MDL-66609 core_h5p: Add capability to deploy H5P content
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
67     'moodle/site:configview' => array(
68         'captype' => 'read',
69         'contextlevel' => CONTEXT_SYSTEM,
70         'archetypes' => array(
71             'manager' => CAP_ALLOW,
72             'coursecreator' => CAP_ALLOW,
73         )
74     ),
76     'moodle/site:readallmessages' => array(
78         'riskbitmask' => RISK_PERSONAL,
80         'captype' => 'read',
81         'contextlevel' => CONTEXT_SYSTEM,
82         'archetypes' => array(
83             'manager' => CAP_ALLOW,
84             'editingteacher' => CAP_ALLOW
85         )
86     ),
88     'moodle/site:manageallmessaging' => array(
90         'riskbitmask' => RISK_PERSONAL,
92         'captype' => 'write',
93         'contextlevel' => CONTEXT_SYSTEM,
94         'archetypes' => array(
95             'manager' => CAP_ALLOW
96         )
97     ),
99     'moodle/site:deleteanymessage' => array(
101         'riskbitmask' => RISK_DATALOSS,
103         'captype' => 'write',
104         'contextlevel' => CONTEXT_SYSTEM,
105         'archetypes' => array(
106             'manager' => CAP_ALLOW
107         )
108     ),
110     'moodle/site:sendmessage' => array(
112         'riskbitmask' => RISK_SPAM,
114         'captype' => 'write',
115         'contextlevel' => CONTEXT_SYSTEM,
116         'archetypes' => array(
117             'manager' => CAP_ALLOW,
118             'user' => CAP_ALLOW
119         )
120     ),
122     'moodle/site:deleteownmessage' => array(
124         'captype' => 'write',
125         'contextlevel' => CONTEXT_SYSTEM,
126         'archetypes' => array(
127             'user' => CAP_ALLOW
128         )
129     ),
131     'moodle/site:approvecourse' => array(
133         'riskbitmask' => RISK_XSS,
135         'captype' => 'write',
136         'contextlevel' => CONTEXT_COURSECAT,
137         'archetypes' => array(
138             'manager' => CAP_ALLOW
139         )
140     ),
142     'moodle/backup:backupcourse' => array(
144         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
146         'captype' => 'write',
147         'contextlevel' => CONTEXT_COURSE,
148         'archetypes' => array(
149             'editingteacher' => CAP_ALLOW,
150             'manager' => CAP_ALLOW
151         ),
153         'clonepermissionsfrom' =>  'moodle/site:backup'
154     ),
156     'moodle/backup:backupsection' => array(
158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
160         'captype' => 'write',
161         'contextlevel' => CONTEXT_COURSE,
162         'archetypes' => array(
163             'editingteacher' => CAP_ALLOW,
164             'manager' => CAP_ALLOW
165         ),
167         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
168     ),
170     'moodle/backup:backupactivity' => array(
172         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
174         'captype' => 'write',
175         'contextlevel' => CONTEXT_MODULE,
176         'archetypes' => array(
177             'editingteacher' => CAP_ALLOW,
178             'manager' => CAP_ALLOW
179         ),
181         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
182     ),
184     'moodle/backup:backuptargetimport' => array(
186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
188         'captype' => 'write',
189         'contextlevel' => CONTEXT_COURSE,
190         'archetypes' => array(
191             'editingteacher' => CAP_ALLOW,
192             'manager' => CAP_ALLOW
193         ),
195         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
196     ),
198     'moodle/backup:downloadfile' => array(
200         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
202         'captype' => 'write',
203         'contextlevel' => CONTEXT_COURSE,
204         'archetypes' => array(
205             'editingteacher' => CAP_ALLOW,
206             'manager' => CAP_ALLOW
207         ),
209         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
210     ),
212     'moodle/backup:configure' => array(
214         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
216         'captype' => 'write',
217         'contextlevel' => CONTEXT_COURSE,
218         'archetypes' => array(
219             'editingteacher' => CAP_ALLOW,
220             'manager' => CAP_ALLOW
221         )
222     ),
224     'moodle/backup:userinfo' => array(
226         'riskbitmask' => RISK_PERSONAL,
228         'captype' => 'read',
229         'contextlevel' => CONTEXT_COURSE,
230         'archetypes' => array(
231             'manager' => CAP_ALLOW
232         )
233     ),
235     'moodle/backup:anonymise' => array(
237         'riskbitmask' => RISK_PERSONAL,
239         'captype' => 'read',
240         'contextlevel' => CONTEXT_COURSE,
241         'archetypes' => array(
242             'manager' => CAP_ALLOW
243         )
244     ),
246     'moodle/restore:restorecourse' => array(
248         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
250         'captype' => 'write',
251         'contextlevel' => CONTEXT_COURSE,
252         'archetypes' => array(
253             'editingteacher' => CAP_ALLOW,
254             'manager' => CAP_ALLOW
255         ),
257         'clonepermissionsfrom' =>  'moodle/site:restore'
258     ),
260     'moodle/restore:restoresection' => array(
262         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
264         'captype' => 'write',
265         'contextlevel' => CONTEXT_COURSE,
266         'archetypes' => array(
267             'editingteacher' => CAP_ALLOW,
268             'manager' => CAP_ALLOW
269         ),
271         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
272     ),
274     'moodle/restore:restoreactivity' => array(
276         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
278         'captype' => 'write',
279         'contextlevel' => CONTEXT_COURSE,
280         'archetypes' => array(
281             'editingteacher' => CAP_ALLOW,
282             'manager' => CAP_ALLOW
283         ),
285         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
286     ),
288     'moodle/restore:viewautomatedfilearea' => array(
290         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
292         'captype' => 'write',
293         'contextlevel' => CONTEXT_COURSE,
294         'archetypes' => array(
295             'editingteacher' => CAP_ALLOW,
296             'manager' => CAP_ALLOW
297         ),
298     ),
300     'moodle/restore:restoretargetimport' => array(
302         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
304         'captype' => 'write',
305         'contextlevel' => CONTEXT_COURSE,
306         'archetypes' => array(
307             'editingteacher' => CAP_ALLOW,
308             'manager' => CAP_ALLOW
309         ),
311         'clonepermissionsfrom' =>  'moodle/site:import'
312     ),
314     'moodle/restore:uploadfile' => array(
316         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
318         'captype' => 'write',
319         'contextlevel' => CONTEXT_COURSE,
320         'archetypes' => array(
321             'editingteacher' => CAP_ALLOW,
322             'manager' => CAP_ALLOW
323         ),
325         'clonepermissionsfrom' =>  'moodle/site:backupupload'
326     ),
328     'moodle/restore:configure' => array(
330         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
332         'captype' => 'write',
333         'contextlevel' => CONTEXT_COURSE,
334         'archetypes' => array(
335             'editingteacher' => CAP_ALLOW,
336             'manager' => CAP_ALLOW
337         )
338     ),
340     'moodle/restore:rolldates' => array(
342         'captype' => 'write',
343         'contextlevel' => CONTEXT_COURSE,
344         'archetypes' => array(
345             'coursecreator' => CAP_ALLOW,
346             'manager' => CAP_ALLOW
347         )
348     ),
350     'moodle/restore:userinfo' => array(
352         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
354         'captype' => 'write',
355         'contextlevel' => CONTEXT_COURSE,
356         'archetypes' => array(
357             'manager' => CAP_ALLOW
358         )
359     ),
361     'moodle/restore:createuser' => array(
363         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
365         'captype' => 'write',
366         'contextlevel' => CONTEXT_SYSTEM,
367         'archetypes' => array(
368             'manager' => CAP_ALLOW
369         )
370     ),
372     'moodle/site:manageblocks' => array(
374         'riskbitmask' => RISK_SPAM | RISK_XSS,
376         'captype' => 'write',
377         'contextlevel' => CONTEXT_BLOCK,
378         'archetypes' => array(
379             'editingteacher' => CAP_ALLOW,
380             'manager' => CAP_ALLOW
381         )
382     ),
384     'moodle/site:accessallgroups' => array(
386         'captype' => 'read',
387         'contextlevel' => CONTEXT_MODULE,
388         'archetypes' => array(
389             'editingteacher' => CAP_ALLOW,
390             'manager' => CAP_ALLOW
391         )
392     ),
394     'moodle/site:viewfullnames' => array(
396         'captype' => 'read',
397         'contextlevel' => CONTEXT_MODULE,
398         'archetypes' => array(
399             'teacher' => CAP_ALLOW,
400             'editingteacher' => CAP_ALLOW,
401             'manager' => CAP_ALLOW
402         )
403     ),
405     // In reports that give lists of users, extra information about each user's
406     // identity (the fields configured in site option showuseridentity) will be
407     // displayed to users who have this capability.
408     'moodle/site:viewuseridentity' => array(
410         'captype' => 'read',
411         'contextlevel' => CONTEXT_MODULE,
412         'archetypes' => array(
413             'teacher' => CAP_ALLOW,
414             'editingteacher' => CAP_ALLOW,
415             'manager' => CAP_ALLOW
416         )
417     ),
419     'moodle/site:viewreports' => array(
421         'riskbitmask' => RISK_PERSONAL,
423         'captype' => 'read',
424         'contextlevel' => CONTEXT_COURSE,
425         'archetypes' => array(
426             'teacher' => CAP_ALLOW,
427             'editingteacher' => CAP_ALLOW,
428             'manager' => CAP_ALLOW
429         )
430     ),
432     'moodle/site:trustcontent' => array(
434         'riskbitmask' => RISK_XSS,
436         'captype' => 'write',
437         'contextlevel' => CONTEXT_MODULE,
438         'archetypes' => array(
439             'editingteacher' => CAP_ALLOW,
440             'manager' => CAP_ALLOW
441         )
442     ),
444     'moodle/site:uploadusers' => array(
446         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
448         'captype' => 'write',
449         'contextlevel' => CONTEXT_SYSTEM,
450         'archetypes' => array(
451             'manager' => CAP_ALLOW
452         )
453     ),
455     // Permission to manage filter setting overrides in subcontexts.
