Automatically generated installer lang files
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
67     'moodle/site:configview' => array(
68         'captype' => 'read',
69         'contextlevel' => CONTEXT_SYSTEM,
70         'archetypes' => array(
71             'manager' => CAP_ALLOW,
72             'coursecreator' => CAP_ALLOW,
73         )
74     ),
76     'moodle/site:readallmessages' => array(
78         'riskbitmask' => RISK_PERSONAL,
80         'captype' => 'read',
81         'contextlevel' => CONTEXT_SYSTEM,
82         'archetypes' => array(
83             'manager' => CAP_ALLOW,
84             'editingteacher' => CAP_ALLOW
85         )
86     ),
88     'moodle/site:manageallmessaging' => array(
90         'riskbitmask' => RISK_PERSONAL,
92         'captype' => 'write',
93         'contextlevel' => CONTEXT_SYSTEM,
94         'archetypes' => array(
95             'manager' => CAP_ALLOW
96         )
97     ),
99     'moodle/site:deleteanymessage' => array(
101         'riskbitmask' => RISK_DATALOSS,
103         'captype' => 'write',
104         'contextlevel' => CONTEXT_SYSTEM,
105         'archetypes' => array(
106             'manager' => CAP_ALLOW
107         )
108     ),
110     'moodle/site:sendmessage' => array(
112         'riskbitmask' => RISK_SPAM,
114         'captype' => 'write',
115         'contextlevel' => CONTEXT_SYSTEM,
116         'archetypes' => array(
117             'manager' => CAP_ALLOW,
118             'user' => CAP_ALLOW
119         )
120     ),
122     'moodle/site:deleteownmessage' => array(
124         'captype' => 'write',
125         'contextlevel' => CONTEXT_SYSTEM,
126         'archetypes' => array(
127             'user' => CAP_ALLOW
128         )
129     ),
131     'moodle/site:approvecourse' => array(
133         'riskbitmask' => RISK_XSS,
135         'captype' => 'write',
136         'contextlevel' => CONTEXT_SYSTEM,
137         'archetypes' => array(
138             'manager' => CAP_ALLOW
139         )
140     ),
142     'moodle/backup:backupcourse' => array(
144         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
146         'captype' => 'write',
147         'contextlevel' => CONTEXT_COURSE,
148         'archetypes' => array(
149             'editingteacher' => CAP_ALLOW,
150             'manager' => CAP_ALLOW
151         ),
153         'clonepermissionsfrom' =>  'moodle/site:backup'
154     ),
156     'moodle/backup:backupsection' => array(
158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
160         'captype' => 'write',
161         'contextlevel' => CONTEXT_COURSE,
162         'archetypes' => array(
163             'editingteacher' => CAP_ALLOW,
164             'manager' => CAP_ALLOW
165         ),
167         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
168     ),
170     'moodle/backup:backupactivity' => array(
172         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
174         'captype' => 'write',
175         'contextlevel' => CONTEXT_MODULE,
176         'archetypes' => array(
177             'editingteacher' => CAP_ALLOW,
178             'manager' => CAP_ALLOW
179         ),
181         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
182     ),
184     'moodle/backup:backuptargethub' => array(
186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
188         'captype' => 'write',
189         'contextlevel' => CONTEXT_COURSE,
190         'archetypes' => array(
191             'editingteacher' => CAP_ALLOW,
192             'manager' => CAP_ALLOW
193         ),
195         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
196     ),
198     'moodle/backup:backuptargetimport' => array(
200         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
202         'captype' => 'write',
203         'contextlevel' => CONTEXT_COURSE,
204         'archetypes' => array(
205             'editingteacher' => CAP_ALLOW,
206             'manager' => CAP_ALLOW
207         ),
209         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
210     ),
212     'moodle/backup:downloadfile' => array(
214         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
216         'captype' => 'write',
217         'contextlevel' => CONTEXT_COURSE,
218         'archetypes' => array(
219             'editingteacher' => CAP_ALLOW,
220             'manager' => CAP_ALLOW
221         ),
223         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
224     ),
226     'moodle/backup:configure' => array(
228         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
230         'captype' => 'write',
231         'contextlevel' => CONTEXT_COURSE,
232         'archetypes' => array(
233             'editingteacher' => CAP_ALLOW,
234             'manager' => CAP_ALLOW
235         )
236     ),
238     'moodle/backup:userinfo' => array(
240         'riskbitmask' => RISK_PERSONAL,
242         'captype' => 'read',
243         'contextlevel' => CONTEXT_COURSE,
244         'archetypes' => array(
245             'manager' => CAP_ALLOW
246         )
247     ),
249     'moodle/backup:anonymise' => array(
251         'riskbitmask' => RISK_PERSONAL,
253         'captype' => 'read',
254         'contextlevel' => CONTEXT_COURSE,
255         'archetypes' => array(
256             'manager' => CAP_ALLOW
257         )
258     ),
260     'moodle/restore:restorecourse' => array(
262         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
264         'captype' => 'write',
265         'contextlevel' => CONTEXT_COURSE,
266         'archetypes' => array(
267             'editingteacher' => CAP_ALLOW,
268             'manager' => CAP_ALLOW
269         ),
271         'clonepermissionsfrom' =>  'moodle/site:restore'
272     ),
274     'moodle/restore:restoresection' => array(
276         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
278         'captype' => 'write',
279         'contextlevel' => CONTEXT_COURSE,
280         'archetypes' => array(
281             'editingteacher' => CAP_ALLOW,
282             'manager' => CAP_ALLOW
283         ),
285         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
286     ),
288     'moodle/restore:restoreactivity' => array(
290         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
292         'captype' => 'write',
293         'contextlevel' => CONTEXT_COURSE,
294         'archetypes' => array(
295             'editingteacher' => CAP_ALLOW,
296             'manager' => CAP_ALLOW
297         ),
299         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
300     ),
302     'moodle/restore:viewautomatedfilearea' => array(
304         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
306         'captype' => 'write',
307         'contextlevel' => CONTEXT_COURSE,
308         'archetypes' => array(
309             'editingteacher' => CAP_ALLOW,
310             'manager' => CAP_ALLOW
311         ),
312     ),
314     'moodle/restore:restoretargethub' => array(
316         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
318         'captype' => 'write',
319         'contextlevel' => CONTEXT_COURSE,
320         'archetypes' => array(
321             'editingteacher' => CAP_ALLOW,
322             'manager' => CAP_ALLOW
323         ),
325         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
326     ),
328     'moodle/restore:restoretargetimport' => array(
330         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
332         'captype' => 'write',
333         'contextlevel' => CONTEXT_COURSE,
334         'archetypes' => array(
335             'editingteacher' => CAP_ALLOW,
336             'manager' => CAP_ALLOW
337         ),
339         'clonepermissionsfrom' =>  'moodle/site:import'
340     ),
342     'moodle/restore:uploadfile' => array(
344         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
346         'captype' => 'write',
347         'contextlevel' => CONTEXT_COURSE,
348         'archetypes' => array(
349             'editingteacher' => CAP_ALLOW,
350             'manager' => CAP_ALLOW
351         ),
353         'clonepermissionsfrom' =>  'moodle/site:backupupload'
354     ),
356     'moodle/restore:configure' => array(
358         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
360         'captype' => 'write',
361         'contextlevel' => CONTEXT_COURSE,
362         'archetypes' => array(
363             'editingteacher' => CAP_ALLOW,
364             'manager' => CAP_ALLOW
365         )
366     ),
368     'moodle/restore:rolldates' => array(
370         'captype' => 'write',
371         'contextlevel' => CONTEXT_COURSE,
372         'archetypes' => array(
373             'coursecreator' => CAP_ALLOW,
374             'manager' => CAP_ALLOW
375         )
376     ),
378     'moodle/restore:userinfo' => array(
380         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
382         'captype' => 'write',
383         'contextlevel' => CONTEXT_COURSE,
384         'archetypes' => array(
385             'manager' => CAP_ALLOW
386         )
387     ),
389     'moodle/restore:createuser' => array(
391         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
393         'captype' => 'write',
394         'contextlevel' => CONTEXT_SYSTEM,
395         'archetypes' => array(
396             'manager' => CAP_ALLOW
397         )
398     ),
400     'moodle/site:manageblocks' => array(
402         'riskbitmask' => RISK_SPAM | RISK_XSS,
404         'captype' => 'write',
405         'contextlevel' => CONTEXT_BLOCK,
406         'archetypes' => array(
407             'editingteacher' => CAP_ALLOW,
408             'manager' => CAP_ALLOW
409         )
410     ),
412     'moodle/site:accessallgroups' => array(
414         'captype' => 'read',
415         'contextlevel' => CONTEXT_COURSE,
416         'archetypes' => array(
417             'editingteacher' => CAP_ALLOW,
418             'manager' => CAP_ALLOW
419         )
420     ),
422     'moodle/site:viewfullnames' => array(
424         'captype' => 'read',
425         'contextlevel' => CONTEXT_COURSE,
426         'archetypes' => array(
427             'teacher' => CAP_ALLOW,
428             'editingteacher' => CAP_ALLOW,
429             'manager' => CAP_ALLOW
430         )
431     ),
433     // In reports that give lists of users, extra information about each user's
434     // identity (the fields configured in site option showuseridentity) will be
435     // displayed to users who have this capability.
