,
380         'archetypes' => array(
381             'teacher' => CAP_ALLOW,
382             'editingteacher' => CAP_ALLOW,
383             'manager' => CAP_ALLOW
384         )
385     ),
387     // In reports that give lists of users, extra information about each user's
388     // identity (the fields configured in site option showuseridentity) will be
389     // displayed to users who have this capability.
390     'moodle/site:viewuseridentity' => array(
392         'captype' => 'read',
393         'contextlevel' => CONTEXT_COURSE,
394         'archetypes' => array(
395             'teacher' => CAP_ALLOW,
396             'editingteacher' => CAP_ALLOW,
397             'manager' => CAP_ALLOW
398         )
399     ),
401     'moodle/site:viewreports' => array(
403         'riskbitmask' => RISK_PERSONAL,
405         'captype' => 'read',
406         'contextlevel' => CONTEXT_COURSE,
407         'archetypes' => array(
408             'teacher' => CAP_ALLOW,
409             'editingteacher' => CAP_ALLOW,
410             'manager' => CAP_ALLOW
411         )
412     ),
414     'moodle/site:trustcontent' => array(
416         'riskbitmask' => RISK_XSS,
418         'captype' => 'write',
419         'contextlevel' => CONTEXT_COURSE,
420         'archetypes' => array(
421             'editingteacher' => CAP_ALLOW,
422             'manager' => CAP_ALLOW
423         )
424     ),
426     'moodle/site:uploadusers' => array(
428         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
430         'captype' => 'write',
431         'contextlevel' => CONTEXT_SYSTEM,
432         'archetypes' => array(
433             'manager' => CAP_ALLOW
434         )
435     ),
437     // Permission to manage filter setting overrides in subcontexts.
438     'moodle/filter:manage' => array(
440         'captype' => 'write',
441         'contextlevel' => CONTEXT_COURSE,
442         'archetypes' => array(
443             'editingteacher' => CAP_ALLOW,
444             'manager' => CAP_ALLOW,
445         )
446     ),
448     'moodle/user:create' => array(
450         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
452         'captype' => 'write',
453         'contextlevel' => CONTEXT_SYSTEM,
454         'archetypes' => array(
455             'manager' => CAP_ALLOW
456         )
457     ),
459     'moodle/user:delete' => array(
461         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
463         'captype' => 'write',
464         'contextlevel' => CONTEXT_SYSTEM,
465         'archetypes' => array(
466             'manager' => CAP_ALLOW
467         )
468     ),
470     'moodle/user:update' => array(
472         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
474         'captype' => 'write',
475         'contextlevel' => CONTEXT_SYSTEM,
476         'archetypes' => array(
477             'manager' => CAP_ALLOW
478         )
479     ),
481     'moodle/user:viewdetails' => array(
483         'captype' => 'read',
484         'contextlevel' => CONTEXT_COURSE,
485         'archetypes' => array(
486             'guest' => CAP_ALLOW,
487             'student' => CAP_ALLOW,
488             'teacher' => CAP_ALLOW,
489             'editingteacher' => CAP_ALLOW,
490             'manager' => CAP_ALLOW
491         )
492     ),
494     'moodle/user:viewalldetails' => array(
495         'riskbitmask' => RISK_PERSONAL,
496         'captype' => 'read',
497         'contextlevel' => CONTEXT_USER,
498         'archetypes' => array(
499             'manager' => CAP_ALLOW
500         ),
501         'clonepermissionsfrom' => 'moodle/user:update'
502     ),
504     'moodle/user:viewhiddendetails' => array(
506         'riskbitmask' => RISK_PERSONAL,
508         'captype' => 'read',
509         'contextlevel' => CONTEXT_COURSE,
510         'archetypes' => array(
511             'teacher' => CAP_ALLOW,
512             'editingteacher' => CAP_ALLOW,
513             'manager' => CAP_ALLOW
514         )
515     ),
517     'moodle/user:loginas' => array(
519         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
521         'captype' => 'write',
522         'contextlevel' => CONTEXT_COURSE,
523         'archetypes' => array(
524             'manager' => CAP_ALLOW
525         )
526     ),
528     // can the user manage the system default profile page?
529     'moodle/user:managesyspages' => array(
531         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
533         'captype' => 'write',
534         'contextlevel' => CONTEXT_SYSTEM,
535         'archetypes' => array(
536             'manager' => CAP_ALLOW
537         )
538     ),
540     // can the user manage another user's profile page?
541     'moodle/user:manageblocks' => array(
543         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
545         'captype' => 'write',
546         'contextlevel' => CONTEXT_USER
547     ),
549     // can the user manage their own profile page?
550     'moodle/user:manageownblocks' => array(
552         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
554         'captype' => 'write',
555         'contextlevel' => CONTEXT_SYSTEM,
556         'archetypes' => array(
557             'user' => CAP_ALLOW
558         )
559     ),
561     // can the user manage their own files?
562     'moodle/user:manageownfiles' => array(
564         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
566         'captype' => 'write',
567         'contextlevel' => CONTEXT_SYSTEM,
568         'archetypes' => array(
569             'user' => CAP_ALLOW
570         )
571     ),
573     // can the user manage the system default dashboard page?