456     'moodle/filter:manage' => array(
458         'captype' => 'write',
459         'contextlevel' => CONTEXT_COURSE,
460         'archetypes' => array(
461             'editingteacher' => CAP_ALLOW,
462             'manager' => CAP_ALLOW,
463         )
464     ),
466     'moodle/user:create' => array(
468         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
470         'captype' => 'write',
471         'contextlevel' => CONTEXT_SYSTEM,
472         'archetypes' => array(
473             'manager' => CAP_ALLOW
474         )
475     ),
477     'moodle/user:delete' => array(
479         'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS,
481         'captype' => 'write',
482         'contextlevel' => CONTEXT_SYSTEM,
483         'archetypes' => array(
484             'manager' => CAP_ALLOW
485         )
486     ),
488     'moodle/user:update' => array(
490         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
492         'captype' => 'write',
493         'contextlevel' => CONTEXT_SYSTEM,
494         'archetypes' => array(
495             'manager' => CAP_ALLOW
496         )
497     ),
499     'moodle/user:viewdetails' => array(
501         'captype' => 'read',
502         'contextlevel' => CONTEXT_COURSE,
503         'archetypes' => array(
504             'guest' => CAP_ALLOW,
505             'student' => CAP_ALLOW,
506             'teacher' => CAP_ALLOW,
507             'editingteacher' => CAP_ALLOW,
508             'manager' => CAP_ALLOW
509         )
510     ),
512     'moodle/user:viewalldetails' => array(
513         'riskbitmask' => RISK_PERSONAL,
514         'captype' => 'read',
515         'contextlevel' => CONTEXT_USER,
516         'archetypes' => array(
517             'manager' => CAP_ALLOW
518         ),
519         'clonepermissionsfrom' => 'moodle/user:update'
520     ),
522     'moodle/user:viewlastip' => array(
523         'riskbitmask' => RISK_PERSONAL,
524         'captype' => 'read',
525         'contextlevel' => CONTEXT_USER,
526         'archetypes' => array(
527             'manager' => CAP_ALLOW
528         ),
529         'clonepermissionsfrom' => 'moodle/user:update'
530     ),
532     'moodle/user:viewhiddendetails' => array(
534         'riskbitmask' => RISK_PERSONAL,
536         'captype' => 'read',
537         'contextlevel' => CONTEXT_COURSE,
538         'archetypes' => array(
539             'teacher' => CAP_ALLOW,
540             'editingteacher' => CAP_ALLOW,
541             'manager' => CAP_ALLOW
542         )
543     ),
545     'moodle/user:loginas' => array(
547         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
549         'captype' => 'write',
550         'contextlevel' => CONTEXT_COURSE,
551         'archetypes' => array(
552             'manager' => CAP_ALLOW
553         )
554     ),
556     // can the user manage the system default profile page?
557     'moodle/user:managesyspages' => array(
559         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
561         'captype' => 'write',
562         'contextlevel' => CONTEXT_SYSTEM,
563         'archetypes' => array(
564             'manager' => CAP_ALLOW
565         )
566     ),
568     // can the user manage another user's profile page?
569     'moodle/user:manageblocks' => array(
571         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
573         'captype' => 'write',
574         'contextlevel' => CONTEXT_USER
575     ),
577     // can the user manage their own profile page?
578     'moodle/user:manageownblocks' => array(
580         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
582         'captype' => 'write',
583         'contextlevel' => CONTEXT_SYSTEM,
584         'archetypes' => array(
585             'user' => CAP_ALLOW
586         )
587     ),
589     // can the user manage their own files?
590     'moodle/user:manageownfiles' => array(
592         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
594         'captype' => 'write',
595         'contextlevel' => CONTEXT_SYSTEM,
596         'archetypes' => array(
597             'user' => CAP_ALLOW
598         )
599     ),
601     // Can the user ignore the setting userquota?
602     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
603     'moodle/user:ignoreuserquota' => array(
604         'riskbitmap' => RISK_SPAM,
605         'captype' => 'write',
606         'contextlevel' => CONTEXT_SYSTEM,
607         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
608     ),
610     // can the user manage the system default dashboard page?
611     'moodle/my:configsyspages' => array(
613         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
615         'captype' => 'write',
616         'contextlevel' => CONTEXT_SYSTEM,
617         'archetypes' => array(
618             'manager' => CAP_ALLOW
619         )
620     ),
622     'moodle/role:assign' => array(
624         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
626         'captype' => 'write',
627         'contextlevel' => CONTEXT_COURSE,
628         'archetypes' => array(
629             'editingteacher' => CAP_ALLOW,
630             'manager' => CAP_ALLOW
631         )
632     ),
634     'moodle/role:review' => array(
636         'riskbitmask' => RISK_PERSONAL,
638         'captype' => 'read',
639         'contextlevel' => CONTEXT_COURSE,
640         'archetypes' => array(
641             'teacher' => CAP_ALLOW,
642             'editingteacher' => CAP_ALLOW,
643             'manager' => CAP_ALLOW
644         )
645     ),
647     'moodle/role:override' => array(
649         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
651         'captype' => 'write',
652         'contextlevel' => CONTEXT_COURSE,
653         'archetypes' => array(
654             'manager' => CAP_ALLOW
655         )
656     ),
658     'moodle/role:safeoverride' => array(
660         'riskbitmask' => RISK_SPAM,
662         'captype' => 'write',
663         'contextlevel' => CONTEXT_COURSE,
664         'archetypes' => array(
665             'editingteacher' => CAP_ALLOW
666         )
667     ),
669     'moodle/role:manage' => array(
671         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
673         'captype' => 'write',
674         'contextlevel' => CONTEXT_SYSTEM,
675         'archetypes' => array(
676             'manager' => CAP_ALLOW
677         )
678     ),
680     'moodle/role:switchroles' => array(
682         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
684         'captype' => 'read',
685         'contextlevel' => CONTEXT_COURSE,
686         'archetypes' => array(
687             'editingteacher' => CAP_ALLOW,
688             'manager' => CAP_ALLOW
689         )
690     ),
692     // Create, update and delete course categories. (Deleting a course category
693     // does not let you delete the courses it contains, unless you also have
694     // moodle/course: delete.) Creating and deleting requires this permission in
695     // the parent category.
696     'moodle/category:manage' => array(
698         'riskbitmask' => RISK_XSS,
700         'captype' => 'write',
701         'contextlevel' => CONTEXT_COURSECAT,
702         'archetypes' => array(
703             'manager' => CAP_ALLOW
704         ),
705         'clonepermissionsfrom' => 'moodle/category:update'
706     ),
708     'moodle/category:viewcourselist' => array(
710         'captype' => 'read',
711         'contextlevel' => CONTEXT_COURSECAT,
712         'archetypes' => array(
713             'guest' => CAP_ALLOW,
714             'user' => CAP_ALLOW,
715         )
716     ),
718     'moodle/category:viewhiddencategories' => array(
720         'captype' => 'read',
721         'contextlevel' => CONTEXT_COURSECAT,
722         'archetypes' => array(
723             'coursecreator' => CAP_ALLOW,
724             'manager' => CAP_ALLOW
725         ),
726         'clonepermissionsfrom' => 'moodle/category:visibility'
727     ),
729     // create, delete, move cohorts in system and course categories,
730     // (cohorts with component !== null can be only moved)
731     'moodle/cohort:manage' => array(
733         'captype' => 'write',
734         'contextlevel' => CONTEXT_COURSECAT,
735         'archetypes' => array(
736             'manager' => CAP_ALLOW
737         )
738     ),
740     // add and remove cohort members (only for cohorts where component !== null)
741     'moodle/cohort:assign' => array(
743         'captype' => 'write',
744         'contextlevel' => CONTEXT_COURSECAT,
745         'archetypes' => array(
746             'manager' => CAP_ALLOW
747         )
748     ),
750     // View visible and hidden cohorts defined in the current context.