436     'moodle/site:viewuseridentity' => array(
438         'captype' => 'read',
439         'contextlevel' => CONTEXT_COURSE,
440         'archetypes' => array(
441             'teacher' => CAP_ALLOW,
442             'editingteacher' => CAP_ALLOW,
443             'manager' => CAP_ALLOW
444         )
445     ),
447     'moodle/site:viewreports' => array(
449         'riskbitmask' => RISK_PERSONAL,
451         'captype' => 'read',
452         'contextlevel' => CONTEXT_COURSE,
453         'archetypes' => array(
454             'teacher' => CAP_ALLOW,
455             'editingteacher' => CAP_ALLOW,
456             'manager' => CAP_ALLOW
457         )
458     ),
460     'moodle/site:trustcontent' => array(
462         'riskbitmask' => RISK_XSS,
464         'captype' => 'write',
465         'contextlevel' => CONTEXT_COURSE,
466         'archetypes' => array(
467             'editingteacher' => CAP_ALLOW,
468             'manager' => CAP_ALLOW
469         )
470     ),
472     'moodle/site:uploadusers' => array(
474         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
476         'captype' => 'write',
477         'contextlevel' => CONTEXT_SYSTEM,
478         'archetypes' => array(
479             'manager' => CAP_ALLOW
480         )
481     ),
483     // Permission to manage filter setting overrides in subcontexts.
484     'moodle/filter:manage' => array(
486         'captype' => 'write',
487         'contextlevel' => CONTEXT_COURSE,
488         'archetypes' => array(
489             'editingteacher' => CAP_ALLOW,
490             'manager' => CAP_ALLOW,
491         )
492     ),
494     'moodle/user:create' => array(
496         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
498         'captype' => 'write',
499         'contextlevel' => CONTEXT_SYSTEM,
500         'archetypes' => array(
501             'manager' => CAP_ALLOW
502         )
503     ),
505     'moodle/user:delete' => array(
507         'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS,
509         'captype' => 'write',
510         'contextlevel' => CONTEXT_SYSTEM,
511         'archetypes' => array(
512             'manager' => CAP_ALLOW
513         )
514     ),
516     'moodle/user:update' => array(
518         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
520         'captype' => 'write',
521         'contextlevel' => CONTEXT_SYSTEM,
522         'archetypes' => array(
523             'manager' => CAP_ALLOW
524         )
525     ),
527     'moodle/user:viewdetails' => array(
529         'captype' => 'read',
530         'contextlevel' => CONTEXT_COURSE,
531         'archetypes' => array(
532             'guest' => CAP_ALLOW,
533             'student' => CAP_ALLOW,
534             'teacher' => CAP_ALLOW,
535             'editingteacher' => CAP_ALLOW,
536             'manager' => CAP_ALLOW
537         )
538     ),
540     'moodle/user:viewalldetails' => array(
541         'riskbitmask' => RISK_PERSONAL,
542         'captype' => 'read',
543         'contextlevel' => CONTEXT_USER,
544         'archetypes' => array(
545             'manager' => CAP_ALLOW
546         ),
547         'clonepermissionsfrom' => 'moodle/user:update'
548     ),
550     'moodle/user:viewlastip' => array(
551         'riskbitmask' => RISK_PERSONAL,
552         'captype' => 'read',
553         'contextlevel' => CONTEXT_USER,
554         'archetypes' => array(
555             'manager' => CAP_ALLOW
556         ),
557         'clonepermissionsfrom' => 'moodle/user:update'
558     ),
560     'moodle/user:viewhiddendetails' => array(
562         'riskbitmask' => RISK_PERSONAL,
564         'captype' => 'read',
565         'contextlevel' => CONTEXT_COURSE,
566         'archetypes' => array(
567             'teacher' => CAP_ALLOW,
568             'editingteacher' => CAP_ALLOW,
569             'manager' => CAP_ALLOW
570         )
571     ),
573     'moodle/user:loginas' => array(
575         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
577         'captype' => 'write',
578         'contextlevel' => CONTEXT_COURSE,
579         'archetypes' => array(
580             'manager' => CAP_ALLOW
581         )
582     ),
584     // can the user manage the system default profile page?
585     'moodle/user:managesyspages' => array(
587         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
589         'captype' => 'write',
590         'contextlevel' => CONTEXT_SYSTEM,
591         'archetypes' => array(
592             'manager' => CAP_ALLOW
593         )
594     ),
596     // can the user manage another user's profile page?
597     'moodle/user:manageblocks' => array(
599         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
601         'captype' => 'write',
602         'contextlevel' => CONTEXT_USER
603     ),
605     // can the user manage their own profile page?
606     'moodle/user:manageownblocks' => array(
608         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
610         'captype' => 'write',
611         'contextlevel' => CONTEXT_SYSTEM,
612         'archetypes' => array(
613             'user' => CAP_ALLOW
614         )
615     ),
617     // can the user manage their own files?
618     'moodle/user:manageownfiles' => array(
620         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
622         'captype' => 'write',
623         'contextlevel' => CONTEXT_SYSTEM,
624         'archetypes' => array(
625             'user' => CAP_ALLOW
626         )
627     ),
629     // Can the user ignore the setting userquota?
630     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
631     'moodle/user:ignoreuserquota' => array(
632         'riskbitmap' => RISK_SPAM,
633         'captype' => 'write',
634         'contextlevel' => CONTEXT_SYSTEM,
635         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
636     ),
638     // can the user manage the system default dashboard page?
639     'moodle/my:configsyspages' => array(
641         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
643         'captype' => 'write',
644         'contextlevel' => CONTEXT_SYSTEM,
645         'archetypes' => array(
646             'manager' => CAP_ALLOW
647         )
648     ),
650     'moodle/role:assign' => array(
652         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
654         'captype' => 'write',
655         'contextlevel' => CONTEXT_COURSE,
656         'archetypes' => array(
657             'editingteacher' => CAP_ALLOW,
658             'manager' => CAP_ALLOW
659         )
660     ),
662     'moodle/role:review' => array(
664         'riskbitmask' => RISK_PERSONAL,
666         'captype' => 'read',
667         'contextlevel' => CONTEXT_COURSE,
668         'archetypes' => array(
669             'teacher' => CAP_ALLOW,
670             'editingteacher' => CAP_ALLOW,
671             'manager' => CAP_ALLOW
672         )
673     ),
675     'moodle/role:override' => array(
677         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
679         'captype' => 'write',
680         'contextlevel' => CONTEXT_COURSE,
681         'archetypes' => array(
682             'manager' => CAP_ALLOW
683         )
684     ),
686     'moodle/role:safeoverride' => array(
688         'riskbitmask' => RISK_SPAM,
690         'captype' => 'write',
691         'contextlevel' => CONTEXT_COURSE,
692         'archetypes' => array(
693             'editingteacher' => CAP_ALLOW
694         )
695     ),
697     'moodle/role:manage' => array(
699         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
701         'captype' => 'write',
702         'contextlevel' => CONTEXT_SYSTEM,
703         'archetypes' => array(
704             'manager' => CAP_ALLOW
705         )
706     ),
708     'moodle/role:switchroles' => array(
710         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
712         'captype' => 'read',
713         'contextlevel' => CONTEXT_COURSE,
714         'archetypes' => array(
715             'editingteacher' => CAP_ALLOW,
716             'manager' => CAP_ALLOW
717         )
718     ),
720     // Create, update and delete course categories. (Deleting a course category
721     // does not let you delete the courses it contains, unless you also have
722     // moodle/course: delete.) Creating and deleting requires this permission in
723     // the parent category.
724     'moodle/category:manage' => array(
726         'riskbitmask' => RISK_XSS,
728         'captype' => 'write',
729         'contextlevel' => CONTEXT_COURSECAT,
730         'archetypes' => array(
731             'manager' => CAP_ALLOW
732         ),
733         'clonepermissionsfrom' => 'moodle/category:update'
734     ),
736     'moodle/category:viewhiddencategories' => array(
738         'captype' => 'read',
739         'contextlevel' => CONTEXT_COURSECAT,
740         'archetypes' => array(
741             'coursecreator' => CAP_ALLOW,
742             'manager' => CAP_ALLOW
743         ),
744         'clonepermissionsfrom' => 'moodle/category:visibility'
745     ),
747     // create, delete, move cohorts in system and course categories,
748     // (cohorts with component !== null can be only moved)
749     'moodle/cohort:manage' => array(
751         'captype' => 'write',
752         'contextlevel' => CONTEXT_COURSECAT,
753         'archetypes' => array(
754             'manager' => CAP_ALLOW
755         )
756     ),
758     // add and remove cohort members (only for cohorts where component !== null)
759     'moodle/cohort:assign' => array(
761         'captype' => 'write',
762         'contextlevel' => CONTEXT_COURSECAT,
763         'archetypes' => array(
764             'manager' => CAP_ALLOW
765         )
766     ),
768     // View visible and hidden cohorts defined in the current context.