574     'moodle/my:configsyspages' => array(
576         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
578         'captype' => 'write',
579         'contextlevel' => CONTEXT_SYSTEM,
580         'archetypes' => array(
581             'manager' => CAP_ALLOW
582         )
583     ),
585     'moodle/role:assign' => array(
587         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
589         'captype' => 'write',
590         'contextlevel' => CONTEXT_COURSE,
591         'archetypes' => array(
592             'editingteacher' => CAP_ALLOW,
593             'manager' => CAP_ALLOW
594         )
595     ),
597     'moodle/role:review' => array(
599         'riskbitmask' => RISK_PERSONAL,
601         'captype' => 'read',
602         'contextlevel' => CONTEXT_COURSE,
603         'archetypes' => array(
604             'teacher' => CAP_ALLOW,
605             'editingteacher' => CAP_ALLOW,
606             'manager' => CAP_ALLOW
607         )
608     ),
610     'moodle/role:override' => array(
612         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
614         'captype' => 'write',
615         'contextlevel' => CONTEXT_COURSE,
616         'archetypes' => array(
617             'manager' => CAP_ALLOW
618         )
619     ),
621     'moodle/role:safeoverride' => array(
623         'riskbitmask' => RISK_SPAM,
625         'captype' => 'write',
626         'contextlevel' => CONTEXT_COURSE,
627         'archetypes' => array(
628             'editingteacher' => CAP_ALLOW
629         )
630     ),
632     'moodle/role:manage' => array(
634         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
636         'captype' => 'write',
637         'contextlevel' => CONTEXT_SYSTEM,
638         'archetypes' => array(
639             'manager' => CAP_ALLOW
640         )
641     ),
643     'moodle/role:switchroles' => array(
645         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
647         'captype' => 'read',
648         'contextlevel' => CONTEXT_COURSE,
649         'archetypes' => array(
650             'editingteacher' => CAP_ALLOW,
651             'manager' => CAP_ALLOW
652         )
653     ),
655     // Create, update and delete course categories. (Deleting a course category
656     // does not let you delete the courses it contains, unless you also have
657     // moodle/course: delete.) Creating and deleting requires this permission in
658     // the parent category.
659     'moodle/category:manage' => array(
661         'riskbitmask' => RISK_XSS,
663         'captype' => 'write',
664         'contextlevel' => CONTEXT_COURSECAT,
665         'archetypes' => array(
666             'manager' => CAP_ALLOW
667         ),
668         'clonepermissionsfrom' => 'moodle/category:update'
669     ),
671     'moodle/category:viewhiddencategories' => array(
673         'captype' => 'read',
674         'contextlevel' => CONTEXT_COURSECAT,
675         'archetypes' => array(
676             'coursecreator' => CAP_ALLOW,
677             'manager' => CAP_ALLOW
678         ),
679         'clonepermissionsfrom' => 'moodle/category:visibility'
680     ),
682     // create, delete, move cohorts in system and course categories,
683     // (cohorts with component !== null can be only moved)
684     'moodle/cohort:manage' => array(
686         'captype' => 'write',
687         'contextlevel' => CONTEXT_COURSECAT,
688         'archetypes' => array(
689             'manager' => CAP_ALLOW
690         )
691     ),
693     // add and remove cohort members (only for cohorts where component !== null)
694     'moodle/cohort:assign' => array(
696         'captype' => 'write',
697         'contextlevel' => CONTEXT_COURSECAT,
698         'archetypes' => array(
699             'manager' => CAP_ALLOW
700         )
701     ),
703     // view members of a cohort, this can be used in course context too,
704     // this also controls the ability to actually use cohort
705     'moodle/cohort:view' => array(
707         'captype' => 'read',
708         'contextlevel' => CONTEXT_COURSE,
709         'archetypes' => array(
710             'editingteacher' => CAP_ALLOW,
711             'manager' => CAP_ALLOW
712         )
713     ),
715     'moodle/course:create' => array(
717         'riskbitmask' => RISK_XSS,
719         'captype' => 'write',
720         'contextlevel' => CONTEXT_COURSECAT,
721         'archetypes' => array(
722             'coursecreator' => CAP_ALLOW,
723             'manager' => CAP_ALLOW
724         )
725     ),
727     'moodle/course:request' => array(
728         'captype' => 'write',
729         'contextlevel' => CONTEXT_SYSTEM,
730         'archetypes' => array(
731             'user' => CAP_ALLOW,
732         )
733     ),
735     'moodle/course:delete' => array(
737         'riskbitmask' => RISK_DATALOSS,
739         'captype' => 'write',
740         'contextlevel' => CONTEXT_COURSE,
741         'archetypes' => array(
742             'manager' => CAP_ALLOW
743         )
744     ),
746     'moodle/course:update' => array(
748         'riskbitmask' => RISK_XSS,
750         'captype' => 'write',
751         'contextlevel' => CONTEXT_COURSE,
752         'archetypes' => array(
753             'editingteacher' => CAP_ALLOW,
754             'manager' => CAP_ALLOW
755         )
756     ),
758     'moodle/course:view' => array(
760         'captype' => 'read',
761         'contextlevel' => CONTEXT_COURSE,
762         'archetypes' => array(
763             'manager' => CAP_ALLOW,
764         )
765     ),
767     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
768     'moodle/course:enrolreview' => array(
770         'riskbitmask' => RISK_PERSONAL,
772         'captype' => 'read',
773         'contextlevel' => CONTEXT_COURSE,
774         'archetypes' => array(
775             'editingteacher' => CAP_ALLOW,
776             'manager' => CAP_ALLOW,
777         )
778     ),