751     'moodle/cohort:view' => array(
753         'captype' => 'read',
754         'contextlevel' => CONTEXT_COURSE,
755         'archetypes' => array(
756             'editingteacher' => CAP_ALLOW,
757             'manager' => CAP_ALLOW
758         )
759     ),
761     'moodle/course:create' => array(
763         'riskbitmask' => RISK_XSS,
765         'captype' => 'write',
766         'contextlevel' => CONTEXT_COURSECAT,
767         'archetypes' => array(
768             'coursecreator' => CAP_ALLOW,
769             'manager' => CAP_ALLOW
770         )
771     ),
773     'moodle/course:creategroupconversations' => array(
774         'riskbitmask' => RISK_XSS,
775         'captype' => 'write',
776         'contextlevel' => CONTEXT_COURSE,
777         'archetypes' => array(
778             'editingteacher' => CAP_ALLOW,
779             'manager' => CAP_ALLOW
780         )
781     ),
783     'moodle/course:request' => array(
784         'captype' => 'write',
785         'contextlevel' => CONTEXT_COURSECAT,
786     ),
788     'moodle/course:delete' => array(
790         'riskbitmask' => RISK_DATALOSS,
792         'captype' => 'write',
793         'contextlevel' => CONTEXT_COURSE,
794         'archetypes' => array(
795             'manager' => CAP_ALLOW
796         )
797     ),
799     'moodle/course:update' => array(
801         'riskbitmask' => RISK_XSS,
803         'captype' => 'write',
804         'contextlevel' => CONTEXT_COURSE,
805         'archetypes' => array(
806             'editingteacher' => CAP_ALLOW,
807             'manager' => CAP_ALLOW
808         )
809     ),
811     'moodle/course:view' => array(
813         'captype' => 'read',
814         'contextlevel' => CONTEXT_COURSE,
815         'archetypes' => array(
816             'manager' => CAP_ALLOW,
817         )
818     ),
820     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
821     'moodle/course:enrolreview' => array(
823         'riskbitmask' => RISK_PERSONAL,
825         'captype' => 'read',
826         'contextlevel' => CONTEXT_COURSE,
827         'archetypes' => array(
828             'editingteacher' => CAP_ALLOW,
829             'manager' => CAP_ALLOW,
830         )
831     ),
833     /* add, remove, hide enrol instances in courses */
834     'moodle/course:enrolconfig' => array(
836         'riskbitmask' => RISK_PERSONAL,
838         'captype' => 'write',
839         'contextlevel' => CONTEXT_COURSE,
840         'archetypes' => array(
841             'editingteacher' => CAP_ALLOW,
842             'manager' => CAP_ALLOW,
843         )
844     ),
846     'moodle/course:reviewotherusers' => array(
848         'captype' => 'read',
849         'contextlevel' => CONTEXT_COURSE,
850         'archetypes' => array(
851             'editingteacher' => CAP_ALLOW,
852             'manager' => CAP_ALLOW,
853         ),
854         'clonepermissionsfrom' => 'moodle/role:assign'
855     ),
857     'moodle/course:bulkmessaging' => array(
859         'riskbitmask' => RISK_SPAM,
861         'captype' => 'write',
862         'contextlevel' => CONTEXT_COURSE,
863         'archetypes' => array(
864             'teacher' => CAP_ALLOW,
865             'editingteacher' => CAP_ALLOW,
866             'manager' => CAP_ALLOW
867         )
868     ),
870     'moodle/course:viewhiddenuserfields' => array(
872         'riskbitmask' => RISK_PERSONAL,
874         'captype' => 'read',
875         'contextlevel' => CONTEXT_COURSE,
876         'archetypes' => array(
877             'teacher' => CAP_ALLOW,
878             'editingteacher' => CAP_ALLOW,
879             'manager' => CAP_ALLOW
880         )
881     ),
883     'moodle/course:viewhiddencourses' => array(
885         'captype' => 'read',
886         'contextlevel' => CONTEXT_COURSE,
887         'archetypes' => array(
888             'coursecreator' => CAP_ALLOW,
889             'teacher' => CAP_ALLOW,
890             'editingteacher' => CAP_ALLOW,
891             'manager' => CAP_ALLOW
892         )
893     ),
895     'moodle/course:visibility' => array(
897         'captype' => 'write',
898         'contextlevel' => CONTEXT_COURSE,
899         'archetypes' => array(
900             'editingteacher' => CAP_ALLOW,
901             'manager' => CAP_ALLOW
902         )
903     ),
905     'moodle/course:managefiles' => array(
907         'riskbitmask' => RISK_XSS,
909         'captype' => 'write',
910         'contextlevel' => CONTEXT_COURSE,
911         'archetypes' => array(
912             'editingteacher' => CAP_ALLOW,
913             'manager' => CAP_ALLOW
914         )
915     ),
917     'moodle/course:ignoreavailabilityrestrictions' => array(
918         'captype' => 'read',
919         'contextlevel' => CONTEXT_MODULE,
920         'archetypes' => array(
921             'manager' => CAP_ALLOW,
922             'coursecreator' => CAP_ALLOW,
923             'editingteacher' => CAP_ALLOW,
924             'teacher' => CAP_ALLOW,
925         ),
926         'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities'
927     ),
929     'moodle/course:ignorefilesizelimits' => array(
931         'captype' => 'write',
932         'contextlevel' => CONTEXT_COURSE,
933         'archetypes' => array(
934         )
935     ),
937     'moodle/course:manageactivities' => array(
939         'riskbitmask' => RISK_XSS,
941         'captype' => 'write',
942         'contextlevel' => CONTEXT_MODULE,
943         'archetypes' => array(
944             'editingteacher' => CAP_ALLOW,
945             'manager' => CAP_ALLOW
946         )
947     ),
949     'moodle/course:activityvisibility' => array(
951         'captype' => 'write',
952         'contextlevel' => CONTEXT_MODULE,
953         'archetypes' => array(
954             'editingteacher' => CAP_ALLOW,
955             'manager' => CAP_ALLOW
956         )
957     ),
959     'moodle/course:viewhiddenactivities' => array(
961         'captype' => 'write',
962         'contextlevel' => CONTEXT_MODULE,
963         'archetypes' => array(
964             'teacher' => CAP_ALLOW,
965             'editingteacher' => CAP_ALLOW,
966             'manager' => CAP_ALLOW
967         )
968     ),
970     'moodle/course:viewparticipants' => array(
972         'captype' => 'read',
973         'contextlevel' => CONTEXT_COURSE,
974         'archetypes' => array(
975             'student' => CAP_ALLOW,
976             'teacher' => CAP_ALLOW,
977             'editingteacher' => CAP_ALLOW,
978             'manager' => CAP_ALLOW
979         )
980     ),
982     'moodle/course:changefullname' => array(
984         'riskbitmask' => RISK_XSS,
986         'captype' => 'write',
987         'contextlevel' => CONTEXT_COURSE,
988         'archetypes' => array(
989             'editingteacher' => CAP_ALLOW,
990             'manager' => CAP_ALLOW
991         ),
992         'clonepermissionsfrom' => 'moodle/course:update'
993     ),
995     'moodle/course:changeshortname' => array(
997         'riskbitmask' => RISK_XSS,
999         'captype' => 'write',
1000         'contextlevel' => CONTEXT_COURSE,
1001         'archetypes' => array(
1002             'editingteacher' => CAP_ALLOW,
1003             'manager' => CAP_ALLOW
1004         ),
1005         'clonepermissionsfrom' => 'moodle/course:update'
1006     ),
1008     'moodle/course:changelockedcustomfields' => array(
1010         'riskbitmask' => RISK_SPAM,
1012         'captype' => 'write',
1013         'contextlevel' => CONTEXT_COURSE,
1014         'archetypes' => array(
1015             'manager' => CAP_ALLOW
1016         ),
1017     ),
1019     'moodle/course:configurecustomfields' => array(
1021         'riskbitmask' => RISK_SPAM,
1023         'captype' => 'write',
1024         'contextlevel' => CONTEXT_SYSTEM,
1025         'clonepermissionsfrom' => 'moodle/site:config'
1026     ),
1028     'moodle/course:renameroles' => array(
1029         'captype' => 'write',
1030         'contextlevel' => CONTEXT_COURSE,
1031         'archetypes' => array(
1032             'editingteacher' => CAP_ALLOW,
1033             'manager' => CAP_ALLOW
1034         ),
1035         'clonepermissionsfrom' => 'moodle/course:update'
1036     ),
1038     'moodle/course:changeidnumber' => array(
1040         'riskbitmask' => RISK_XSS,