769     'moodle/cohort:view' => array(
771         'captype' => 'read',
772         'contextlevel' => CONTEXT_COURSE,
773         'archetypes' => array(
774             'editingteacher' => CAP_ALLOW,
775             'manager' => CAP_ALLOW
776         )
777     ),
779     'moodle/course:create' => array(
781         'riskbitmask' => RISK_XSS,
783         'captype' => 'write',
784         'contextlevel' => CONTEXT_COURSECAT,
785         'archetypes' => array(
786             'coursecreator' => CAP_ALLOW,
787             'manager' => CAP_ALLOW
788         )
789     ),
791     'moodle/course:creategroupconversations' => array(
792         'riskbitmask' => RISK_XSS,
793         'captype' => 'write',
794         'contextlevel' => CONTEXT_COURSE,
795         'archetypes' => array(
796             'editingteacher' => CAP_ALLOW,
797             'manager' => CAP_ALLOW
798         )
799     ),
801     'moodle/course:request' => array(
802         'captype' => 'write',
803         'contextlevel' => CONTEXT_SYSTEM,
804         'archetypes' => array(
805             'user' => CAP_ALLOW,
806         )
807     ),
809     'moodle/course:delete' => array(
811         'riskbitmask' => RISK_DATALOSS,
813         'captype' => 'write',
814         'contextlevel' => CONTEXT_COURSE,
815         'archetypes' => array(
816             'manager' => CAP_ALLOW
817         )
818     ),
820     'moodle/course:update' => array(
822         'riskbitmask' => RISK_XSS,
824         'captype' => 'write',
825         'contextlevel' => CONTEXT_COURSE,
826         'archetypes' => array(
827             'editingteacher' => CAP_ALLOW,
828             'manager' => CAP_ALLOW
829         )
830     ),
832     'moodle/course:view' => array(
834         'captype' => 'read',
835         'contextlevel' => CONTEXT_COURSE,
836         'archetypes' => array(
837             'manager' => CAP_ALLOW,
838         )
839     ),
841     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
842     'moodle/course:enrolreview' => array(
844         'riskbitmask' => RISK_PERSONAL,
846         'captype' => 'read',
847         'contextlevel' => CONTEXT_COURSE,
848         'archetypes' => array(
849             'editingteacher' => CAP_ALLOW,
850             'manager' => CAP_ALLOW,
851         )
852     ),
854     /* add, remove, hide enrol instances in courses */
855     'moodle/course:enrolconfig' => array(
857         'riskbitmask' => RISK_PERSONAL,
859         'captype' => 'write',
860         'contextlevel' => CONTEXT_COURSE,
861         'archetypes' => array(
862             'editingteacher' => CAP_ALLOW,
863             'manager' => CAP_ALLOW,
864         )
865     ),
867     'moodle/course:reviewotherusers' => array(
869         'captype' => 'read',
870         'contextlevel' => CONTEXT_COURSE,
871         'archetypes' => array(
872             'editingteacher' => CAP_ALLOW,
873             'manager' => CAP_ALLOW,
874         ),
875         'clonepermissionsfrom' => 'moodle/role:assign'
876     ),
878     'moodle/course:bulkmessaging' => array(
880         'riskbitmask' => RISK_SPAM,
882         'captype' => 'write',
883         'contextlevel' => CONTEXT_COURSE,
884         'archetypes' => array(
885             'teacher' => CAP_ALLOW,
886             'editingteacher' => CAP_ALLOW,
887             'manager' => CAP_ALLOW
888         )
889     ),
891     'moodle/course:viewhiddenuserfields' => array(
893         'riskbitmask' => RISK_PERSONAL,
895         'captype' => 'read',
896         'contextlevel' => CONTEXT_COURSE,
897         'archetypes' => array(
898             'teacher' => CAP_ALLOW,
899             'editingteacher' => CAP_ALLOW,
900             'manager' => CAP_ALLOW
901         )
902     ),
904     'moodle/course:viewhiddencourses' => array(
906         'captype' => 'read',
907         'contextlevel' => CONTEXT_COURSE,
908         'archetypes' => array(
909             'coursecreator' => CAP_ALLOW,
910             'teacher' => CAP_ALLOW,
911             'editingteacher' => CAP_ALLOW,
912             'manager' => CAP_ALLOW
913         )
914     ),
916     'moodle/course:visibility' => array(
918         'captype' => 'write',
919         'contextlevel' => CONTEXT_COURSE,
920         'archetypes' => array(
921             'editingteacher' => CAP_ALLOW,
922             'manager' => CAP_ALLOW
923         )
924     ),
926     'moodle/course:managefiles' => array(
928         'riskbitmask' => RISK_XSS,
930         'captype' => 'write',
931         'contextlevel' => CONTEXT_COURSE,
932         'archetypes' => array(
933             'editingteacher' => CAP_ALLOW,
934             'manager' => CAP_ALLOW
935         )
936     ),
938     'moodle/course:ignoreavailabilityrestrictions' => array(
939         'captype' => 'read',
940         'contextlevel' => CONTEXT_MODULE,
941         'archetypes' => array(
942             'manager' => CAP_ALLOW,
943             'coursecreator' => CAP_ALLOW,
944             'editingteacher' => CAP_ALLOW,
945             'teacher' => CAP_ALLOW,
946         ),
947         'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities'
948     ),
950     'moodle/course:ignorefilesizelimits' => array(
952         'captype' => 'write',
953         'contextlevel' => CONTEXT_COURSE,
954         'archetypes' => array(
955         )
956     ),
958     'moodle/course:manageactivities' => array(
960         'riskbitmask' => RISK_XSS,
962         'captype' => 'write',
963         'contextlevel' => CONTEXT_MODULE,
964         'archetypes' => array(
965             'editingteacher' => CAP_ALLOW,
966             'manager' => CAP_ALLOW
967         )
968     ),
970     'moodle/course:activityvisibility' => array(
972         'captype' => 'write',
973         'contextlevel' => CONTEXT_MODULE,
974         'archetypes' => array(
975             'editingteacher' => CAP_ALLOW,
976             'manager' => CAP_ALLOW
977         )
978     ),
980     'moodle/course:viewhiddenactivities' => array(
982         'captype' => 'write',
983         'contextlevel' => CONTEXT_MODULE,
984         'archetypes' => array(
985             'teacher' => CAP_ALLOW,
986             'editingteacher' => CAP_ALLOW,
987             'manager' => CAP_ALLOW
988         )
989     ),
991     'moodle/course:viewparticipants' => array(
993         'captype' => 'read',
994         'contextlevel' => CONTEXT_COURSE,
995         'archetypes' => array(
996             'student' => CAP_ALLOW,
997             'teacher' => CAP_ALLOW,
998             'editingteacher' => CAP_ALLOW,
999             'manager' => CAP_ALLOW
1000         )
1001     ),
1003     'moodle/course:changefullname' => array(
1005         'riskbitmask' => RISK_XSS,
1007         'captype' => 'write',
1008         'contextlevel' => CONTEXT_COURSE,
1009         'archetypes' => array(
1010             'editingteacher' => CAP_ALLOW,
1011             'manager' => CAP_ALLOW
1012         ),
1013         'clonepermissionsfrom' => 'moodle/course:update'
1014     ),
1016     'moodle/course:changeshortname' => array(
1018         'riskbitmask' => RISK_XSS,
1020         'captype' => 'write',
1021         'contextlevel' => CONTEXT_COURSE,
1022         'archetypes' => array(
1023             'editingteacher' => CAP_ALLOW,
1024             'manager' => CAP_ALLOW
1025         ),
1026         'clonepermissionsfrom' => 'moodle/course:update'
1027     ),
1029     'moodle/course:renameroles' => array(
1030         'captype' => 'write',
1031         'contextlevel' => CONTEXT_COURSE,
1032         'archetypes' => array(
1033             'editingteacher' => CAP_ALLOW,
1034             'manager' => CAP_ALLOW
1035         ),
1036         'clonepermissionsfrom' => 'moodle/course:update'
1037     ),
1039     'moodle/course:changeidnumber' => array(
1041         'riskbitmask' => RISK_XSS,
1043         'captype' => 'write',
1044         'contextlevel' => CONTEXT_COURSE,
1045         'archetypes' => array(
1046             'editingteacher' => CAP_ALLOW,
1047             'manager' => CAP_ALLOW