780     /* add, remove, hide enrol instances in courses */
781     'moodle/course:enrolconfig' => array(
783         'riskbitmask' => RISK_PERSONAL,
785         'captype' => 'write',
786         'contextlevel' => CONTEXT_COURSE,
787         'archetypes' => array(
788             'editingteacher' => CAP_ALLOW,
789             'manager' => CAP_ALLOW,
790         )
791     ),
793     'moodle/course:bulkmessaging' => array(
795         'riskbitmask' => RISK_SPAM,
797         'captype' => 'write',
798         'contextlevel' => CONTEXT_COURSE,
799         'archetypes' => array(
800             'teacher' => CAP_ALLOW,
801             'editingteacher' => CAP_ALLOW,
802             'manager' => CAP_ALLOW
803         )
804     ),
806     'moodle/course:viewhiddenuserfields' => array(
808         'riskbitmask' => RISK_PERSONAL,
810         'captype' => 'read',
811         'contextlevel' => CONTEXT_COURSE,
812         'archetypes' => array(
813             'teacher' => CAP_ALLOW,
814             'editingteacher' => CAP_ALLOW,
815             'manager' => CAP_ALLOW
816         )
817     ),
819     'moodle/course:viewhiddencourses' => array(
821         'captype' => 'read',
822         'contextlevel' => CONTEXT_COURSE,
823         'archetypes' => array(
824             'coursecreator' => CAP_ALLOW,
825             'teacher' => CAP_ALLOW,
826             'editingteacher' => CAP_ALLOW,
827             'manager' => CAP_ALLOW
828         )
829     ),
831     'moodle/course:visibility' => array(
833         'captype' => 'write',
834         'contextlevel' => CONTEXT_COURSE,
835         'archetypes' => array(
836             'editingteacher' => CAP_ALLOW,
837             'manager' => CAP_ALLOW
838         )
839     ),
841     'moodle/course:managefiles' => array(
843         'riskbitmask' => RISK_XSS,
845         'captype' => 'write',
846         'contextlevel' => CONTEXT_COURSE,
847         'archetypes' => array(
848             'editingteacher' => CAP_ALLOW,
849             'manager' => CAP_ALLOW
850         )
851     ),
853     'moodle/course:manageactivities' => array(
855         'riskbitmask' => RISK_XSS,
857         'captype' => 'write',
858         'contextlevel' => CONTEXT_MODULE,
859         'archetypes' => array(
860             'editingteacher' => CAP_ALLOW,
861             'manager' => CAP_ALLOW
862         )
863     ),
865     'moodle/course:activityvisibility' => array(
867         'captype' => 'write',
868         'contextlevel' => CONTEXT_MODULE,
869         'archetypes' => array(
870             'editingteacher' => CAP_ALLOW,
871             'manager' => CAP_ALLOW
872         )
873     ),
875     'moodle/course:viewhiddenactivities' => array(
877         'captype' => 'write',
878         'contextlevel' => CONTEXT_MODULE,
879         'archetypes' => array(
880             'teacher' => CAP_ALLOW,
881             'editingteacher' => CAP_ALLOW,
882             'manager' => CAP_ALLOW
883         )
884     ),
886     'moodle/course:viewparticipants' => array(
888         'captype' => 'read',
889         'contextlevel' => CONTEXT_COURSE,
890         'archetypes' => array(
891             'student' => CAP_ALLOW,
892             'teacher' => CAP_ALLOW,
893             'editingteacher' => CAP_ALLOW,
894             'manager' => CAP_ALLOW
895         )
896     ),
898     'moodle/course:changefullname' => array(
900         'riskbitmask' => RISK_XSS,
902         'captype' => 'write',
903         'contextlevel' => CONTEXT_COURSE,
904         'archetypes' => array(
905             'editingteacher' => CAP_ALLOW,
906             'manager' => CAP_ALLOW
907         ),
908         'clonepermissionsfrom' => 'moodle/course:update'
909     ),
911     'moodle/course:changeshortname' => array(
913         'riskbitmask' => RISK_XSS,
915         'captype' => 'write',
916         'contextlevel' => CONTEXT_COURSE,
917         'archetypes' => array(
918             'editingteacher' => CAP_ALLOW,
919             'manager' => CAP_ALLOW
920         ),
921         'clonepermissionsfrom' => 'moodle/course:update'
922     ),
924     'moodle/course:changeidnumber' => array(
926         'riskbitmask' => RISK_XSS,
928         'captype' => 'write',
929         'contextlevel' => CONTEXT_COURSE,
930         'archetypes' => array(
931             'editingteacher' => CAP_ALLOW,
932             'manager' => CAP_ALLOW
933         ),
934         'clonepermissionsfrom' => 'moodle/course:update'
935     ),
936     'moodle/course:changecategory' => array(
937         'riskbitmask' => RISK_XSS,
939         'captype' => 'write',
940         'contextlevel' => CONTEXT_COURSE,
941         'archetypes' => array(
942             'editingteacher' => CAP_ALLOW,
943             'manager' => CAP_ALLOW
944         ),
945         'clonepermissionsfrom' => 'moodle/course:update'
946     ),
948     'moodle/course:changesummary' => array(
949         'riskbitmask' => RISK_XSS,
951         'captype' => 'write',
952         'contextlevel' => CONTEXT_COURSE,
953         'archetypes' => array(
954             'editingteacher' => CAP_ALLOW,
955             'manager' => CAP_ALLOW
956         ),
957         'clonepermissionsfrom' => 'moodle/course:update'
958     ),
961     'moodle/site:viewparticipants' => array(
963         'captype' => 'read',
964         'contextlevel' => CONTEXT_SYSTEM,
965         'archetypes' => array(
966             'manager' => CAP_ALLOW
967         )
968     ),
970     'moodle/course:viewscales' => array(
972         'captype' => 'read',
973         'contextlevel' => CONTEXT_COURSE,
974         'archetypes' => array(
975             'student' => CAP_ALLOW,
976             'teacher' => CAP_ALLOW,
977             'editingteacher' => CAP_ALLOW,
978             'manager' => CAP_ALLOW
979         )
980     ),
982     'moodle/course:managescales' => array(
984         'captype' => 'write',
985         'contextlevel' => CONTEXT_COURSE,