1042         'captype' => 'write',
1043         'contextlevel' => CONTEXT_COURSE,
1044         'archetypes' => array(
1045             'editingteacher' => CAP_ALLOW,
1046             'manager' => CAP_ALLOW
1047         ),
1048         'clonepermissionsfrom' => 'moodle/course:update'
1049     ),
1050     'moodle/course:changecategory' => array(
1051         'riskbitmask' => RISK_XSS,
1053         'captype' => 'write',
1054         'contextlevel' => CONTEXT_COURSE,
1055         'archetypes' => array(
1056             'editingteacher' => CAP_ALLOW,
1057             'manager' => CAP_ALLOW
1058         ),
1059         'clonepermissionsfrom' => 'moodle/course:update'
1060     ),
1062     'moodle/course:changesummary' => array(
1063         'riskbitmask' => RISK_XSS,
1065         'captype' => 'write',
1066         'contextlevel' => CONTEXT_COURSE,
1067         'archetypes' => array(
1068             'editingteacher' => CAP_ALLOW,
1069             'manager' => CAP_ALLOW
1070         ),
1071         'clonepermissionsfrom' => 'moodle/course:update'
1072     ),
1074     'moodle/course:setforcedlanguage' => array(
1075         'captype' => 'write',
1076         'contextlevel' => CONTEXT_COURSE,
1077         'archetypes' => array(
1078             'editingteacher' => CAP_ALLOW,
1079             'manager' => CAP_ALLOW
1080         ),
1081         'clonepermissionsfrom' => 'moodle/course:update'
1082     ),
1085     'moodle/site:viewparticipants' => array(
1087         'captype' => 'read',
1088         'contextlevel' => CONTEXT_SYSTEM,
1089         'archetypes' => array(
1090             'manager' => CAP_ALLOW
1091         )
1092     ),
1094     'moodle/course:isincompletionreports' => array(
1095         'captype' => 'read',
1096         'contextlevel' => CONTEXT_COURSE,
1097         'archetypes' => array(
1098             'student' => CAP_ALLOW,
1099         ),
1100     ),
1102     'moodle/course:viewscales' => array(
1104         'captype' => 'read',
1105         'contextlevel' => CONTEXT_COURSE,
1106         'archetypes' => array(
1107             'student' => CAP_ALLOW,
1108             'teacher' => CAP_ALLOW,
1109             'editingteacher' => CAP_ALLOW,
1110             'manager' => CAP_ALLOW
1111         )
1112     ),
1114     'moodle/course:managescales' => array(
1116         'captype' => 'write',
1117         'contextlevel' => CONTEXT_COURSE,
1118         'archetypes' => array(
1119             'editingteacher' => CAP_ALLOW,
1120             'manager' => CAP_ALLOW
1121         )
1122     ),
1124     'moodle/course:managegroups' => array(
1125         'riskbitmask' => RISK_XSS,
1127         'captype' => 'write',
1128         'contextlevel' => CONTEXT_COURSE,
1129         'archetypes' => array(
1130             'editingteacher' => CAP_ALLOW,
1131             'manager' => CAP_ALLOW
1132         )
1133     ),
1135     'moodle/course:reset' => array(
1137         'riskbitmask' => RISK_DATALOSS,
1139         'captype' => 'write',
1140         'contextlevel' => CONTEXT_COURSE,
1141         'archetypes' => array(
1142             'editingteacher' => CAP_ALLOW,
1143             'manager' => CAP_ALLOW
1144         )
1145     ),
1147     'moodle/course:viewsuspendedusers' => array(
1149         'captype' => 'read',
1150         'contextlevel' => CONTEXT_SYSTEM,
1151         'archetypes' => array(
1152             'editingteacher' => CAP_ALLOW,
1153             'manager' => CAP_ALLOW
1154         )
1155     ),
1157     'moodle/course:tag' => array(
1158         'riskbitmask' => RISK_SPAM,
1159         'captype' => 'write',
1160         'contextlevel' => CONTEXT_COURSE,
1161         'archetypes' => array(
1162             'manager' => CAP_ALLOW,
1163             'editingteacher' => CAP_ALLOW,
1164         ),
1165         'clonepermissionsfrom' => 'moodle/course:update'
1166     ),
1168     'moodle/blog:view' => array(
1170         'captype' => 'read',
1171         'contextlevel' => CONTEXT_SYSTEM,
1172         'archetypes' => array(
1173             'guest' => CAP_ALLOW,
1174             'user' => CAP_ALLOW,
1175             'student' => CAP_ALLOW,
1176             'teacher' => CAP_ALLOW,
1177             'editingteacher' => CAP_ALLOW,
1178             'manager' => CAP_ALLOW
1179         )
1180     ),
1182     'moodle/blog:search' => array(
1183         'captype' => 'read',
1184         'contextlevel' => CONTEXT_SYSTEM,
1185         'archetypes' => array(
1186             'guest' => CAP_ALLOW,
1187             'user' => CAP_ALLOW,
1188             'student' => CAP_ALLOW,
1189             'teacher' => CAP_ALLOW,
1190             'editingteacher' => CAP_ALLOW,
1191             'manager' => CAP_ALLOW
1192         )
1193     ),
1195     'moodle/blog:viewdrafts' => array(
1197         'riskbitmask' => RISK_PERSONAL,
1198         'captype' => 'read',
1199         'contextlevel' => CONTEXT_SYSTEM,
1200         'archetypes' => array(
1201             'manager' => CAP_ALLOW
1202         )
1203     ),
1205     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1207         'riskbitmask' => RISK_SPAM,
1209         'captype' => 'write',
1210         'contextlevel' => CONTEXT_SYSTEM,
1211         'archetypes' => array(
1212             'user' => CAP_ALLOW,
1213             'manager' => CAP_ALLOW
1214         )
1215     ),
1217     'moodle/blog:manageentries' => array(
1219         'riskbitmask' => RISK_SPAM,
1221         'captype' => 'write',
1222         'contextlevel' => CONTEXT_SYSTEM,
1223         'archetypes' => array(
1224             'teacher' => CAP_ALLOW,
1225             'editingteacher' => CAP_ALLOW,
1226             'manager' => CAP_ALLOW
1227         )
1228     ),
1230     'moodle/blog:manageexternal' => array(
1232         'riskbitmask' => RISK_SPAM,
1234         'captype' => 'write',
1235         'contextlevel' => CONTEXT_SYSTEM,
1236         'archetypes' => array(
1237             'student' => CAP_ALLOW,
1238             'user' => CAP_ALLOW,
1239             'teacher' => CAP_ALLOW,
1240             'editingteacher' => CAP_ALLOW,
1241             'manager' => CAP_ALLOW
1242         )
1243     ),
1245     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1247         'riskbitmask' => RISK_SPAM,
1249         'captype' => 'write',
1250         'contextlevel' => CONTEXT_COURSE,
1251         'archetypes' => array(
1252             'user' => CAP_ALLOW,
1253             'manager' => CAP_ALLOW
1254         )
1255     ),
1257     'moodle/calendar:managegroupentries' => array(
1259         'riskbitmask' => RISK_SPAM,
1261         'captype' => 'write',
1262         'contextlevel' => CONTEXT_COURSE,
1263         'archetypes' => array(
1264             'teacher' => CAP_ALLOW,
1265             'editingteacher' => CAP_ALLOW,
1266             'manager' => CAP_ALLOW
1267         )
1268     ),
1270     'moodle/calendar:manageentries' => array(
1272         'riskbitmask' => RISK_SPAM,
1274         'captype' => 'write',
1275         'contextlevel' => CONTEXT_COURSE,
1276         'archetypes' => array(
1277             'teacher' => CAP_ALLOW,
1278             'editingteacher' => CAP_ALLOW,
1279             'manager' => CAP_ALLOW
1280         )
1281     ),
1283     'moodle/user:editprofile' => array(
1285         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1287         'captype' => 'write',
1288         'contextlevel' => CONTEXT_USER,
1289         'archetypes' => array(
1290             'manager' => CAP_ALLOW
1291         )
1292     ),
1294     'moodle/user:editownprofile' => array(
1296         'riskbitmask' => RISK_SPAM,
1298         'captype' => 'write',
1299         'contextlevel' => CONTEXT_SYSTEM,
1300         'archetypes' => array(
1301             'guest' => CAP_PROHIBIT,
1302             'user' => CAP_ALLOW,
1303             'manager' => CAP_ALLOW
1304         )
1305     ),
1307     'moodle/user:changeownpassword' => array(
1309         'captype' => 'write',
1310         'contextlevel' => CONTEXT_SYSTEM,
1311         'archetypes' => array(
1312             'guest' => CAP_PROHIBIT,
1313             'user' => CAP_ALLOW,
1314             'manager' => CAP_ALLOW
1315         )
1316     ),
1318     // The next 3 might make no sense for some roles, e.g teacher, etc.