1048         ),
1049         'clonepermissionsfrom' => 'moodle/course:update'
1050     ),
1051     'moodle/course:changecategory' => array(
1052         'riskbitmask' => RISK_XSS,
1054         'captype' => 'write',
1055         'contextlevel' => CONTEXT_COURSE,
1056         'archetypes' => array(
1057             'editingteacher' => CAP_ALLOW,
1058             'manager' => CAP_ALLOW
1059         ),
1060         'clonepermissionsfrom' => 'moodle/course:update'
1061     ),
1063     'moodle/course:changesummary' => array(
1064         'riskbitmask' => RISK_XSS,
1066         'captype' => 'write',
1067         'contextlevel' => CONTEXT_COURSE,
1068         'archetypes' => array(
1069             'editingteacher' => CAP_ALLOW,
1070             'manager' => CAP_ALLOW
1071         ),
1072         'clonepermissionsfrom' => 'moodle/course:update'
1073     ),
1075     'moodle/course:setforcedlanguage' => array(
1076         'captype' => 'write',
1077         'contextlevel' => CONTEXT_COURSE,
1078         'archetypes' => array(
1079             'editingteacher' => CAP_ALLOW,
1080             'manager' => CAP_ALLOW
1081         ),
1082         'clonepermissionsfrom' => 'moodle/course:update'
1083     ),
1086     'moodle/site:viewparticipants' => array(
1088         'captype' => 'read',
1089         'contextlevel' => CONTEXT_SYSTEM,
1090         'archetypes' => array(
1091             'manager' => CAP_ALLOW
1092         )
1093     ),
1095     'moodle/course:isincompletionreports' => array(
1096         'captype' => 'read',
1097         'contextlevel' => CONTEXT_COURSE,
1098         'archetypes' => array(
1099             'student' => CAP_ALLOW,
1100         ),
1101     ),
1103     'moodle/course:viewscales' => array(
1105         'captype' => 'read',
1106         'contextlevel' => CONTEXT_COURSE,
1107         'archetypes' => array(
1108             'student' => CAP_ALLOW,
1109             'teacher' => CAP_ALLOW,
1110             'editingteacher' => CAP_ALLOW,
1111             'manager' => CAP_ALLOW
1112         )
1113     ),
1115     'moodle/course:managescales' => array(
1117         'captype' => 'write',
1118         'contextlevel' => CONTEXT_COURSE,
1119         'archetypes' => array(
1120             'editingteacher' => CAP_ALLOW,
1121             'manager' => CAP_ALLOW
1122         )
1123     ),
1125     'moodle/course:managegroups' => array(
1127         'captype' => 'write',
1128         'contextlevel' => CONTEXT_COURSE,
1129         'archetypes' => array(
1130             'editingteacher' => CAP_ALLOW,
1131             'manager' => CAP_ALLOW
1132         )
1133     ),
1135     'moodle/course:reset' => array(
1137         'riskbitmask' => RISK_DATALOSS,
1139         'captype' => 'write',
1140         'contextlevel' => CONTEXT_COURSE,
1141         'archetypes' => array(
1142             'editingteacher' => CAP_ALLOW,
1143             'manager' => CAP_ALLOW
1144         )
1145     ),
1147     'moodle/course:viewsuspendedusers' => array(
1149         'captype' => 'read',
1150         'contextlevel' => CONTEXT_SYSTEM,
1151         'archetypes' => array(
1152             'editingteacher' => CAP_ALLOW,
1153             'manager' => CAP_ALLOW
1154         )
1155     ),
1157     'moodle/course:tag' => array(
1158         'riskbitmask' => RISK_SPAM,
1159         'captype' => 'write',
1160         'contextlevel' => CONTEXT_COURSE,
1161         'archetypes' => array(
1162             'manager' => CAP_ALLOW,
1163             'editingteacher' => CAP_ALLOW,
1164         ),
1165         'clonepermissionsfrom' => 'moodle/course:update'
1166     ),
1168     'moodle/blog:view' => array(
1170         'captype' => 'read',
1171         'contextlevel' => CONTEXT_SYSTEM,
1172         'archetypes' => array(
1173             'guest' => CAP_ALLOW,
1174             'user' => CAP_ALLOW,
1175             'student' => CAP_ALLOW,
1176             'teacher' => CAP_ALLOW,
1177             'editingteacher' => CAP_ALLOW,
1178             'manager' => CAP_ALLOW
1179         )
1180     ),
1182     'moodle/blog:search' => array(
1183         'captype' => 'read',
1184         'contextlevel' => CONTEXT_SYSTEM,
1185         'archetypes' => array(
1186             'guest' => CAP_ALLOW,
1187             'user' => CAP_ALLOW,
1188             'student' => CAP_ALLOW,
1189             'teacher' => CAP_ALLOW,
1190             'editingteacher' => CAP_ALLOW,
1191             'manager' => CAP_ALLOW
1192         )
1193     ),
1195     'moodle/blog:viewdrafts' => array(
1197         'riskbitmask' => RISK_PERSONAL,
1198         'captype' => 'read',
1199         'contextlevel' => CONTEXT_SYSTEM,
1200         'archetypes' => array(
1201             'manager' => CAP_ALLOW
1202         )
1203     ),
1205     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1207         'riskbitmask' => RISK_SPAM,
1209         'captype' => 'write',
1210         'contextlevel' => CONTEXT_SYSTEM,
1211         'archetypes' => array(
1212             'user' => CAP_ALLOW,
1213             'manager' => CAP_ALLOW
1214         )
1215     ),
1217     'moodle/blog:manageentries' => array(
1219         'riskbitmask' => RISK_SPAM,
1221         'captype' => 'write',
1222         'contextlevel' => CONTEXT_SYSTEM,
1223         'archetypes' => array(
1224             'teacher' => CAP_ALLOW,
1225             'editingteacher' => CAP_ALLOW,
1226             'manager' => CAP_ALLOW
1227         )
1228     ),
1230     'moodle/blog:manageexternal' => array(
1232         'riskbitmask' => RISK_SPAM,
1234         'captype' => 'write',
1235         'contextlevel' => CONTEXT_SYSTEM,
1236         'archetypes' => array(
1237             'student' => CAP_ALLOW,
1238             'user' => CAP_ALLOW,
1239             'teacher' => CAP_ALLOW,
1240             'editingteacher' => CAP_ALLOW,
1241             'manager' => CAP_ALLOW
1242         )
1243     ),
1245     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1247         'riskbitmask' => RISK_SPAM,
1249         'captype' => 'write',
1250         'contextlevel' => CONTEXT_COURSE,
1251         'archetypes' => array(
1252             'user' => CAP_ALLOW,
1253             'manager' => CAP_ALLOW
1254         )
1255     ),
1257     'moodle/calendar:managegroupentries' => array(
1259         'riskbitmask' => RISK_SPAM,
1261         'captype' => 'write',
1262         'contextlevel' => CONTEXT_COURSE,
1263         'archetypes' => array(
1264             'teacher' => CAP_ALLOW,
1265             'editingteacher' => CAP_ALLOW,
1266             'manager' => CAP_ALLOW
1267         )
1268     ),
1270     'moodle/calendar:manageentries' => array(
1272         'riskbitmask' => RISK_SPAM,
1274         'captype' => 'write',
1275         'contextlevel' => CONTEXT_COURSE,
1276         'archetypes' => array(
1277             'teacher' => CAP_ALLOW,
1278             'editingteacher' => CAP_ALLOW,
1279             'manager' => CAP_ALLOW
1280         )
1281     ),
1283     'moodle/user:editprofile' => array(
1285         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1287         'captype' => 'write',
1288         'contextlevel' => CONTEXT_USER,
1289         'archetypes' => array(
1290             'manager' => CAP_ALLOW
1291         )
1292     ),
1294     'moodle/user:editownprofile' => array(
1296         'riskbitmask' => RISK_SPAM,
1298         'captype' => 'write',
1299         'contextlevel' => CONTEXT_SYSTEM,
1300         'archetypes' => array(
1301             'guest' => CAP_PROHIBIT,
1302             'user' => CAP_ALLOW,
1303             'manager' => CAP_ALLOW
1304         )
1305     ),
1307     'moodle/user:changeownpassword' => array(
1309         'captype' => 'write',
1310         'contextlevel' => CONTEXT_SYSTEM,
1311         'archetypes' => array(
1312             'guest' => CAP_PROHIBIT,
1313             'user' => CAP_ALLOW,
1314             'manager' => CAP_ALLOW
1315         )
1316     ),
1318     // The next 3 might make no sense for some roles, e.g teacher, etc.