986         'archetypes' => array(
987             'editingteacher' => CAP_ALLOW,
988             'manager' => CAP_ALLOW
989         )
990     ),
992     'moodle/course:managegroups' => array(
994         'captype' => 'write',
995         'contextlevel' => CONTEXT_COURSE,
996         'archetypes' => array(
997             'editingteacher' => CAP_ALLOW,
998             'manager' => CAP_ALLOW
999         )
1000     ),
1002     'moodle/course:reset' => array(
1004         'riskbitmask' => RISK_DATALOSS,
1006         'captype' => 'write',
1007         'contextlevel' => CONTEXT_COURSE,
1008         'archetypes' => array(
1009             'editingteacher' => CAP_ALLOW,
1010             'manager' => CAP_ALLOW
1011         )
1012     ),
1014     'moodle/blog:view' => array(
1016         'captype' => 'read',
1017         'contextlevel' => CONTEXT_SYSTEM,
1018         'archetypes' => array(
1019             'guest' => CAP_ALLOW,
1020             'user' => CAP_ALLOW,
1021             'student' => CAP_ALLOW,
1022             'teacher' => CAP_ALLOW,
1023             'editingteacher' => CAP_ALLOW,
1024             'manager' => CAP_ALLOW
1025         )
1026     ),
1028     'moodle/blog:search' => array(
1029         'captype' => 'read',
1030         'contextlevel' => CONTEXT_SYSTEM,
1031         'archetypes' => array(
1032             'guest' => CAP_ALLOW,
1033             'user' => CAP_ALLOW,
1034             'student' => CAP_ALLOW,
1035             'teacher' => CAP_ALLOW,
1036             'editingteacher' => CAP_ALLOW,
1037             'manager' => CAP_ALLOW
1038         )
1039     ),
1041     'moodle/blog:viewdrafts' => array(
1043         'riskbitmask' => RISK_PERSONAL,
1044         'captype' => 'read',
1045         'contextlevel' => CONTEXT_SYSTEM,
1046         'archetypes' => array(
1047             'manager' => CAP_ALLOW
1048         )
1049     ),
1051     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1053         'riskbitmask' => RISK_SPAM,
1055         'captype' => 'write',
1056         'contextlevel' => CONTEXT_SYSTEM,
1057         'archetypes' => array(
1058             'user' => CAP_ALLOW,
1059             'manager' => CAP_ALLOW
1060         )
1061     ),
1063     'moodle/blog:manageentries' => array(
1065         'riskbitmask' => RISK_SPAM,
1067         'captype' => 'write',
1068         'contextlevel' => CONTEXT_SYSTEM,
1069         'archetypes' => array(
1070             'teacher' => CAP_ALLOW,
1071             'editingteacher' => CAP_ALLOW,
1072             'manager' => CAP_ALLOW
1073         )
1074     ),
1076     'moodle/blog:manageexternal' => array(
1078         'riskbitmask' => RISK_SPAM,
1080         'captype' => 'write',
1081         'contextlevel' => CONTEXT_SYSTEM,
1082         'archetypes' => array(
1083             'student' => CAP_ALLOW,
1084             'user' => CAP_ALLOW,
1085             'teacher' => CAP_ALLOW,
1086             'editingteacher' => CAP_ALLOW,
1087             'manager' => CAP_ALLOW
1088         )
1089     ),
1091     'moodle/blog:associatecourse' => array(
1093         'captype' => 'write',
1094         'contextlevel' => CONTEXT_COURSE,
1095         'archetypes' => array(
1096             'student' => CAP_ALLOW,
1097             'user' => CAP_ALLOW,
1098             'teacher' => CAP_ALLOW,
1099             'editingteacher' => CAP_ALLOW,
1100             'manager' => CAP_ALLOW
1101         )
1102     ),
1104     'moodle/blog:associatemodule' => array(
1106         'captype' => 'write',
1107         'contextlevel' => CONTEXT_MODULE,
1108         'archetypes' => array(
1109             'student' => CAP_ALLOW,
1110             'user' => CAP_ALLOW,
1111             'teacher' => CAP_ALLOW,
1112             'editingteacher' => CAP_ALLOW,
1113             'manager' => CAP_ALLOW
1114         )
1115     ),
1117     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1119         'riskbitmask' => RISK_SPAM,
1121         'captype' => 'write',
1122         'contextlevel' => CONTEXT_COURSE,
1123         'archetypes' => array(
1124             'user' => CAP_ALLOW,
1125             'manager' => CAP_ALLOW
1126         )
1127     ),
1129     'moodle/calendar:managegroupentries' => array(
1131         'riskbitmask' => RISK_SPAM,
1133         'captype' => 'write',
1134         'contextlevel' => CONTEXT_COURSE,
1135         'archetypes' => array(
1136             'teacher' => CAP_ALLOW,
1137             'editingteacher' => CAP_ALLOW,
1138             'manager' => CAP_ALLOW
1139         )
1140     ),
1142     'moodle/calendar:manageentries' => array(
1144         'riskbitmask' => RISK_SPAM,
1146         'captype' => 'write',
1147         'contextlevel' => CONTEXT_COURSE,
1148         'archetypes' => array(
1149             'teacher' => CAP_ALLOW,
1150             'editingteacher' => CAP_ALLOW,
1151             'manager' => CAP_ALLOW
1152         )
1153     ),
1155     'moodle/user:editprofile' => array(
1157         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1159         'captype' => 'write',
1160         'contextlevel' => CONTEXT_USER,
1161         'archetypes' => array(
1162             'manager' => CAP_ALLOW
1163         )
1164     ),
1166     'moodle/user:editownprofile' => array(
1168         'riskbitmask' => RISK_SPAM,
1170         'captype' => 'write',
1171         'contextlevel' => CONTEXT_SYSTEM,
1172         'archetypes' => array(
1173             'guest' => CAP_PROHIBIT,
1174             'user' => CAP_ALLOW,
1175             'manager' => CAP_ALLOW
1176         )
1177     ),
1179     'moodle/user:changeownpassword' => array(
1181         'captype' => 'write',
1182         'contextlevel' => CONTEXT_SYSTEM,
1183         'archetypes' => array(
1184             'guest' => CAP_PROHIBIT,
1185             'user' => CAP_ALLOW,
1186             'manager' => CAP_ALLOW
1187         )
1188     ),
1190     // The next 3 might make no sense for some roles, e.g teacher, etc.