1319     // since the next level up is site. These are more for the parent role
1320     'moodle/user:readuserposts' => array(
1322         'captype' => 'read',
1323         'contextlevel' => CONTEXT_USER,
1324         'archetypes' => array(
1325             'student' => CAP_ALLOW,
1326             'teacher' => CAP_ALLOW,
1327             'editingteacher' => CAP_ALLOW,
1328             'manager' => CAP_ALLOW
1329         )
1330     ),
1332     'moodle/user:readuserblogs' => array(
1334         'captype' => 'read',
1335         'contextlevel' => CONTEXT_USER,
1336         'archetypes' => array(
1337             'student' => CAP_ALLOW,
1338             'teacher' => CAP_ALLOW,
1339             'editingteacher' => CAP_ALLOW,
1340             'manager' => CAP_ALLOW
1341         )
1342     ),
1344     // designed for parent role - not used in legacy roles
1345     'moodle/user:viewuseractivitiesreport' => array(
1346         'riskbitmask' => RISK_PERSONAL,
1348         'captype' => 'read',
1349         'contextlevel' => CONTEXT_USER,
1350         'archetypes' => array(
1351         )
1352     ),
1354     //capabilities designed for the new message system configuration
1355     'moodle/user:editmessageprofile' => array(
1357          'riskbitmask' => RISK_SPAM,
1359          'captype' => 'write',
1360          'contextlevel' => CONTEXT_USER,
1361          'archetypes' => array(
1362              'manager' => CAP_ALLOW
1363          )
1364      ),
1366      'moodle/user:editownmessageprofile' => array(
1368          'captype' => 'write',
1369          'contextlevel' => CONTEXT_SYSTEM,
1370          'archetypes' => array(
1371              'guest' => CAP_PROHIBIT,
1372              'user' => CAP_ALLOW,
1373              'manager' => CAP_ALLOW
1374          )
1375      ),
1377     'moodle/question:managecategory' => array(
1378         'riskbitmask' => RISK_SPAM | RISK_XSS,
1379         'captype' => 'write',
1380         'contextlevel' => CONTEXT_COURSE,
1381         'archetypes' => array(
1382             'editingteacher' => CAP_ALLOW,
1383             'manager' => CAP_ALLOW
1384         )
1385     ),
1387     //new in moodle 1.9
1388     'moodle/question:add' => array(
1389         'riskbitmask' => RISK_SPAM | RISK_XSS,
1390         'captype' => 'write',
1391         'contextlevel' => CONTEXT_COURSE,
1392         'archetypes' => array(
1393             'editingteacher' => CAP_ALLOW,
1394             'manager' => CAP_ALLOW
1395         ),
1396         'clonepermissionsfrom' =>  'moodle/question:manage'
1397     ),
1398     'moodle/question:editmine' => array(
1399         'riskbitmask' => RISK_SPAM | RISK_XSS,
1400         'captype' => 'write',
1401         'contextlevel' => CONTEXT_COURSE,
1402         'archetypes' => array(
1403             'editingteacher' => CAP_ALLOW,
1404             'manager' => CAP_ALLOW
1405         ),
1406         'clonepermissionsfrom' =>  'moodle/question:manage'
1407     ),
1408     'moodle/question:editall' => array(
1409         'riskbitmask' => RISK_SPAM | RISK_XSS,
1410         'captype' => 'write',
1411         'contextlevel' => CONTEXT_COURSE,
1412         'archetypes' => array(
1413             'editingteacher' => CAP_ALLOW,
1414             'manager' => CAP_ALLOW
1415         ),
1416         'clonepermissionsfrom' =>  'moodle/question:manage'
1417     ),
1418     'moodle/question:viewmine' => array(
1419         'captype' => 'read',
1420         'contextlevel' => CONTEXT_COURSE,
1421         'archetypes' => array(
1422             'editingteacher' => CAP_ALLOW,
1423             'manager' => CAP_ALLOW
1424         ),
1425         'clonepermissionsfrom' =>  'moodle/question:manage'
1426     ),
1427     'moodle/question:viewall' => array(
1428         'captype' => 'read',
1429         'contextlevel' => CONTEXT_COURSE,
1430         'archetypes' => array(
1431             'editingteacher' => CAP_ALLOW,
1432             'manager' => CAP_ALLOW
1433         ),
1434         'clonepermissionsfrom' =>  'moodle/question:manage'
1435     ),
1436     'moodle/question:usemine' => array(
1437         'captype' => 'read',
1438         'contextlevel' => CONTEXT_COURSE,
1439         'archetypes' => array(
1440             'editingteacher' => CAP_ALLOW,
1441             'manager' => CAP_ALLOW
1442         ),
1443         'clonepermissionsfrom' =>  'moodle/question:manage'
1444     ),
1445     'moodle/question:useall' => array(
1446         'captype' => 'read',
1447         'contextlevel' => CONTEXT_COURSE,
1448         'archetypes' => array(
1449             'editingteacher' => CAP_ALLOW,
1450             'manager' => CAP_ALLOW
1451         ),
1452         'clonepermissionsfrom' =>  'moodle/question:manage'
1453     ),
1454     'moodle/question:movemine' => array(
1455         'captype' => 'write',
1456         'contextlevel' => CONTEXT_COURSE,
1457         'archetypes' => array(
1458             'editingteacher' => CAP_ALLOW,
1459             'manager' => CAP_ALLOW
1460         ),
1461         'clonepermissionsfrom' =>  'moodle/question:manage'
1462     ),
1463     'moodle/question:moveall' => array(
1464         'captype' => 'write',
1465         'contextlevel' => CONTEXT_COURSE,
1466         'archetypes' => array(
1467             'editingteacher' => CAP_ALLOW,
1468             'manager' => CAP_ALLOW
1469         ),
1470         'clonepermissionsfrom' =>  'moodle/question:manage'
1471     ),
1472     //END new in moodle 1.9
1474     // Configure the installed question types.
1475     'moodle/question:config' => array(
1476         'riskbitmask' => RISK_CONFIG,
1477         'captype' => 'write',
1478         'contextlevel' => CONTEXT_SYSTEM,
1479         'archetypes' => array(
1480             'manager' => CAP_ALLOW
1481         )
1482     ),
1484     // While attempting questions, the ability to flag particular questions for later reference.
1485     'moodle/question:flag' => array(
1486         'captype' => 'write',
1487         'contextlevel' => CONTEXT_COURSE,
1488         'archetypes' => array(
1489             'student' => CAP_ALLOW,
1490             'teacher' => CAP_ALLOW,
1491             'editingteacher' => CAP_ALLOW,
1492             'manager' => CAP_ALLOW
1493         )
1494     ),
1496     // Controls whether the user can tag his own questions.
1497     'moodle/question:tagmine' => array(
1498         'captype' => 'write',
1499         'contextlevel' => CONTEXT_COURSE,
1500         'archetypes' => array(
1501             'editingteacher' => CAP_ALLOW,
1502             'manager' => CAP_ALLOW
1503         ),
1504         'clonepermissionsfrom' => 'moodle/question:editmine'
1505     ),
1507     // Controls whether the user can tag all questions.
1508     'moodle/question:tagall' => array(
1509         'captype' => 'write',
1510         'contextlevel' => CONTEXT_COURSE,
1511         'archetypes' => array(
1512             'editingteacher' => CAP_ALLOW,
1513             'manager' => CAP_ALLOW
1514         ),
1515         'clonepermissionsfrom' => 'moodle/question:editall'
1516     ),
1518     'moodle/site:doclinks' => array(
1519         'captype' => 'read',
1520         'contextlevel' => CONTEXT_SYSTEM,
1521         'archetypes' => array(
1522             'teacher' => CAP_ALLOW,
1523             'editingteacher' => CAP_ALLOW,
1524             'manager' => CAP_ALLOW
1525         )
1526     ),
1528     'moodle/course:sectionvisibility' => array(
1530         'captype' => 'write',
1531         'contextlevel' => CONTEXT_COURSE,
1532         'archetypes' => array(
1533             'editingteacher' => CAP_ALLOW,
1534             'manager' => CAP_ALLOW
1535         )
1536     ),
1538     'moodle/course:useremail' => array(
1540         'captype' => 'write',
1541         'contextlevel' => CONTEXT_COURSE,
1542         'archetypes' => array(
1543             'editingteacher' => CAP_ALLOW,
1544             'manager' => CAP_ALLOW
1545         )
1546     ),
1548     'moodle/course:viewhiddensections' => array(
1550         'captype' => 'write',
1551         'contextlevel' => CONTEXT_COURSE,
1552         'archetypes' => array(
1553             'editingteacher' => CAP_ALLOW,
1554             'manager' => CAP_ALLOW
1555         )
1556     ),
1558     'moodle/course:setcurrentsection' => array(
1560         'captype' => 'write',
1561         'contextlevel' => CONTEXT_COURSE,
1562         'archetypes' => array(
1563             'editingteacher' => CAP_ALLOW,
1564             'manager' => CAP_ALLOW
1565         )
1566     ),
1568     'moodle/course:movesections' => array(
1570         'captype' => 'write',
1571         'contextlevel' => CONTEXT_COURSE,
1572         'archetypes' => array(
1573             'editingteacher' => CAP_ALLOW,
1574             'manager' => CAP_ALLOW
1575         ),
1576         'clonepermissionsfrom' => 'moodle/course:update'
1577     ),
1579     'moodle/site:mnetlogintoremote' => array(
1581         'captype' => 'read',
1582         'contextlevel' => CONTEXT_SYSTEM,
1583         'archetypes' => array(
1584         )
1585     ),
1587     'moodle/grade:viewall' => array(
1588         'riskbitmask' => RISK_PERSONAL,
1589         'captype' => 'read',
1590         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1591         'archetypes' => array(
1592             'teacher' => CAP_ALLOW,
1593             'editingteacher' => CAP_ALLOW,
1594             'manager' => CAP_ALLOW
1595         ),
1596         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1597     ),
1599     'moodle/grade:view' => array(
1600         'captype' => 'read',
1601         'contextlevel' => CONTEXT_COURSE,
1602         'archetypes' => array(
1603             'student' => CAP_ALLOW
1604         )
1605     ),
1607     'moodle/grade:viewhidden' => array(
1608         'riskbitmask' => RISK_PERSONAL,
1609         'captype' => 'read',
1610         'contextlevel' => CONTEXT_COURSE,
1611         'archetypes' => array(
1612             'teacher' => CAP_ALLOW,
1613             'editingteacher' => CAP_ALLOW,
1614             'manager' => CAP_ALLOW
1615         ),
1616         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1617     ),
1619     'moodle/grade:import' => array(
1620         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1621         'captype' => 'write',
1622         'contextlevel' => CONTEXT_COURSE,
1623         'archetypes' => array(
1624             'editingteacher' => CAP_ALLOW,
1625             'manager' => CAP_ALLOW
1626         ),
1627         'clonepermissionsfrom' => 'moodle/course:managegrades'
1628     ),
1630     'moodle/grade:export' => array(
1631         'riskbitmask' => RISK_PERSONAL,
1632         'captype' => 'read',
1633         'contextlevel' => CONTEXT_COURSE,
1634         'archetypes' => array(
1635             'teacher' => CAP_ALLOW,
1636             'editingteacher' => CAP_ALLOW,
1637             'manager' => CAP_ALLOW
1638         ),
1639         'clonepermissionsfrom' => 'moodle/course:managegrades'
1640     ),
1642     'moodle/grade:manage' => array(
1643         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1644         'captype' => 'write',