1319     // since the next level up is site. These are more for the parent role
1320     'moodle/user:readuserposts' => array(
1322         'captype' => 'read',
1323         'contextlevel' => CONTEXT_USER,
1324         'archetypes' => array(
1325             'student' => CAP_ALLOW,
1326             'teacher' => CAP_ALLOW,
1327             'editingteacher' => CAP_ALLOW,
1328             'manager' => CAP_ALLOW
1329         )
1330     ),
1332     'moodle/user:readuserblogs' => array(
1334         'captype' => 'read',
1335         'contextlevel' => CONTEXT_USER,
1336         'archetypes' => array(
1337             'student' => CAP_ALLOW,
1338             'teacher' => CAP_ALLOW,
1339             'editingteacher' => CAP_ALLOW,
1340             'manager' => CAP_ALLOW
1341         )
1342     ),
1344     // designed for parent role - not used in legacy roles
1345     'moodle/user:viewuseractivitiesreport' => array(
1346         'riskbitmask' => RISK_PERSONAL,
1348         'captype' => 'read',
1349         'contextlevel' => CONTEXT_USER,
1350         'archetypes' => array(
1351         )
1352     ),
1354     //capabilities designed for the new message system configuration
1355     'moodle/user:editmessageprofile' => array(
1357          'riskbitmask' => RISK_SPAM,
1359          'captype' => 'write',
1360          'contextlevel' => CONTEXT_USER,
1361          'archetypes' => array(
1362              'manager' => CAP_ALLOW
1363          )
1364      ),
1366      'moodle/user:editownmessageprofile' => array(
1368          'captype' => 'write',
1369          'contextlevel' => CONTEXT_SYSTEM,
1370          'archetypes' => array(
1371              'guest' => CAP_PROHIBIT,
1372              'user' => CAP_ALLOW,
1373              'manager' => CAP_ALLOW
1374          )
1375      ),
1377     'moodle/question:managecategory' => array(
1378         'riskbitmask' => RISK_SPAM | RISK_XSS,
1379         'captype' => 'write',
1380         'contextlevel' => CONTEXT_COURSE,
1381         'archetypes' => array(
1382             'editingteacher' => CAP_ALLOW,
1383             'manager' => CAP_ALLOW
1384         )
1385     ),
1387     //new in moodle 1.9
1388     'moodle/question:add' => array(
1389         'riskbitmask' => RISK_SPAM | RISK_XSS,
1390         'captype' => 'write',
1391         'contextlevel' => CONTEXT_COURSE,
1392         'archetypes' => array(
1393             'editingteacher' => CAP_ALLOW,
1394             'manager' => CAP_ALLOW
1395         ),
1396         'clonepermissionsfrom' =>  'moodle/question:manage'
1397     ),
1398     'moodle/question:editmine' => array(
1399         'riskbitmask' => RISK_SPAM | RISK_XSS,
1400         'captype' => 'write',
1401         'contextlevel' => CONTEXT_COURSE,
1402         'archetypes' => array(
1403             'editingteacher' => CAP_ALLOW,
1404             'manager' => CAP_ALLOW
1405         ),
1406         'clonepermissionsfrom' =>  'moodle/question:manage'
1407     ),
1408     'moodle/question:editall' => array(
1409         'riskbitmask' => RISK_SPAM | RISK_XSS,
1410         'captype' => 'write',
1411         'contextlevel' => CONTEXT_COURSE,
1412         'archetypes' => array(
1413             'editingteacher' => CAP_ALLOW,
1414             'manager' => CAP_ALLOW
1415         ),
1416         'clonepermissionsfrom' =>  'moodle/question:manage'
1417     ),
1418     'moodle/question:viewmine' => array(
1419         'captype' => 'read',
1420         'contextlevel' => CONTEXT_COURSE,
1421         'archetypes' => array(
1422             'editingteacher' => CAP_ALLOW,
1423             'manager' => CAP_ALLOW
1424         ),
1425         'clonepermissionsfrom' =>  'moodle/question:manage'
1426     ),
1427     'moodle/question:viewall' => array(
1428         'captype' => 'read',
1429         'contextlevel' => CONTEXT_COURSE,
1430         'archetypes' => array(
1431             'editingteacher' => CAP_ALLOW,
1432             'manager' => CAP_ALLOW
1433         ),
1434         'clonepermissionsfrom' =>  'moodle/question:manage'
1435     ),
1436     'moodle/question:usemine' => array(
1437         'captype' => 'read',
1438         'contextlevel' => CONTEXT_COURSE,
1439         'archetypes' => array(
1440             'editingteacher' => CAP_ALLOW,
1441             'manager' => CAP_ALLOW
1442         ),
1443         'clonepermissionsfrom' =>  'moodle/question:manage'
1444     ),
1445     'moodle/question:useall' => array(
1446         'captype' => 'read',
1447         'contextlevel' => CONTEXT_COURSE,
1448         'archetypes' => array(
1449             'editingteacher' => CAP_ALLOW,
1450             'manager' => CAP_ALLOW
1451         ),
1452         'clonepermissionsfrom' =>  'moodle/question:manage'
1453     ),
1454     'moodle/question:movemine' => array(
1455         'captype' => 'write',
1456         'contextlevel' => CONTEXT_COURSE,
1457         'archetypes' => array(
1458             'editingteacher' => CAP_ALLOW,
1459             'manager' => CAP_ALLOW
1460         ),
1461         'clonepermissionsfrom' =>  'moodle/question:manage'
1462     ),
1463     'moodle/question:moveall' => array(
1464         'captype' => 'write',
1465         'contextlevel' => CONTEXT_COURSE,
1466         'archetypes' => array(
1467             'editingteacher' => CAP_ALLOW,
1468             'manager' => CAP_ALLOW
1469         ),
1470         'clonepermissionsfrom' =>  'moodle/question:manage'
1471     ),
1472     //END new in moodle 1.9
1474     // Configure the installed question types.
1475     'moodle/question:config' => array(
1476         'riskbitmask' => RISK_CONFIG,
1477         'captype' => 'write',
1478         'contextlevel' => CONTEXT_SYSTEM,
1479         'archetypes' => array(
1480             'manager' => CAP_ALLOW
1481         )
1482     ),
1484     // While attempting questions, the ability to flag particular questions for later reference.
1485     'moodle/question:flag' => array(
1486         'captype' => 'write',
1487         'contextlevel' => CONTEXT_COURSE,
1488         'archetypes' => array(
1489             'student' => CAP_ALLOW,
1490             'teacher' => CAP_ALLOW,
1491             'editingteacher' => CAP_ALLOW,
1492             'manager' => CAP_ALLOW
1493         )
1494     ),
1496     // Controls whether the user can tag his own questions.
1497     'moodle/question:tagmine' => array(
1498         'captype' => 'write',
1499         'contextlevel' => CONTEXT_COURSE,
1500         'archetypes' => array(
1501             'editingteacher' => CAP_ALLOW,
1502             'manager' => CAP_ALLOW
1503         ),
1504         'clonepermissionsfrom' => 'moodle/question:editmine'
1505     ),
1507     // Controls whether the user can tag all questions.
1508     'moodle/question:tagall' => array(
1509         'captype' => 'write',
1510         'contextlevel' => CONTEXT_COURSE,
1511         'archetypes' => array(
1512             'editingteacher' => CAP_ALLOW,
1513             'manager' => CAP_ALLOW
1514         ),
1515         'clonepermissionsfrom' => 'moodle/question:editall'
1516     ),
1518     'moodle/site:doclinks' => array(
1519         'captype' => 'read',
1520         'contextlevel' => CONTEXT_SYSTEM,
1521         'archetypes' => array(
1522             'teacher' => CAP_ALLOW,
1523             'editingteacher' => CAP_ALLOW,
1524             'manager' => CAP_ALLOW
1525         )
1526     ),
1528     'moodle/course:sectionvisibility' => array(
1530         'captype' => 'write',
1531         'contextlevel' => CONTEXT_COURSE,
1532         'archetypes' => array(
1533             'editingteacher' => CAP_ALLOW,
1534             'manager' => CAP_ALLOW
1535         )
1536     ),
1538     'moodle/course:useremail' => array(
1540         'captype' => 'write',
1541         'contextlevel' => CONTEXT_COURSE,
1542         'archetypes' => array(
1543             'editingteacher' => CAP_ALLOW,
1544             'manager' => CAP_ALLOW
1545         )
1546     ),
1548     'moodle/course:viewhiddensections' => array(
1550         'captype' => 'write',
1551         'contextlevel' => CONTEXT_COURSE,
1552         'archetypes' => array(
1553             'editingteacher' => CAP_ALLOW,
1554             'manager' => CAP_ALLOW
1555         )
1556     ),
1558     'moodle/course:setcurrentsection' => array(
1560         'captype' => 'write',
1561         'contextlevel' => CONTEXT_COURSE,
1562         'archetypes' => array(
1563             'editingteacher' => CAP_ALLOW,
1564             'manager' => CAP_ALLOW
1565         )
1566     ),
1568     'moodle/course:movesections' => array(
1570         'captype' => 'write',
1571         'contextlevel' => CONTEXT_COURSE,
1572         'archetypes' => array(
1573             'editingteacher' => CAP_ALLOW,
1574             'manager' => CAP_ALLOW
1575         ),
1576         'clonepermissionsfrom' => 'moodle/course:update'
1577     ),
1579     'moodle/site:mnetlogintoremote' => array(
1581         'captype' => 'read',
1582         'contextlevel' => CONTEXT_SYSTEM,
1583         'archetypes' => array(
1584         )
1585     ),
1587     'moodle/grade:viewall' => array(
1588         'riskbitmask' => RISK_PERSONAL,
1589         'captype' => 'read',
1590         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1591         'archetypes' => array(
1592             'teacher' => CAP_ALLOW,
1593             'editingteacher' => CAP_ALLOW,
1594             'manager' => CAP_ALLOW
1595         ),
1596         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1597     ),
1599     'moodle/grade:view' => array(
1600         'captype' => 'read',
1601         'contextlevel' => CONTEXT_COURSE,
1602         'archetypes' => array(
1603             'student' => CAP_ALLOW
1604         )
1605     ),
1607     'moodle/grade:viewhidden' => array(