1191     // since the next level up is site. These are more for the parent role
1192     'moodle/user:readuserposts' => array(
1194         'captype' => 'read',
1195         'contextlevel' => CONTEXT_USER,
1196         'archetypes' => array(
1197             'student' => CAP_ALLOW,
1198             'teacher' => CAP_ALLOW,
1199             'editingteacher' => CAP_ALLOW,
1200             'manager' => CAP_ALLOW
1201         )
1202     ),
1204     'moodle/user:readuserblogs' => array(
1206         'captype' => 'read',
1207         'contextlevel' => CONTEXT_USER,
1208         'archetypes' => array(
1209             'student' => CAP_ALLOW,
1210             'teacher' => CAP_ALLOW,
1211             'editingteacher' => CAP_ALLOW,
1212             'manager' => CAP_ALLOW
1213         )
1214     ),
1216     // designed for parent role - not used in legacy roles
1217     'moodle/user:viewuseractivitiesreport' => array(
1218         'riskbitmask' => RISK_PERSONAL,
1220         'captype' => 'read',
1221         'contextlevel' => CONTEXT_USER,
1222         'archetypes' => array(
1223         )
1224     ),
1226     //capabilities designed for the new message system configuration
1227     'moodle/user:editmessageprofile' => array(
1229          'riskbitmask' => RISK_SPAM,
1231          'captype' => 'write',
1232          'contextlevel' => CONTEXT_USER,
1233          'archetypes' => array(
1234              'manager' => CAP_ALLOW
1235          )
1236      ),
1238      'moodle/user:editownmessageprofile' => array(
1240          'captype' => 'write',
1241          'contextlevel' => CONTEXT_SYSTEM,
1242          'archetypes' => array(
1243              'guest' => CAP_PROHIBIT,
1244              'user' => CAP_ALLOW,
1245              'manager' => CAP_ALLOW
1246          )
1247      ),
1249     'moodle/question:managecategory' => array(
1250         'riskbitmask' => RISK_SPAM | RISK_XSS,
1251         'captype' => 'write',
1252         'contextlevel' => CONTEXT_COURSE,
1253         'archetypes' => array(
1254             'editingteacher' => CAP_ALLOW,
1255             'manager' => CAP_ALLOW
1256         )
1257     ),
1259     //new in moodle 1.9
1260     'moodle/question:add' => array(
1261         'riskbitmask' => RISK_SPAM | RISK_XSS,
1262         'captype' => 'write',
1263         'contextlevel' => CONTEXT_COURSE,
1264         'archetypes' => array(
1265             'editingteacher' => CAP_ALLOW,
1266             'manager' => CAP_ALLOW
1267         ),
1268         'clonepermissionsfrom' =>  'moodle/question:manage'
1269     ),
1270     'moodle/question:editmine' => array(
1271         'riskbitmask' => RISK_SPAM | RISK_XSS,
1272         'captype' => 'write',
1273         'contextlevel' => CONTEXT_COURSE,
1274         'archetypes' => array(
1275             'editingteacher' => CAP_ALLOW,
1276             'manager' => CAP_ALLOW
1277         ),
1278         'clonepermissionsfrom' =>  'moodle/question:manage'
1279     ),
1280     'moodle/question:editall' => array(
1281         'riskbitmask' => RISK_SPAM | RISK_XSS,
1282         'captype' => 'write',
1283         'contextlevel' => CONTEXT_COURSE,
1284         'archetypes' => array(
1285             'editingteacher' => CAP_ALLOW,
1286             'manager' => CAP_ALLOW
1287         ),
1288         'clonepermissionsfrom' =>  'moodle/question:manage'
1289     ),
1290     'moodle/question:viewmine' => array(
1291         'captype' => 'read',
1292         'contextlevel' => CONTEXT_COURSE,
1293         'archetypes' => array(
1294             'editingteacher' => CAP_ALLOW,
1295             'manager' => CAP_ALLOW
1296         ),
1297         'clonepermissionsfrom' =>  'moodle/question:manage'
1298     ),
1299     'moodle/question:viewall' => array(
1300         'captype' => 'read',
1301         'contextlevel' => CONTEXT_COURSE,
1302         'archetypes' => array(
1303             'editingteacher' => CAP_ALLOW,
1304             'manager' => CAP_ALLOW
1305         ),
1306         'clonepermissionsfrom' =>  'moodle/question:manage'
1307     ),
1308     'moodle/question:usemine' => array(
1309         'captype' => 'read',
1310         'contextlevel' => CONTEXT_COURSE,
1311         'archetypes' => array(
1312             'editingteacher' => CAP_ALLOW,
1313             'manager' => CAP_ALLOW
1314         ),
1315         'clonepermissionsfrom' =>  'moodle/question:manage'
1316     ),
1317     'moodle/question:useall' => array(
1318         'captype' => 'read',
1319         'contextlevel' => CONTEXT_COURSE,
1320         'archetypes' => array(
1321             'editingteacher' => CAP_ALLOW,
1322             'manager' => CAP_ALLOW
1323         ),
1324         'clonepermissionsfrom' =>  'moodle/question:manage'
1325     ),
1326     'moodle/question:movemine' => array(
1327         'captype' => 'write',
1328         'contextlevel' => CONTEXT_COURSE,
1329         'archetypes' => array(
1330             'editingteacher' => CAP_ALLOW,
1331             'manager' => CAP_ALLOW
1332         ),
1333         'clonepermissionsfrom' =>  'moodle/question:manage'
1334     ),
1335     'moodle/question:moveall' => array(
1336         'captype' => 'write',
1337         'contextlevel' => CONTEXT_COURSE,
1338         'archetypes' => array(
1339             'editingteacher' => CAP_ALLOW,
1340             'manager' => CAP_ALLOW
1341         ),
1342         'clonepermissionsfrom' =>  'moodle/question:manage'
1343     ),
1344     //END new in moodle 1.9
1346     // Configure the installed question types.