1645         'contextlevel' => CONTEXT_COURSE,
1646         'archetypes' => array(
1647             'editingteacher' => CAP_ALLOW,
1648             'manager' => CAP_ALLOW
1649         ),
1650         'clonepermissionsfrom' => 'moodle/course:managegrades'
1651     ),
1653     'moodle/grade:edit' => array(
1654         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1655         'captype' => 'write',
1656         'contextlevel' => CONTEXT_COURSE,
1657         'archetypes' => array(
1658             'editingteacher' => CAP_ALLOW,
1659             'manager' => CAP_ALLOW
1660         ),
1661         'clonepermissionsfrom' => 'moodle/course:managegrades'
1662     ),
1664     // ability to define advanced grading forms in activities either from scratch
1665     // or from a shared template
1666     'moodle/grade:managegradingforms' => array(
1667         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1668         'captype' => 'write',
1669         'contextlevel' => CONTEXT_COURSE,
1670         'archetypes' => array(
1671             'editingteacher' => CAP_ALLOW,
1672             'manager' => CAP_ALLOW
1673         ),
1674         'clonepermissionsfrom' => 'moodle/course:managegrades'
1675     ),
1677     // ability to save a grading form as a new shared template and eventually edit
1678     // and remove own templates (templates originally shared by that user)
1679     'moodle/grade:sharegradingforms' => array(
1680         'riskbitmask' => RISK_XSS,
1681         'captype' => 'write',
1682         'contextlevel' => CONTEXT_SYSTEM,
1683         'archetypes' => array(
1684             'manager' => CAP_ALLOW
1685         ),
1686     ),
1688     // ability to edit and remove any shared template, even those originally shared
1689     // by other users
1690     'moodle/grade:managesharedforms' => array(
1691         'riskbitmask' => RISK_XSS,
1692         'captype' => 'write',
1693         'contextlevel' => CONTEXT_SYSTEM,
1694         'archetypes' => array(
1695             'manager' => CAP_ALLOW
1696         ),
1697     ),
1699     'moodle/grade:manageoutcomes' => array(
1700         'captype' => 'write',
1701         'contextlevel' => CONTEXT_COURSE,
1702         'archetypes' => array(
1703             'editingteacher' => CAP_ALLOW,
1704             'manager' => CAP_ALLOW
1705         ),
1706         'clonepermissionsfrom' => 'moodle/course:managegrades'
1707     ),
1709     'moodle/grade:manageletters' => array(
1710         'captype' => 'write',
1711         'contextlevel' => CONTEXT_COURSE,
1712         'archetypes' => array(
1713             'editingteacher' => CAP_ALLOW,
1714             'manager' => CAP_ALLOW
1715         ),
1716         'clonepermissionsfrom' => 'moodle/course:managegrades'
1717     ),
1719     'moodle/grade:hide' => array(
1720         'captype' => 'write',
1721         'contextlevel' => CONTEXT_COURSE,
1722         'archetypes' => array(
1723             'editingteacher' => CAP_ALLOW,
1724             'manager' => CAP_ALLOW
1725         )
1726     ),
1728     'moodle/grade:lock' => array(
1729         'captype' => 'write',
1730         'contextlevel' => CONTEXT_COURSE,
1731         'archetypes' => array(
1732             'editingteacher' => CAP_ALLOW,
1733             'manager' => CAP_ALLOW
1734         )
1735     ),
1737     'moodle/grade:unlock' => array(
1738         'captype' => 'write',
1739         'contextlevel' => CONTEXT_COURSE,
1740         'archetypes' => array(
1741             'editingteacher' => CAP_ALLOW,
1742             'manager' => CAP_ALLOW
1743         )
1744     ),
1746     'moodle/my:manageblocks' => array(
1747         'captype' => 'write',
1748         'contextlevel' => CONTEXT_SYSTEM,
1749         'archetypes' => array(
1750             'user' => CAP_ALLOW
1751         )
1752     ),
1754     'moodle/notes:view' => array(
1755         'captype' => 'read',
1756         'contextlevel' => CONTEXT_COURSE,
1757         'archetypes' => array(
1758             'teacher' => CAP_ALLOW,
1759             'editingteacher' => CAP_ALLOW,
1760             'manager' => CAP_ALLOW
1761         )
1762     ),
1764     'moodle/notes:manage' => array(
1765         'riskbitmask' => RISK_SPAM,
1767         'captype' => 'write',
1768         'contextlevel' => CONTEXT_COURSE,
1769         'archetypes' => array(
1770             'teacher' => CAP_ALLOW,
1771             'editingteacher' => CAP_ALLOW,
1772             'manager' => CAP_ALLOW
1773         )
1774     ),
1776     'moodle/tag:manage' => array(
1777         'riskbitmask' => RISK_SPAM,
1779         'captype' => 'write',
1780         'contextlevel' => CONTEXT_SYSTEM,
1781         'archetypes' => array(
1782             'manager' => CAP_ALLOW
1783         )
1784     ),
1786     'moodle/tag:edit' => array(
1787         'riskbitmask' => RISK_SPAM,
1789         'captype' => 'write',
1790         'contextlevel' => CONTEXT_SYSTEM,
1791         'archetypes' => array(
1792             'manager' => CAP_ALLOW
1793         )
1794     ),
1796     'moodle/tag:flag' => array(
1797         'riskbitmask' => RISK_SPAM,
1799         'captype' => 'write',
1800         'contextlevel' => CONTEXT_SYSTEM,
1801         'archetypes' => array(
1802             'user' => CAP_ALLOW
1803         )
1804     ),
1806     'moodle/tag:editblocks' => array(
1807         'captype' => 'write',
1808         'contextlevel' => CONTEXT_SYSTEM,
1809         'archetypes' => array(
1810             'teacher' => CAP_ALLOW,
1811             'editingteacher' => CAP_ALLOW,
1812             'manager' => CAP_ALLOW
1813         )
1814     ),
1816     'moodle/block:view' => array(
1817         'captype' => 'read',
1818         'contextlevel' => CONTEXT_BLOCK,
1819         'archetypes' => array(
1820             'guest' => CAP_ALLOW,
1821             'user' => CAP_ALLOW,
1822             'student' => CAP_ALLOW,
1823             'teacher' => CAP_ALLOW,
1824             'editingteacher' => CAP_ALLOW,
1825         )
1826     ),
1828     'moodle/block:edit' => array(
1829         'riskbitmask' => RISK_SPAM | RISK_XSS,
1831         'captype' => 'write',
1832         'contextlevel' => CONTEXT_BLOCK,
1833         'archetypes' => array(
1834             'editingteacher' => CAP_ALLOW,
1835             'manager' => CAP_ALLOW
1836         )
1837     ),
1839     'moodle/portfolio:export' => array(
1840         'captype' => 'read',
1841         'contextlevel' => CONTEXT_SYSTEM,
1842         'archetypes' => array(
1843             'user' => CAP_ALLOW,
1844             'student' => CAP_ALLOW,
1845             'teacher' => CAP_ALLOW,
1846             'editingteacher' => CAP_ALLOW,
1847         )
1848     ),
1849     'moodle/comment:view' => array(
1850         'captype' => 'read',
1851         'contextlevel' => CONTEXT_COURSE,
1852         'archetypes' => array(
1853             'frontpage' => CAP_ALLOW,
1854             'guest' => CAP_ALLOW,
1855             'user' => CAP_ALLOW,
1856             'student' => CAP_ALLOW,
1857             'teacher' => CAP_ALLOW,
1858             'editingteacher' => CAP_ALLOW,
1859             'manager' => CAP_ALLOW
1860         )
1861     ),
1862     'moodle/comment:post' => array(
1864         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1865         'captype' => 'write',
1866         'contextlevel' => CONTEXT_COURSE,
1867         'archetypes' => array(
1868             'user' => CAP_ALLOW,
1869             'student' => CAP_ALLOW,
1870             'teacher' => CAP_ALLOW,
1871             'editingteacher' => CAP_ALLOW,
1872             'manager' => CAP_ALLOW
1873         )
1874     ),
1875     'moodle/comment:delete' => array(
1877         'riskbitmask' => RISK_DATALOSS,
1878         'captype' => 'write',
1879         'contextlevel' => CONTEXT_COURSE,
1880         'archetypes' => array(
1881             'editingteacher' => CAP_ALLOW,
1882             'manager' => CAP_ALLOW
1883         )
1884     ),
1885     'moodle/webservice:createtoken' => array(
1887         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1888         'captype' => 'write',
1889         'contextlevel' => CONTEXT_SYSTEM,
1890         'archetypes' => array(
1891             'manager' => CAP_ALLOW
1892         )
1893     ),
1894     'moodle/webservice:managealltokens' => array(
1896         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL,
1897         'captype' => 'write',
1898         'contextlevel' => CONTEXT_SYSTEM,
1899         'archetypes' => array()
1900     ),
1901     'moodle/webservice:createmobiletoken' => array(
1903         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1904         'captype' => 'write',
1905         'contextlevel' => CONTEXT_SYSTEM,
1906         'archetypes' => array(
1907             'user' => CAP_ALLOW
1908         )
1909     ),
1910     'moodle/rating:view' => array(
1912         'captype' => 'read',
1913         'contextlevel' => CONTEXT_COURSE,
1914         'archetypes' => array(
1915             'user' => CAP_ALLOW,
1916             'student' => CAP_ALLOW,
1917             'teacher' => CAP_ALLOW,
1918             'editingteacher' => CAP_ALLOW,
1919             'manager' => CAP_ALLOW
1920         )
1921     ),
1922     'moodle/rating:viewany' => array(
1924         'riskbitmask' => RISK_PERSONAL,
1925         'captype' => 'read',
1926         'contextlevel' => CONTEXT_COURSE,
1927         'archetypes' => array(
1928             'user' => CAP_ALLOW,
1929             'student' => CAP_ALLOW,
1930             'teacher' => CAP_ALLOW,
1931             'editingteacher' => CAP_ALLOW,
1932             'manager' => CAP_ALLOW
1933         )
1934     ),
1935     'moodle/rating:viewall' => array(
1937         'riskbitmask' => RISK_PERSONAL,
1938         'captype' => 'read',
1939         'contextlevel' => CONTEXT_COURSE,
1940         'archetypes' => array(
1941             'user' => CAP_ALLOW,
1942             'student' => CAP_ALLOW,
1943             'teacher' => CAP_ALLOW,
1944             'editingteacher' => CAP_ALLOW,
1945             'manager' => CAP_ALLOW
1946         )
1947     ),
1948     'moodle/rating:rate' => array(
1950         'captype' => 'write',
1951         'contextlevel' => CONTEXT_COURSE,
1952         'archetypes' => array(
1953             'user' => CAP_ALLOW,
1954             'student' => CAP_ALLOW,
1955             'teacher' => CAP_ALLOW,
1956             'editingteacher' => CAP_ALLOW,
1957             'manager' => CAP_ALLOW
1958         )
1959     ),
1960     'moodle/course:markcomplete' => array(
1961         'captype' => 'write',
1962         'contextlevel' => CONTEXT_COURSE,
1963         'archetypes' => array(
1964             'teacher' => CAP_ALLOW,
1965             'editingteacher' => CAP_ALLOW,
1966             'manager' => CAP_ALLOW
1967         )
1968     ),
1969     'moodle/course:overridecompletion' => array(
1970         'captype' => 'write',
1971         'contextlevel' => CONTEXT_COURSE,
1972         'archetypes' => array(
1973             'teacher' => CAP_ALLOW,
1974             'editingteacher' => CAP_ALLOW,
1975             'manager' => CAP_ALLOW
1976         )
1977     ),
1979     // Badges.