1608         'riskbitmask' => RISK_PERSONAL,
1609         'captype' => 'read',
1610         'contextlevel' => CONTEXT_COURSE,
1611         'archetypes' => array(
1612             'teacher' => CAP_ALLOW,
1613             'editingteacher' => CAP_ALLOW,
1614             'manager' => CAP_ALLOW
1615         ),
1616         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1617     ),
1619     'moodle/grade:import' => array(
1620         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1621         'captype' => 'write',
1622         'contextlevel' => CONTEXT_COURSE,
1623         'archetypes' => array(
1624             'editingteacher' => CAP_ALLOW,
1625             'manager' => CAP_ALLOW
1626         ),
1627         'clonepermissionsfrom' => 'moodle/course:managegrades'
1628     ),
1630     'moodle/grade:export' => array(
1631         'riskbitmask' => RISK_PERSONAL,
1632         'captype' => 'read',
1633         'contextlevel' => CONTEXT_COURSE,
1634         'archetypes' => array(
1635             'teacher' => CAP_ALLOW,
1636             'editingteacher' => CAP_ALLOW,
1637             'manager' => CAP_ALLOW
1638         ),
1639         'clonepermissionsfrom' => 'moodle/course:managegrades'
1640     ),
1642     'moodle/grade:manage' => array(
1643         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1644         'captype' => 'write',
1645         'contextlevel' => CONTEXT_COURSE,
1646         'archetypes' => array(
1647             'editingteacher' => CAP_ALLOW,
1648             'manager' => CAP_ALLOW
1649         ),
1650         'clonepermissionsfrom' => 'moodle/course:managegrades'
1651     ),
1653     'moodle/grade:edit' => array(
1654         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1655         'captype' => 'write',
1656         'contextlevel' => CONTEXT_COURSE,
1657         'archetypes' => array(
1658             'editingteacher' => CAP_ALLOW,
1659             'manager' => CAP_ALLOW
1660         ),
1661         'clonepermissionsfrom' => 'moodle/course:managegrades'
1662     ),
1664     // ability to define advanced grading forms in activities either from scratch
1665     // or from a shared template
1666     'moodle/grade:managegradingforms' => array(
1667         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1668         'captype' => 'write',
1669         'contextlevel' => CONTEXT_COURSE,
1670         'archetypes' => array(
1671             'editingteacher' => CAP_ALLOW,
1672             'manager' => CAP_ALLOW
1673         ),
1674         'clonepermissionsfrom' => 'moodle/course:managegrades'
1675     ),
1677     // ability to save a grading form as a new shared template and eventually edit
1678     // and remove own templates (templates originally shared by that user)
1679     'moodle/grade:sharegradingforms' => array(
1680         'riskbitmask' => RISK_XSS,
1681         'captype' => 'write',
1682         'contextlevel' => CONTEXT_SYSTEM,
1683         'archetypes' => array(
1684             'manager' => CAP_ALLOW
1685         ),
1686     ),
1688     // ability to edit and remove any shared template, even those originally shared
1689     // by other users
1690     'moodle/grade:managesharedforms' => array(
1691         'riskbitmask' => RISK_XSS,
1692         'captype' => 'write',
1693         'contextlevel' => CONTEXT_SYSTEM,
1694         'archetypes' => array(
1695             'manager' => CAP_ALLOW
1696         ),
1697     ),
1699     'moodle/grade:manageoutcomes' => array(
1700         'captype' => 'write',
1701         'contextlevel' => CONTEXT_COURSE,
1702         'archetypes' => array(
1703             'editingteacher' => CAP_ALLOW,
1704             'manager' => CAP_ALLOW
1705         ),
1706         'clonepermissionsfrom' => 'moodle/course:managegrades'
1707     ),
1709     'moodle/grade:manageletters' => array(
1710         'captype' => 'write',
1711         'contextlevel' => CONTEXT_COURSE,
1712         'archetypes' => array(
1713             'editingteacher' => CAP_ALLOW,
1714             'manager' => CAP_ALLOW
1715         ),
1716         'clonepermissionsfrom' => 'moodle/course:managegrades'
1717     ),
1719     'moodle/grade:hide' => array(
1720         'captype' => 'write',
1721         'contextlevel' => CONTEXT_COURSE,
1722         'archetypes' => array(
1723             'editingteacher' => CAP_ALLOW,
1724             'manager' => CAP_ALLOW
1725         )
1726     ),
1728     'moodle/grade:lock' => array(
1729         'captype' => 'write',
1730         'contextlevel' => CONTEXT_COURSE,
1731         'archetypes' => array(
1732             'editingteacher' => CAP_ALLOW,
1733             'manager' => CAP_ALLOW
1734         )
1735     ),
1737     'moodle/grade:unlock' => array(
1738         'captype' => 'write',
1739         'contextlevel' => CONTEXT_COURSE,
1740         'archetypes' => array(
1741             'editingteacher' => CAP_ALLOW,
1742             'manager' => CAP_ALLOW
1743         )
1744     ),
1746     'moodle/my:manageblocks' => array(
1747         'captype' => 'write',
1748         'contextlevel' => CONTEXT_SYSTEM,
1749         'archetypes' => array(
1750             'user' => CAP_ALLOW
1751         )
1752     ),
1754     'moodle/notes:view' => array(
1755         'captype' => 'read',
1756         'contextlevel' => CONTEXT_COURSE,
1757         'archetypes' => array(
1758             'teacher' => CAP_ALLOW,
1759             'editingteacher' => CAP_ALLOW,
1760             'manager' => CAP_ALLOW
1761         )
1762     ),
1764     'moodle/notes:manage' => array(
1765         'riskbitmask' => RISK_SPAM,
1767         'captype' => 'write',
1768         'contextlevel' => CONTEXT_COURSE,
1769         'archetypes' => array(
1770             'teacher' => CAP_ALLOW,
1771             'editingteacher' => CAP_ALLOW,
1772             'manager' => CAP_ALLOW
1773         )
1774     ),
1776     'moodle/tag:manage' => array(
1777         'riskbitmask' => RISK_SPAM,
1779         'captype' => 'write',
1780         'contextlevel' => CONTEXT_SYSTEM,
1781         'archetypes' => array(
1782             'manager' => CAP_ALLOW
1783         )
1784     ),
1786     'moodle/tag:edit' => array(
1787         'riskbitmask' => RISK_SPAM,
1789         'captype' => 'write',
1790         'contextlevel' => CONTEXT_SYSTEM,
1791         'archetypes' => array(
1792             'manager' => CAP_ALLOW
1793         )
1794     ),
1796     'moodle/tag:flag' => array(
1797         'riskbitmask' => RISK_SPAM,
1799         'captype' => 'write',
1800         'contextlevel' => CONTEXT_SYSTEM,
1801         'archetypes' => array(
1802             'user' => CAP_ALLOW
1803         )
1804     ),
1806     'moodle/tag:editblocks' => array(
1807         'captype' => 'write',
1808         'contextlevel' => CONTEXT_SYSTEM,
1809         'archetypes' => array(
1810             'teacher' => CAP_ALLOW,
1811             'editingteacher' => CAP_ALLOW,
1812             'manager' => CAP_ALLOW
1813         )
1814     ),
1816     'moodle/block:view' => array(
1817         'captype' => 'read',
1818         'contextlevel' => CONTEXT_BLOCK,
1819         'archetypes' => array(
1820             'guest' => CAP_ALLOW,
1821             'user' => CAP_ALLOW,
1822             'student' => CAP_ALLOW,
1823             'teacher' => CAP_ALLOW,
1824             'editingteacher' => CAP_ALLOW,
1825         )
1826     ),
1828     'moodle/block:edit' => array(
1829         'riskbitmask' => RISK_SPAM | RISK_XSS,
1831         'captype' => 'write',
1832         'contextlevel' => CONTEXT_BLOCK,
1833         'archetypes' => array(
1834             'editingteacher' => CAP_ALLOW,
1835             'manager' => CAP_ALLOW
1836         )
1837     ),
1839     'moodle/portfolio:export' => array(
1840         'captype' => 'read',
1841         'contextlevel' => CONTEXT_SYSTEM,
1842         'archetypes' => array(
1843             'user' => CAP_ALLOW,
1844             'student' => CAP_ALLOW,
1845             'teacher' => CAP_ALLOW,
1846             'editingteacher' => CAP_ALLOW,
1847         )
1848     ),
1849     'moodle/comment:view' => array(
1850         'captype' => 'read',
1851         'contextlevel' => CONTEXT_COURSE,
1852         'archetypes' => array(
1853             'frontpage' => CAP_ALLOW,
1854             'guest' => CAP_ALLOW,
1855             'user' => CAP_ALLOW,
1856             'student' => CAP_ALLOW,
1857             'teacher' => CAP_ALLOW,
1858             'editingteacher' => CAP_ALLOW,
1859             'manager' => CAP_ALLOW
1860         )
1861     ),
1862     'moodle/comment:post' => array(
1864         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1865         'captype' => 'write',
1866         'contextlevel' => CONTEXT_COURSE,
1867         'archetypes' => array(
1868             'user' => CAP_ALLOW,
1869             'student' => CAP_ALLOW,
1870             'teacher' => CAP_ALLOW,
1871             'editingteacher' => CAP_ALLOW,
1872             'manager' => CAP_ALLOW
1873         )
1874     ),
1875     'moodle/comment:delete' => array(
1877         'riskbitmask' => RISK_DATALOSS,
1878         'captype' => 'write',
1879         'contextlevel' => CONTEXT_COURSE,
1880         'archetypes' => array(
1881             'editingteacher' => CAP_ALLOW,
1882             'manager' => CAP_ALLOW
1883         )
1884     ),
1885     'moodle/webservice:createtoken' => array(
1887         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1888         'captype' => 'write',
1889         'contextlevel' => CONTEXT_SYSTEM,
1890         'archetypes' => array(
1891             'manager' => CAP_ALLOW
1892         )
1893     ),
1894     'moodle/webservice:managealltokens' => array(
1896         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL,
1897         'captype' => 'write',
1898         'contextlevel' => CONTEXT_SYSTEM,