1347     'moodle/question:config' => array(
1348         'riskbitmask' => RISK_CONFIG,
1349         'captype' => 'write',
1350         'contextlevel' => CONTEXT_SYSTEM,
1351         'archetypes' => array(
1352             'manager' => CAP_ALLOW
1353         )
1354     ),
1356     // While attempting questions, the ability to flag particular questions for later reference.
1357     'moodle/question:flag' => array(
1358         'captype' => 'write',
1359         'contextlevel' => CONTEXT_COURSE,
1360         'archetypes' => array(
1361             'student' => CAP_ALLOW,
1362             'teacher' => CAP_ALLOW,
1363             'editingteacher' => CAP_ALLOW,
1364             'manager' => CAP_ALLOW
1365         )
1366     ),
1368     'moodle/site:doclinks' => array(
1369         'captype' => 'read',
1370         'contextlevel' => CONTEXT_SYSTEM,
1371         'archetypes' => array(
1372             'teacher' => CAP_ALLOW,
1373             'editingteacher' => CAP_ALLOW,
1374             'manager' => CAP_ALLOW
1375         )
1376     ),
1378     'moodle/course:sectionvisibility' => array(
1380         'captype' => 'write',
1381         'contextlevel' => CONTEXT_COURSE,
1382         'archetypes' => array(
1383             'editingteacher' => CAP_ALLOW,
1384             'manager' => CAP_ALLOW
1385         )
1386     ),
1388     'moodle/course:useremail' => array(
1390         'captype' => 'write',
1391         'contextlevel' => CONTEXT_COURSE,
1392         'archetypes' => array(
1393             'editingteacher' => CAP_ALLOW,
1394             'manager' => CAP_ALLOW
1395         )
1396     ),
1398     'moodle/course:viewhiddensections' => array(
1400         'captype' => 'write',
1401         'contextlevel' => CONTEXT_COURSE,
1402         'archetypes' => array(
1403             'editingteacher' => CAP_ALLOW,
1404             'manager' => CAP_ALLOW
1405         )
1406     ),
1408     'moodle/course:setcurrentsection' => array(
1410         'captype' => 'write',
1411         'contextlevel' => CONTEXT_COURSE,
1412         'archetypes' => array(
1413             'editingteacher' => CAP_ALLOW,
1414             'manager' => CAP_ALLOW
1415         )
1416     ),
1418     'moodle/site:mnetlogintoremote' => array(
1420         'captype' => 'read',
1421         'contextlevel' => CONTEXT_SYSTEM,
1422         'archetypes' => array(
1423         )
1424     ),
1426     'moodle/grade:viewall' => array(
1427         'riskbitmask' => RISK_PERSONAL,
1428         'captype' => 'read',
1429         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1430         'archetypes' => array(
1431             'teacher' => CAP_ALLOW,
1432             'editingteacher' => CAP_ALLOW,
1433             'manager' => CAP_ALLOW
1434         ),
1435         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1436     ),
1438     'moodle/grade:view' => array(
1439         'captype' => 'read',
1440         'contextlevel' => CONTEXT_COURSE,
1441         'archetypes' => array(
1442             'student' => CAP_ALLOW
1443         )
1444     ),
1446     'moodle/grade:viewhidden' => array(
1447         'riskbitmask' => RISK_PERSONAL,
1448         'captype' => 'read',
1449         'contextlevel' => CONTEXT_COURSE,
1450         'archetypes' => array(
1451             'teacher' => CAP_ALLOW,
1452             'editingteacher' => CAP_ALLOW,
1453             'manager' => CAP_ALLOW
1454         ),
1455         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1456     ),
1458     'moodle/grade:import' => array(
1459         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1460         'captype' => 'write',
1461         'contextlevel' => CONTEXT_COURSE,
1462         'archetypes' => array(
1463             'editingteacher' => CAP_ALLOW,
1464             'manager' => CAP_ALLOW
1465         ),
1466         'clonepermissionsfrom' => 'moodle/course:managegrades'
1467     ),
1469     'moodle/grade:export' => array(
1470         'riskbitmask' => RISK_PERSONAL,
1471         'captype' => 'read',
1472         'contextlevel' => CONTEXT_COURSE,
1473         'archetypes' => array(
1474             'teacher' => CAP_ALLOW,
1475             'editingteacher' => CAP_ALLOW,
1476             'manager' => CAP_ALLOW
1477         ),
1478         'clonepermissionsfrom' => 'moodle/course:managegrades'
1479     ),
1481     'moodle/grade:manage' => array(
1482         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1483         'captype' => 'write',
1484         'contextlevel' => CONTEXT_COURSE,
1485         'archetypes' => array(
1486             'editingteacher' => CAP_ALLOW,
1487             'manager' => CAP_ALLOW
1488         ),
1489         'clonepermissionsfrom' => 'moodle/course:managegrades'
1490     ),
1492     'moodle/grade:edit' => array(
1493         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1494         'captype' => 'write',
1495         'contextlevel' => CONTEXT_COURSE,
1496         'archetypes' => array(
1497             'editingteacher' => CAP_ALLOW,
1498             'manager' => CAP_ALLOW
1499         ),
1500         'clonepermissionsfrom' => 'moodle/course:managegrades'
1501     ),
1503     // ability to define advanced grading forms in activities either from scratch
1504     // or from a shared template
1505     'moodle/grade:managegradingforms' => array(