1980     'moodle/badges:manageglobalsettings' => array(
1981         'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
1982         'captype'      => 'write',
1983         'contextlevel' => CONTEXT_SYSTEM,
1984         'archetypes'   => array(
1985             'manager'       => CAP_ALLOW,
1986         )
1987     ),
1989     // View available badges without earning them.
1990     'moodle/badges:viewbadges' => array(
1991         'captype'       => 'read',
1992         'contextlevel'  => CONTEXT_COURSE,
1993         'archetypes'    => array(
1994             'user'          => CAP_ALLOW,
1995         )
1996     ),
1998     // Manage badges on own private badges page.
1999     'moodle/badges:manageownbadges' => array(
2000         'riskbitmap'    => RISK_SPAM,
2001         'captype'       => 'write',
2002         'contextlevel'  => CONTEXT_USER,
2003         'archetypes'    => array(
2004             'user'    => CAP_ALLOW
2005         )
2006     ),
2008     // View public badges in other users' profiles.
2009     'moodle/badges:viewotherbadges' => array(
2010         'riskbitmap'    => RISK_PERSONAL,
2011         'captype'       => 'read',
2012         'contextlevel'  => CONTEXT_USER,
2013         'archetypes'    => array(
2014             'user'    => CAP_ALLOW
2015         )
2016     ),
2018     // Earn badge.
2019     'moodle/badges:earnbadge' => array(
2020         'captype'       => 'write',
2021         'contextlevel'  => CONTEXT_COURSE,
2022         'archetypes'    => array(
2023             'user'           => CAP_ALLOW,
2024         )
2025     ),
2027     // Create/duplicate badges.
2028     'moodle/badges:createbadge' => array(
2029         'riskbitmask'  => RISK_SPAM,
2030         'captype'      => 'write',
2031         'contextlevel' => CONTEXT_COURSE,
2032         'archetypes'   => array(
2033             'manager'        => CAP_ALLOW,
2034             'editingteacher' => CAP_ALLOW,
2035         )
2036     ),
2038     // Delete badges.
2039     'moodle/badges:deletebadge' => array(
2040         'riskbitmask'  => RISK_DATALOSS,
2041         'captype'      => 'write',
2042         'contextlevel' => CONTEXT_COURSE,
2043         'archetypes'   => array(
2044             'manager'        => CAP_ALLOW,
2045             'editingteacher' => CAP_ALLOW,
2046         )
2047     ),
2049     // Set up/edit badge details.
2050     'moodle/badges:configuredetails' => array(
2051         'riskbitmask'  => RISK_SPAM,
2052         'captype'      => 'write',
2053         'contextlevel' => CONTEXT_COURSE,
2054         'archetypes'   => array(
2055             'manager'        => CAP_ALLOW,
2056             'editingteacher' => CAP_ALLOW,
2057         )
2058     ),
2060     // Set up/edit criteria of earning a badge.
2061     'moodle/badges:configurecriteria' => array(
2062         'riskbitmask'  => RISK_XSS,
2063         'captype'      => 'write',
2064         'contextlevel' => CONTEXT_COURSE,
2065         'archetypes'   => array(
2066             'manager'        => CAP_ALLOW,
2067             'editingteacher' => CAP_ALLOW,
2068         )
2069     ),
2071     // Configure badge messages.
2072     'moodle/badges:configuremessages' => array(
2073         'riskbitmask'  => RISK_SPAM,
2074         'captype'      => 'write',
2075         'contextlevel' => CONTEXT_COURSE,
2076         'archetypes'   => array(
2077             'manager'        => CAP_ALLOW,
2078             'editingteacher' => CAP_ALLOW,
2079         )
2080     ),
2082     // Award badge to a user.
2083     'moodle/badges:awardbadge' => array(
2084         'riskbitmask'  => RISK_SPAM,
2085         'captype'      => 'write',
2086         'contextlevel' => CONTEXT_COURSE,
2087         'archetypes'   => array(
2088             'manager'        => CAP_ALLOW,
2089             'teacher'        => CAP_ALLOW,
2090             'editingteacher' => CAP_ALLOW,
2091         )
2092     ),
2094     // Revoke badge from a user.
2095     'moodle/badges:revokebadge' => array(
2096         'riskbitmask'  => RISK_SPAM,
2097         'captype'      => 'write',
2098         'contextlevel' => CONTEXT_COURSE,
2099         'archetypes'   => array(
2100             'manager'        => CAP_ALLOW,
2101             'teacher'        => CAP_ALLOW,
2102             'editingteacher' => CAP_ALLOW,
2103         )
2104     ),
2106     // View users who earned a specific badge without being able to award a badge.
2107     'moodle/badges:viewawarded' => array(
2108         'riskbitmask'  => RISK_PERSONAL,
2109         'captype'      => 'read',
2110         'contextlevel' => CONTEXT_COURSE,
2111         'archetypes'   => array(
2112                 'manager'        => CAP_ALLOW,
2113                 'teacher'        => CAP_ALLOW,
2114                 'editingteacher' => CAP_ALLOW,
2115         )
2116     ),
2118     'moodle/site:forcelanguage' => array(
2119         'captype' => 'read',
2120         'contextlevel' => CONTEXT_SYSTEM,
2121         'archetypes' => array(
2122         )
2123     ),
2125     // Perform site-wide search queries through the search API.
2126     'moodle/search:query' => array(
2127         'captype' => 'read',
2128         'contextlevel' => CONTEXT_SYSTEM,
2129         'archetypes' => array(
2130             'guest' => CAP_ALLOW,
2131             'user' => CAP_ALLOW,
2132             'student' => CAP_ALLOW,
2133             'teacher' => CAP_ALLOW,
2134             'editingteacher' => CAP_ALLOW,
2135             'manager' => CAP_ALLOW
2136         )
2137     ),
2139     // Competencies.
2140     'moodle/competency:competencymanage' => array(
2141         'captype' => 'write',
2142         'contextlevel' => CONTEXT_COURSECAT,
2143         'archetypes' => array(
2144             'manager' => CAP_ALLOW
2145         )
2146     ),
2147     'moodle/competency:competencyview' => array(
2148         'captype' => 'read',
2149         'contextlevel' => CONTEXT_COURSECAT,
2150         'archetypes' => array(
2151             'user' => CAP_ALLOW
2152         ),
2153     ),
2154     'moodle/competency:competencygrade' => array(
2155         'captype' => 'write',
2156         'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER.
2157         'archetypes' => array(
2158             'editingteacher' => CAP_ALLOW,
2159             'teacher' => CAP_ALLOW,
2160             'manager' => CAP_ALLOW
2161         ),
2162     ),
2163     // Course competencies.
2164     'moodle/competency:coursecompetencymanage' => array(
2165         'captype' => 'write',
2166         'contextlevel' => CONTEXT_COURSE,
2167         'archetypes' => array(
2168             'editingteacher' => CAP_ALLOW,
2169             'manager' => CAP_ALLOW
2170         ),
2171     ),
2172     'moodle/competency:coursecompetencyconfigure' => array(
2173         'captype' => 'write',
2174         'contextlevel' => CONTEXT_MODULE,
2175         'archetypes' => array(
2176             'manager' => CAP_ALLOW
2177         ),
2178     ),
2179     'moodle/competency:coursecompetencygradable' => array(
2180         'captype' => 'read',
2181         'contextlevel' => CONTEXT_COURSE,
2182         'archetypes' => array(
2183             'student' => CAP_ALLOW
2184         ),
2185         'clonepermissionsfrom' => 'moodle/course:isincompletionreports'
2186     ),
2187     'moodle/competency:coursecompetencyview' => array(
2188         'captype' => 'read',
2189         'contextlevel' => CONTEXT_COURSE,
2190         'archetypes' => array(
2191             'user' => CAP_ALLOW
2192         ),
2193     ),
2194     // Evidence.