1899         'archetypes' => array()
1900     ),
1901     'moodle/webservice:createmobiletoken' => array(
1903         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1904         'captype' => 'write',
1905         'contextlevel' => CONTEXT_SYSTEM,
1906         'archetypes' => array(
1907             'user' => CAP_ALLOW
1908         )
1909     ),
1910     'moodle/rating:view' => array(
1912         'captype' => 'read',
1913         'contextlevel' => CONTEXT_COURSE,
1914         'archetypes' => array(
1915             'user' => CAP_ALLOW,
1916             'student' => CAP_ALLOW,
1917             'teacher' => CAP_ALLOW,
1918             'editingteacher' => CAP_ALLOW,
1919             'manager' => CAP_ALLOW
1920         )
1921     ),
1922     'moodle/rating:viewany' => array(
1924         'riskbitmask' => RISK_PERSONAL,
1925         'captype' => 'read',
1926         'contextlevel' => CONTEXT_COURSE,
1927         'archetypes' => array(
1928             'user' => CAP_ALLOW,
1929             'student' => CAP_ALLOW,
1930             'teacher' => CAP_ALLOW,
1931             'editingteacher' => CAP_ALLOW,
1932             'manager' => CAP_ALLOW
1933         )
1934     ),
1935     'moodle/rating:viewall' => array(
1937         'riskbitmask' => RISK_PERSONAL,
1938         'captype' => 'read',
1939         'contextlevel' => CONTEXT_COURSE,
1940         'archetypes' => array(
1941             'user' => CAP_ALLOW,
1942             'student' => CAP_ALLOW,
1943             'teacher' => CAP_ALLOW,
1944             'editingteacher' => CAP_ALLOW,
1945             'manager' => CAP_ALLOW
1946         )
1947     ),
1948     'moodle/rating:rate' => array(
1950         'captype' => 'write',
1951         'contextlevel' => CONTEXT_COURSE,
1952         'archetypes' => array(
1953             'user' => CAP_ALLOW,
1954             'student' => CAP_ALLOW,
1955             'teacher' => CAP_ALLOW,
1956             'editingteacher' => CAP_ALLOW,
1957             'manager' => CAP_ALLOW
1958         )
1959     ),
1960      'moodle/course:publish' => array(
1962         'captype' => 'write',
1963         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1964         'contextlevel' => CONTEXT_SYSTEM,
1965         'archetypes' => array(
1966             'manager' => CAP_ALLOW
1967         )
1968     ),
1969     'moodle/course:markcomplete' => array(
1970         'captype' => 'write',
1971         'contextlevel' => CONTEXT_COURSE,
1972         'archetypes' => array(
1973             'teacher' => CAP_ALLOW,
1974             'editingteacher' => CAP_ALLOW,
1975             'manager' => CAP_ALLOW
1976         )
1977     ),
1978     'moodle/course:overridecompletion' => array(
1979         'captype' => 'write',
1980         'contextlevel' => CONTEXT_COURSE,
1981         'archetypes' => array(
1982             'teacher' => CAP_ALLOW,
1983             'editingteacher' => CAP_ALLOW,
1984             'manager' => CAP_ALLOW
1985         )
1986     ),
1987     'moodle/community:add' => array(
1988         'captype' => 'write',
1989         'contextlevel' => CONTEXT_SYSTEM,
1990         'archetypes' => array(
1991             'manager' => CAP_ALLOW,
1992             'teacher' => CAP_ALLOW,
1993             'editingteacher' => CAP_ALLOW,
1994         )
1995     ),
1996     'moodle/community:download' => array(
1997         'captype' => 'write',
1998         'contextlevel' => CONTEXT_SYSTEM,
1999         'archetypes' => array(
2000             'manager' => CAP_ALLOW,
2001             'editingteacher' => CAP_ALLOW,
2002         )
2003     ),
2005     // Badges.
2006     'moodle/badges:manageglobalsettings' => array(
2007         'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
2008         'captype'      => 'write',
2009         'contextlevel' => CONTEXT_SYSTEM,
2010         'archetypes'   => array(
2011             'manager'       => CAP_ALLOW,
2012         )
2013     ),
2015     // View available badges without earning them.
2016     'moodle/badges:viewbadges' => array(
2017         'captype'       => 'read',
2018         'contextlevel'  => CONTEXT_COURSE,
2019         'archetypes'    => array(
2020             'user'          => CAP_ALLOW,
2021         )
2022     ),
2024     // Manage badges on own private badges page.
2025     'moodle/badges:manageownbadges' => array(
2026         'riskbitmap'    => RISK_SPAM,
2027         'captype'       => 'write',
2028         'contextlevel'  => CONTEXT_USER,
2029         'archetypes'    => array(
2030             'user'    => CAP_ALLOW
2031         )
2032     ),
2034     // View public badges in other users' profiles.
2035     'moodle/badges:viewotherbadges' => array(
2036         'riskbitmap'    => RISK_PERSONAL,
2037         'captype'       => 'read',
2038         'contextlevel'  => CONTEXT_USER,
2039         'archetypes'    => array(
2040             'user'    => CAP_ALLOW
2041         )
2042     ),
2044     // Earn badge.
2045     'moodle/badges:earnbadge' => array(
2046         'captype'       => 'write',
2047         'contextlevel'  => CONTEXT_COURSE,
2048         'archetypes'    => array(
2049             'user'           => CAP_ALLOW,
2050         )
2051     ),
2053     // Create/duplicate badges.
2054     'moodle/badges:createbadge' => array(
2055         'riskbitmask'  => RISK_SPAM,
2056         'captype'      => 'write',
2057         'contextlevel' => CONTEXT_COURSE,
2058         'archetypes'   => array(
2059             'manager'        => CAP_ALLOW,
2060             'editingteacher' => CAP_ALLOW,
2061         )
2062     ),
2064     // Delete badges.
2065     'moodle/badges:deletebadge' => array(
2066         'riskbitmask'  => RISK_DATALOSS,
2067         'captype'      => 'write',
2068         'contextlevel' => CONTEXT_COURSE,
2069         'archetypes'   => array(
2070             'manager'        => CAP_ALLOW,
2071             'editingteacher' => CAP_ALLOW,
2072         )
2073     ),
2075     // Set up/edit badge details.
2076     'moodle/badges:configuredetails' => array(
2077         'riskbitmask'  => RISK_SPAM,
2078         'captype'      => 'write',
2079         'contextlevel' => CONTEXT_COURSE,
2080         'archetypes'   => array(
2081             'manager'        => CAP_ALLOW,
2082             'editingteacher' => CAP_ALLOW,
2083         )
2084     ),
2086     // Set up/edit criteria of earning a badge.
2087     'moodle/badges:configurecriteria' => array(
2088         'riskbitmask'  => RISK_XSS,
2089         'captype'      => 'write',
2090         'contextlevel' => CONTEXT_COURSE,
2091         'archetypes'   => array(
2092             'manager'        => CAP_ALLOW,
2093             'editingteacher' => CAP_ALLOW,
2094         )
2095     ),
2097     // Configure badge messages.
2098     'moodle/badges:configuremessages' => array(
2099         'riskbitmask'  => RISK_SPAM,
2100         'captype'      => 'write',
2101         'contextlevel' => CONTEXT_COURSE,
2102         'archetypes'   => array(
2103             'manager'        => CAP_ALLOW,
2104             'editingteacher' => CAP_ALLOW,
2105         )
2106     ),
2108     // Award badge to a user.
2109     'moodle/badges:awardbadge' => array(
2110         'riskbitmask'  => RISK_SPAM,
2111         'captype'      => 'write',
2112         'contextlevel' => CONTEXT_COURSE,
2113         'archetypes'   => array(
2114             'manager'        => CAP_ALLOW,
2115             'teacher'        => CAP_ALLOW,
2116             'editingteacher' => CAP_ALLOW,
2117         )
2118     ),
2120     // Revoke badge from a user.
2121     'moodle/badges:revokebadge' => array(
2122         'riskbitmask'  => RISK_SPAM,
2123         'captype'      => 'write',
2124         'contextlevel' => CONTEXT_COURSE,
2125         'archetypes'   => array(
2126             'manager'        => CAP_ALLOW,
2127             'teacher'        => CAP_ALLOW,
2128             'editingteacher' => CAP_ALLOW,
2129         )
2130     ),
2132     // View users who earned a specific badge without being able to award a badge.
2133     'moodle/badges:viewawarded' => array(
2134         'riskbitmask'  => RISK_PERSONAL,
2135         'captype'      => 'read',
2136         'contextlevel' => CONTEXT_COURSE,
2137         'archetypes'   => array(
2138                 'manager'        => CAP_ALLOW,
2139                 'teacher'        => CAP_ALLOW,
2140                 'editingteacher' => CAP_ALLOW,
2141         )
2142     ),
2144     'moodle/site:forcelanguage' => array(
2145         'captype' => 'read',
2146         'contextlevel' => CONTEXT_SYSTEM,
2147         'archetypes' => array(
2148         )
2149     ),
2151     // Perform site-wide search queries through the search API.
2152     'moodle/search:query' => array(
2153         'captype' => 'read',
2154         'contextlevel' => CONTEXT_SYSTEM,
2155         'archetypes' => array(
2156             'guest' => CAP_ALLOW,
2157             'user' => CAP_ALLOW,
2158             'student' => CAP_ALLOW,
2159             'teacher' => CAP_ALLOW,
2160             'editingteacher' => CAP_ALLOW,
2161             'manager' => CAP_ALLOW
2162         )
2163     ),
2165     // Competencies.
2166     'moodle/competency:competencymanage' => array(
2167         'captype' => 'write',
2168         'contextlevel' => CONTEXT_COURSECAT,
2169         'archetypes' => array(
2170             'manager' => CAP_ALLOW
2171         )
2172     ),
2173     'moodle/competency:competencyview' => array(
2174         'captype' => 'read',
2175         'contextlevel' => CONTEXT_COURSECAT,
2176         'archetypes' => array(
2177             'user' => CAP_ALLOW
2178         ),
2179     ),
2180     'moodle/competency:competencygrade' => array(
2181         'captype' => 'write',
2182         'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER.