1506         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1507         'captype' => 'write',
1508         'contextlevel' => CONTEXT_COURSE,
1509         'archetypes' => array(
1510             'editingteacher' => CAP_ALLOW,
1511             'manager' => CAP_ALLOW
1512         ),
1513         'clonepermissionsfrom' => 'moodle/course:managegrades'
1514     ),
1516     // ability to save a grading form as a new shared template and eventually edit
1517     // and remove own templates (templates originally shared by that user)
1518     'moodle/grade:sharegradingforms' => array(
1519         'riskbitmask' => RISK_XSS,
1520         'captype' => 'write',
1521         'contextlevel' => CONTEXT_SYSTEM,
1522         'archetypes' => array(
1523             'manager' => CAP_ALLOW
1524         ),
1525     ),
1527     // ability to edit and remove any shared template, even those originally shared
1528     // by other users
1529     'moodle/grade:managesharedforms' => array(
1530         'riskbitmask' => RISK_XSS,
1531         'captype' => 'write',
1532         'contextlevel' => CONTEXT_SYSTEM,
1533         'archetypes' => array(
1534             'manager' => CAP_ALLOW
1535         ),
1536     ),
1538     'moodle/grade:manageoutcomes' => array(
1539         'captype' => 'write',
1540         'contextlevel' => CONTEXT_COURSE,
1541         'archetypes' => array(
1542             'editingteacher' => CAP_ALLOW,
1543             'manager' => CAP_ALLOW
1544         ),
1545         'clonepermissionsfrom' => 'moodle/course:managegrades'
1546     ),
1548     'moodle/grade:manageletters' => array(
1549         'captype' => 'write',
1550         'contextlevel' => CONTEXT_COURSE,
1551         'archetypes' => array(
1552             'editingteacher' => CAP_ALLOW,
1553             'manager' => CAP_ALLOW
1554         ),
1555         'clonepermissionsfrom' => 'moodle/course:managegrades'
1556     ),
1558     'moodle/grade:hide' => array(
1559         'captype' => 'write',
1560         'contextlevel' => CONTEXT_COURSE,
1561         'archetypes' => array(
1562             'editingteacher' => CAP_ALLOW,
1563             'manager' => CAP_ALLOW
1564         )
1565     ),
1567     'moodle/grade:lock' => array(
1568         'captype' => 'write',
1569         'contextlevel' => CONTEXT_COURSE,
1570         'archetypes' => array(
1571             'editingteacher' => CAP_ALLOW,
1572             'manager' => CAP_ALLOW
1573         )
1574     ),
1576     'moodle/grade:unlock' => array(
1577         'captype' => 'write',
1578         'contextlevel' => CONTEXT_COURSE,
1579         'archetypes' => array(
1580             'editingteacher' => CAP_ALLOW,
1581             'manager' => CAP_ALLOW
1582         )
1583     ),
1585     'moodle/my:manageblocks' => array(
1586         'captype' => 'write',
1587         'contextlevel' => CONTEXT_SYSTEM,
1588         'archetypes' => array(
1589             'user' => CAP_ALLOW
1590         )
1591     ),
1593     'moodle/notes:view' => array(
1594         'captype' => 'read',
1595         'contextlevel' => CONTEXT_COURSE,
1596         'archetypes' => array(
1597             'teacher' => CAP_ALLOW,
1598             'editingteacher' => CAP_ALLOW,
1599             'manager' => CAP_ALLOW
1600         )
1601     ),
1603     'moodle/notes:manage' => array(
1604         'riskbitmask' => RISK_SPAM,
1606         'captype' => 'write',
1607         'contextlevel' => CONTEXT_COURSE,
1608         'archetypes' => array(
1609             'teacher' => CAP_ALLOW,
1610             'editingteacher' => CAP_ALLOW,
1611             'manager' => CAP_ALLOW
1612         )
1613     ),
1615     'moodle/tag:manage' => array(
1616         'riskbitmask' => RISK_SPAM,
1618         'captype' => 'write',
1619         'contextlevel' => CONTEXT_SYSTEM,
1620         'archetypes' => array(
1621             'teacher' => CAP_ALLOW,
1622             'editingteacher' => CAP_ALLOW,
1623             'manager' => CAP_ALLOW
1624         )
1625     ),
1627     'moodle/tag:create' => array(
1628         'riskbitmask' => RISK_SPAM,
1630         'captype' => 'write',
1631         'contextlevel' => CONTEXT_SYSTEM,
1632         'archetypes' => array(
1633             'manager' => CAP_ALLOW,
1634             'user' => CAP_ALLOW
1635         )
1636     ),
1638     'moodle/tag:edit' => array(
1639         'riskbitmask' => RISK_SPAM,
1641         'captype' => 'write',
1642         'contextlevel' => CONTEXT_SYSTEM,
1643         'archetypes' => array(
1644             'manager' => CAP_ALLOW,
1645             'user' => CAP_ALLOW
1646         )
1647     ),
1649     'moodle/tag:editblocks' => array(
1650         'captype' => 'write',
1651         'contextlevel' => CONTEXT_SYSTEM,
1652         'archetypes' => array(
1653             'teacher' => CAP_ALLOW,
1654             'editingteacher' => CAP_ALLOW,
1655             'manager' => CAP_ALLOW
1656         )
1657     ),
1659     'moodle/block:view' => array(
1660         'captype' => 'read',
1661         'contextlevel' => CONTEXT_BLOCK,
1662         'archetypes' => array(
1663             'guest' => CAP_ALLOW,
1664             'user' => CAP_ALLOW,
1665             'student' => CAP_ALLOW,
1666             'teacher' => CAP_ALLOW,
1667             'editingteacher' => CAP_ALLOW,
1668         )
1669     ),
1671     'moodle/block:edit' => array(