2195     'moodle/competency:evidencedelete' => array(
2196         'captype' => 'write',
2197         'contextlevel' => CONTEXT_USER,
2198         'archetypes' => array(
2199         ),
2200         'clonepermissionsfrom' => 'moodle/site:config'
2201     ),
2202     // User plans.
2203     'moodle/competency:planmanage' => array(
2204         'captype' => 'write',
2205         'contextlevel' => CONTEXT_USER,
2206         'archetypes' => array(
2207             'manager' => CAP_ALLOW
2208         ),
2209     ),
2210     'moodle/competency:planmanagedraft' => array(
2211         'captype' => 'write',
2212         'contextlevel' => CONTEXT_USER,
2213         'archetypes' => array(
2214             'manager' => CAP_ALLOW
2215         ),
2216     ),
2217     'moodle/competency:planmanageown' => array(
2218         'captype' => 'write',
2219         'contextlevel' => CONTEXT_USER,
2220         'archetypes' => array(
2221         ),
2222     ),
2223     'moodle/competency:planmanageowndraft' => array(
2224         'captype' => 'write',
2225         'contextlevel' => CONTEXT_USER,
2226         'archetypes' => array(
2227         ),
2228     ),
2229     'moodle/competency:planview' => array(
2230         'captype' => 'read',
2231         'contextlevel' => CONTEXT_USER,
2232         'archetypes' => array(
2233             'manager' => CAP_ALLOW
2234         ),
2235     ),
2236     'moodle/competency:planviewdraft' => array(
2237         'captype' => 'read',
2238         'contextlevel' => CONTEXT_USER,
2239         'archetypes' => array(
2240             'manager' => CAP_ALLOW
2241         ),
2242     ),
2243     'moodle/competency:planviewown' => array(
2244         'captype' => 'read',
2245         'contextlevel' => CONTEXT_USER,
2246         'archetypes' => array(
2247             'user' => CAP_ALLOW
2248         ),
2249     ),
2250     'moodle/competency:planviewowndraft' => array(
2251         'captype' => 'read',
2252         'contextlevel' => CONTEXT_USER,
2253         'archetypes' => array(
2254         ),
2255     ),
2256     'moodle/competency:planrequestreview' => array(
2257         'captype' => 'write',
2258         'contextlevel' => CONTEXT_USER,
2259         'archetypes' => array(
2260             'manager' => CAP_ALLOW
2261         )
2262     ),
2263     'moodle/competency:planrequestreviewown' => array(
2264         'captype' => 'write',
2265         'contextlevel' => CONTEXT_USER,
2266         'archetypes' => array(
2267             'user' => CAP_ALLOW
2268         )
2269     ),
2270     'moodle/competency:planreview' => array(
2271         'captype' => 'write',
2272         'contextlevel' => CONTEXT_USER,
2273         'archetypes' => array(
2274             'manager' => CAP_ALLOW
2275         ),
2276     ),
2277     'moodle/competency:plancomment' => array(
2278         'captype' => 'write',
2279         'contextlevel' => CONTEXT_USER,
2280         'archetypes' => array(
2281             'manager' => CAP_ALLOW
2282         ),
2283     ),
2284     'moodle/competency:plancommentown' => array(
2285         'captype' => 'write',
2286         'contextlevel' => CONTEXT_USER,
2287         'archetypes' => array(
2288             'user' => CAP_ALLOW
2289         ),
2290     ),
2291     // User competencies.
2292     'moodle/competency:usercompetencyview' => array(
2293         'captype' => 'read',
2294         'contextlevel' => CONTEXT_USER,     // And CONTEXT_COURSE.
2295         'archetypes' => array(
2296             'manager' => CAP_ALLOW,
2297             'editingteacher' => CAP_ALLOW,
2298             'teacher' => CAP_ALLOW
2299         )
2300     ),
2301     'moodle/competency:usercompetencyrequestreview' => array(
2302         'captype' => 'write',
2303         'contextlevel' => CONTEXT_USER,
2304         'archetypes' => array(
2305             'manager' => CAP_ALLOW
2306         )
2307     ),
2308     'moodle/competency:usercompetencyrequestreviewown' => array(
2309         'captype' => 'write',
2310         'contextlevel' => CONTEXT_USER,
2311         'archetypes' => array(
2312             'user' => CAP_ALLOW
2313         )
2314     ),
2315     'moodle/competency:usercompetencyreview' => array(
2316         'captype' => 'write',
2317         'contextlevel' => CONTEXT_USER,
2318         'archetypes' => array(
2319             'manager' => CAP_ALLOW
2320         ),
2321     ),
2322     'moodle/competency:usercompetencycomment' => array(
2323         'captype' => 'write',
2324         'contextlevel' => CONTEXT_USER,
2325         'archetypes' => array(
2326             'manager' => CAP_ALLOW
2327         ),
2328     ),
2329     'moodle/competency:usercompetencycommentown' => array(
2330         'captype' => 'write',
2331         'contextlevel' => CONTEXT_USER,
2332         'archetypes' => array(
2333             'user' => CAP_ALLOW
2334         ),
2335     ),
2336     // Template.
2337     'moodle/competency:templatemanage' => array(
2338         'captype' => 'write',
2339         'contextlevel' => CONTEXT_COURSECAT,
2340         'archetypes' => array(
2341             'manager' => CAP_ALLOW
2342         ),
2343     ),
2344     'moodle/analytics:listinsights' => array(
2345         'riskbitmask' => RISK_PERSONAL,
2346         'captype' => 'read',
2347         'contextlevel' => CONTEXT_COURSE,
2348         'archetypes' => array(
2349             'teacher' => CAP_ALLOW,
2350             'editingteacher' => CAP_ALLOW,
2351             'manager' => CAP_ALLOW
2352         )
2353     ),
2354     'moodle/analytics:managemodels' => array(
2355         'riskbitmask' => RISK_CONFIG,
2356         'captype' => 'write',
2357         'contextlevel' => CONTEXT_SYSTEM,
2358         'archetypes' => array(
2359             'manager' => CAP_ALLOW
2360         ),
2361     ),
2362     'moodle/competency:templateview' => array(
2363         'captype' => 'read',
2364         'contextlevel' => CONTEXT_COURSECAT,
2365         'archetypes' => array(
2366             'manager' => CAP_ALLOW
2367         ),
2368     ),
2369     // User evidence.
2370     'moodle/competency:userevidencemanage' => array(
2371         'captype' => 'write',
2372         'contextlevel' => CONTEXT_USER,
2373         'archetypes' => array(
2374             'manager' => CAP_ALLOW
2375         ),
2376     ),
2377     'moodle/competency:userevidencemanageown' => array(
2378         'captype' => 'write',
2379         'contextlevel' => CONTEXT_USER,
2380         'archetypes' => array(
2381             'user' => CAP_ALLOW
2382         ),
2383     ),
2384     'moodle/competency:userevidenceview' => array(
2385         'captype' => 'read',
2386         'contextlevel' => CONTEXT_USER,
2387         'archetypes' => array(
2388             'manager' => CAP_ALLOW
2389         ),
2390     ),
2391     'moodle/site:maintenanceaccess' => array(
2392         'captype' => 'write',
2393         'contextlevel' => CONTEXT_SYSTEM,
2394         'archetypes' => array(
2395         )
2396     ),
2397     // Allow message any user, regardlesss of the privacy preferences for messaging.
2398     'moodle/site:messageanyuser' => array(
2399         'riskbitmask' => RISK_SPAM,
2400         'captype' => 'write',
2401         'contextlevel' => CONTEXT_SYSTEM,
2402         'archetypes' => array(
2403             'teacher' => CAP_ALLOW,
2404             'editingteacher' => CAP_ALLOW,
2405             'manager' => CAP_ALLOW
2406         )
2407     ),
2409     // Context locking/unlocking.
2410     'moodle/site:managecontextlocks' => [
2411         'captype' => 'write',
2412         'contextlevel' => CONTEXT_MODULE,
2413         'archetypes' => [
2414         ],
2415     ],
2417     // Manual completion toggling.
2418     'moodle/course:togglecompletion' => [
2419         'captype' => 'write',
2420         'contextlevel' => CONTEXT_MODULE,
2421         'archetypes' => [
2422             'user' => CAP_ALLOW,
2423         ],
2424     ],
2426     'moodle/analytics:listowninsights' => array(
2427         'captype' => 'read',
2428         'contextlevel' => CONTEXT_SYSTEM,
2429         'archetypes' => array(
2430             'user' => CAP_ALLOW
2431         )
2432     ),
2434     // Set display option buttons to an H5P content.
2435     'moodle/h5p:setdisplayoptions' => array(
2436         'captype' => 'write',
2437         'contextlevel' => CONTEXT_MODULE,
2438         'archetypes' => array(
2439             'editingteacher' => CAP_ALLOW,
2440         )
2441     ),
2443     // Allow to deploy H5P content.
2444     'moodle/h5p:deploy' => array(
2445         'riskbitmask' => RISK_XSS,
2446         'captype' => 'write',
2447         'contextlevel' => CONTEXT_MODULE,
2448         'archetypes' => array(
2449             'manager'        => CAP_ALLOW,
2450             'editingteacher' => CAP_ALLOW,
2451         )
2452     ),
2453 );