2183         'archetypes' => array(
2184             'editingteacher' => CAP_ALLOW,
2185             'teacher' => CAP_ALLOW,
2186             'manager' => CAP_ALLOW
2187         ),
2188     ),
2189     // Course competencies.
2190     'moodle/competency:coursecompetencymanage' => array(
2191         'captype' => 'write',
2192         'contextlevel' => CONTEXT_COURSE,
2193         'archetypes' => array(
2194             'editingteacher' => CAP_ALLOW,
2195             'manager' => CAP_ALLOW
2196         ),
2197     ),
2198     'moodle/competency:coursecompetencyconfigure' => array(
2199         'captype' => 'write',
2200         'contextlevel' => CONTEXT_MODULE,
2201         'archetypes' => array(
2202             'manager' => CAP_ALLOW
2203         ),
2204     ),
2205     'moodle/competency:coursecompetencygradable' => array(
2206         'captype' => 'read',
2207         'contextlevel' => CONTEXT_COURSE,
2208         'archetypes' => array(
2209             'student' => CAP_ALLOW
2210         ),
2211         'clonepermissionsfrom' => 'moodle/course:isincompletionreports'
2212     ),
2213     'moodle/competency:coursecompetencyview' => array(
2214         'captype' => 'read',
2215         'contextlevel' => CONTEXT_COURSE,
2216         'archetypes' => array(
2217             'user' => CAP_ALLOW
2218         ),
2219     ),
2220     // Evidence.
2221     'moodle/competency:evidencedelete' => array(
2222         'captype' => 'write',
2223         'contextlevel' => CONTEXT_USER,
2224         'archetypes' => array(
2225         ),
2226         'clonepermissionsfrom' => 'moodle/site:config'
2227     ),
2228     // User plans.
2229     'moodle/competency:planmanage' => array(
2230         'captype' => 'write',
2231         'contextlevel' => CONTEXT_USER,
2232         'archetypes' => array(
2233             'manager' => CAP_ALLOW
2234         ),
2235     ),
2236     'moodle/competency:planmanagedraft' => array(
2237         'captype' => 'write',
2238         'contextlevel' => CONTEXT_USER,
2239         'archetypes' => array(
2240             'manager' => CAP_ALLOW
2241         ),
2242     ),
2243     'moodle/competency:planmanageown' => array(
2244         'captype' => 'write',
2245         'contextlevel' => CONTEXT_USER,
2246         'archetypes' => array(
2247         ),
2248     ),
2249     'moodle/competency:planmanageowndraft' => array(
2250         'captype' => 'write',
2251         'contextlevel' => CONTEXT_USER,
2252         'archetypes' => array(
2253         ),
2254     ),
2255     'moodle/competency:planview' => array(
2256         'captype' => 'read',
2257         'contextlevel' => CONTEXT_USER,
2258         'archetypes' => array(
2259             'manager' => CAP_ALLOW
2260         ),
2261     ),
2262     'moodle/competency:planviewdraft' => array(
2263         'captype' => 'read',
2264         'contextlevel' => CONTEXT_USER,
2265         'archetypes' => array(
2266             'manager' => CAP_ALLOW
2267         ),
2268     ),
2269     'moodle/competency:planviewown' => array(
2270         'captype' => 'read',
2271         'contextlevel' => CONTEXT_USER,
2272         'archetypes' => array(
2273             'user' => CAP_ALLOW
2274         ),
2275     ),
2276     'moodle/competency:planviewowndraft' => array(
2277         'captype' => 'read',
2278         'contextlevel' => CONTEXT_USER,
2279         'archetypes' => array(
2280         ),
2281     ),
2282     'moodle/competency:planrequestreview' => array(
2283         'captype' => 'write',
2284         'contextlevel' => CONTEXT_USER,
2285         'archetypes' => array(
2286             'manager' => CAP_ALLOW
2287         )
2288     ),
2289     'moodle/competency:planrequestreviewown' => array(
2290         'captype' => 'write',
2291         'contextlevel' => CONTEXT_USER,
2292         'archetypes' => array(
2293             'user' => CAP_ALLOW
2294         )
2295     ),
2296     'moodle/competency:planreview' => array(
2297         'captype' => 'write',
2298         'contextlevel' => CONTEXT_USER,
2299         'archetypes' => array(
2300             'manager' => CAP_ALLOW
2301         ),
2302     ),
2303     'moodle/competency:plancomment' => array(
2304         'captype' => 'write',
2305         'contextlevel' => CONTEXT_USER,
2306         'archetypes' => array(
2307             'manager' => CAP_ALLOW
2308         ),
2309     ),
2310     'moodle/competency:plancommentown' => array(
2311         'captype' => 'write',
2312         'contextlevel' => CONTEXT_USER,
2313         'archetypes' => array(
2314             'user' => CAP_ALLOW
2315         ),
2316     ),
2317     // User competencies.
2318     'moodle/competency:usercompetencyview' => array(
2319         'captype' => 'read',
2320         'contextlevel' => CONTEXT_USER,     // And CONTEXT_COURSE.
2321         'archetypes' => array(
2322             'manager' => CAP_ALLOW,
2323             'editingteacher' => CAP_ALLOW,
2324             'teacher' => CAP_ALLOW
2325         )
2326     ),
2327     'moodle/competency:usercompetencyrequestreview' => array(
2328         'captype' => 'write',
2329         'contextlevel' => CONTEXT_USER,
2330         'archetypes' => array(
2331             'manager' => CAP_ALLOW
2332         )
2333     ),
2334     'moodle/competency:usercompetencyrequestreviewown' => array(
2335         'captype' => 'write',
2336         'contextlevel' => CONTEXT_USER,
2337         'archetypes' => array(
2338             'user' => CAP_ALLOW
2339         )
2340     ),
2341     'moodle/competency:usercompetencyreview' => array(
2342         'captype' => 'write',
2343         'contextlevel' => CONTEXT_USER,
2344         'archetypes' => array(
2345             'manager' => CAP_ALLOW
2346         ),
2347     ),
2348     'moodle/competency:usercompetencycomment' => array(
2349         'captype' => 'write',
2350         'contextlevel' => CONTEXT_USER,
2351         'archetypes' => array(
2352             'manager' => CAP_ALLOW
2353         ),
2354     ),
2355     'moodle/competency:usercompetencycommentown' => array(
2356         'captype' => 'write',
2357         'contextlevel' => CONTEXT_USER,
2358         'archetypes' => array(
2359             'user' => CAP_ALLOW
2360         ),
2361     ),
2362     // Template.
2363     'moodle/competency:templatemanage' => array(
2364         'captype' => 'write',
2365         'contextlevel' => CONTEXT_COURSECAT,
2366         'archetypes' => array(
2367             'manager' => CAP_ALLOW
2368         ),
2369     ),
2370     'moodle/analytics:listinsights' => array(
2371         'riskbitmask' => RISK_PERSONAL,
2372         'captype' => 'read',
2373         'contextlevel' => CONTEXT_COURSE,
2374         'archetypes' => array(
2375             'teacher' => CAP_ALLOW,
2376             'editingteacher' => CAP_ALLOW,
2377             'manager' => CAP_ALLOW
2378         )
2379     ),
2380     'moodle/analytics:managemodels' => array(
2381         'riskbitmask' => RISK_CONFIG,
2382         'captype' => 'write',
2383         'contextlevel' => CONTEXT_SYSTEM,
2384         'archetypes' => array(
2385             'manager' => CAP_ALLOW
2386         ),
2387     ),
2388     'moodle/competency:templateview' => array(
2389         'captype' => 'read',
2390         'contextlevel' => CONTEXT_COURSECAT,
2391         'archetypes' => array(
2392             'manager' => CAP_ALLOW
2393         ),
2394     ),
2395     // User evidence.
2396     'moodle/competency:userevidencemanage' => array(
2397         'captype' => 'write',
2398         'contextlevel' => CONTEXT_USER,
2399         'archetypes' => array(
2400             'manager' => CAP_ALLOW
2401         ),
2402     ),
2403     'moodle/competency:userevidencemanageown' => array(
2404         'captype' => 'write',
2405         'contextlevel' => CONTEXT_USER,
2406         'archetypes' => array(
2407             'user' => CAP_ALLOW
2408         ),
2409     ),
2410     'moodle/competency:userevidenceview' => array(
2411         'captype' => 'read',
2412         'contextlevel' => CONTEXT_USER,
2413         'archetypes' => array(
2414             'manager' => CAP_ALLOW
2415         ),
2416     ),
2417     'moodle/site:maintenanceaccess' => array(
2418         'captype' => 'write',
2419         'contextlevel' => CONTEXT_SYSTEM,
2420         'archetypes' => array(
2421         )
2422     ),
2423     // Allow message any user, regardlesss of the privacy preferences for messaging.
2424     'moodle/site:messageanyuser' => array(
2425         'riskbitmask' => RISK_SPAM,
2426         'captype' => 'write',
2427         'contextlevel' => CONTEXT_SYSTEM,
2428         'archetypes' => array(
2429             'teacher' => CAP_ALLOW,
2430             'editingteacher' => CAP_ALLOW,
2431             'manager' => CAP_ALLOW
2432         )
2433     ),
2435     // Context locking/unlocking.
2436     'moodle/site:managecontextlocks' => [
2437         'captype' => 'write',
2438         'contextlevel' => CONTEXT_MODULE,
2439         'archetypes' => [
2440         ],
2441     ],
2442 );