1672         'riskbitmask' => RISK_SPAM | RISK_XSS,
1674         'captype' => 'write',
1675         'contextlevel' => CONTEXT_BLOCK,
1676         'archetypes' => array(
1677             'editingteacher' => CAP_ALLOW,
1678         )
1679     ),
1681     'moodle/portfolio:export' => array(
1682         'captype' => 'read',
1683         'contextlevel' => CONTEXT_SYSTEM,
1684         'archetypes' => array(
1685             'user' => CAP_ALLOW,
1686             'student' => CAP_ALLOW,
1687             'teacher' => CAP_ALLOW,
1688             'editingteacher' => CAP_ALLOW,
1689         )
1690     ),
1691     'moodle/comment:view' => array(
1692         'captype' => 'read',
1693         'contextlevel' => CONTEXT_COURSE,
1694         'archetypes' => array(
1695             'frontpage' => CAP_ALLOW,
1696             'guest' => CAP_ALLOW,
1697             'user' => CAP_ALLOW,
1698             'student' => CAP_ALLOW,
1699             'teacher' => CAP_ALLOW,
1700             'editingteacher' => CAP_ALLOW,
1701             'manager' => CAP_ALLOW
1702         )
1703     ),
1704     'moodle/comment:post' => array(
1706         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1707         'captype' => 'write',
1708         'contextlevel' => CONTEXT_COURSE,
1709         'archetypes' => array(
1710             'user' => CAP_ALLOW,
1711             'student' => CAP_ALLOW,
1712             'teacher' => CAP_ALLOW,
1713             'editingteacher' => CAP_ALLOW,
1714             'manager' => CAP_ALLOW
1715         )
1716     ),
1717     'moodle/comment:delete' => array(
1719         'riskbitmask' => RISK_DATALOSS,
1720         'captype' => 'write',
1721         'contextlevel' => CONTEXT_COURSE,
1722         'archetypes' => array(
1723             'editingteacher' => CAP_ALLOW,
1724             'manager' => CAP_ALLOW
1725         )
1726     ),
1727     'moodle/webservice:createtoken' => array(
1729         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1730         'captype' => 'write',
1731         'contextlevel' => CONTEXT_SYSTEM,
1732         'archetypes' => array(
1733             'manager' => CAP_ALLOW
1734         )
1735     ),
1736     'moodle/webservice:createmobiletoken' => array(
1738         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1739         'captype' => 'write',
1740         'contextlevel' => CONTEXT_SYSTEM,
1741         'archetypes' => array(
1742             'user' => CAP_ALLOW
1743         )
1744     ),
1745     'moodle/rating:view' => array(
1747         'captype' => 'read',
1748         'contextlevel' => CONTEXT_COURSE,
1749         'archetypes' => array(
1750             'user' => CAP_ALLOW,
1751             'student' => CAP_ALLOW,
1752             'teacher' => CAP_ALLOW,
1753             'editingteacher' => CAP_ALLOW,
1754             'manager' => CAP_ALLOW
1755         )
1756     ),
1757     'moodle/rating:viewany' => array(
1759         'riskbitmask' => RISK_PERSONAL,
1760         'captype' => 'read',
1761         'contextlevel' => CONTEXT_COURSE,
1762         'archetypes' => array(
1763             'user' => CAP_ALLOW,
1764             'student' => CAP_ALLOW,
1765             'teacher' => CAP_ALLOW,
1766             'editingteacher' => CAP_ALLOW,
1767             'manager' => CAP_ALLOW
1768         )
1769     ),
1770     'moodle/rating:viewall' => array(
1772         'riskbitmask' => RISK_PERSONAL,
1773         'captype' => 'read',
1774         'contextlevel' => CONTEXT_COURSE,
1775         'archetypes' => array(
1776             'user' => CAP_ALLOW,
1777             'student' => CAP_ALLOW,
1778             'teacher' => CAP_ALLOW,
1779             'editingteacher' => CAP_ALLOW,
1780             'manager' => CAP_ALLOW
1781         )
1782     ),
1783     'moodle/rating:rate' => array(
1785         'captype' => 'write',
1786         'contextlevel' => CONTEXT_COURSE,
1787         'archetypes' => array(
1788             'user' => CAP_ALLOW,
1789             'student' => CAP_ALLOW,
1790             'teacher' => CAP_ALLOW,
1791             'editingteacher' => CAP_ALLOW,
1792             'manager' => CAP_ALLOW
1793         )
1794     ),
1795      'moodle/course:publish' => array(
1797         'captype' => 'write',
1798         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1799         'contextlevel' => CONTEXT_SYSTEM,
1800         'archetypes' => array(
1801             'manager' => CAP_ALLOW
1802         )
1803     ),
1804     'moodle/course:markcomplete' => array(
1805         'captype' => 'write',
1806         'contextlevel' => CONTEXT_COURSE,
1807         'archetypes' => array(
1808             'teacher' => CAP_ALLOW,
1809             'editingteacher' => CAP_ALLOW,
1810             'manager' => CAP_ALLOW
1811         )
1812     ),
1813     'moodle/community:add' => array(
1814         'captype' => 'write',
1815         'contextlevel' => CONTEXT_SYSTEM,
1816         'archetypes' => array(
1817             'manager' => CAP_ALLOW,
1818             'teacher' => CAP_ALLOW,
1819             'editingteacher' => CAP_ALLOW,
1820         )
1821     ),
1822     'moodle/community:download' => array(
1823         'captype' => 'write',
1824         'contextlevel' => CONTEXT_SYSTEM,
1825         'archetypes' => array(
1826             'manager' => CAP_ALLOW,
1827             'editingteacher' => CAP_ALLOW,
1828         )
1829     )
1830 );