a970632fe48c073796d0797eee1c8546f73579c9
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
67     'moodle/site:configview' => array(
68         'captype' => 'read',
69         'contextlevel' => CONTEXT_SYSTEM,
70         'archetypes' => array(
71             'manager' => CAP_ALLOW,
72             'coursecreator' => CAP_ALLOW,
73         )
74     ),
76     'moodle/site:readallmessages' => array(
78         'riskbitmask' => RISK_PERSONAL,
80         'captype' => 'read',
81         'contextlevel' => CONTEXT_SYSTEM,
82         'archetypes' => array(
83             'manager' => CAP_ALLOW,
84             'editingteacher' => CAP_ALLOW
85         )
86     ),
88     'moodle/site:manageallmessaging' => array(
90         'riskbitmask' => RISK_PERSONAL,
92         'captype' => 'write',
93         'contextlevel' => CONTEXT_SYSTEM,
94         'archetypes' => array(
95             'manager' => CAP_ALLOW
96         )
97     ),
99     'moodle/site:deleteanymessage' => array(
101         'riskbitmask' => RISK_DATALOSS,
103         'captype' => 'write',
104         'contextlevel' => CONTEXT_SYSTEM,
105         'archetypes' => array(
106             'manager' => CAP_ALLOW
107         )
108     ),
110     'moodle/site:sendmessage' => array(
112         'riskbitmask' => RISK_SPAM,
114         'captype' => 'write',
115         'contextlevel' => CONTEXT_SYSTEM,
116         'archetypes' => array(
117             'manager' => CAP_ALLOW,
118             'user' => CAP_ALLOW
119         )
120     ),
122     'moodle/site:deleteownmessage' => array(
124         'captype' => 'write',
125         'contextlevel' => CONTEXT_SYSTEM,
126         'archetypes' => array(
127             'user' => CAP_ALLOW
128         )
129     ),
131     'moodle/site:approvecourse' => array(
133         'riskbitmask' => RISK_XSS,
135         'captype' => 'write',
136         'contextlevel' => CONTEXT_COURSECAT,
137         'archetypes' => array(
138             'manager' => CAP_ALLOW
139         )
140     ),
142     'moodle/backup:backupcourse' => array(
144         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
146         'captype' => 'write',
147         'contextlevel' => CONTEXT_COURSE,
148         'archetypes' => array(
149             'editingteacher' => CAP_ALLOW,
150             'manager' => CAP_ALLOW
151         ),
153         'clonepermissionsfrom' =>  'moodle/site:backup'
154     ),
156     'moodle/backup:backupsection' => array(
158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
160         'captype' => 'write',
161         'contextlevel' => CONTEXT_COURSE,
162         'archetypes' => array(
163             'editingteacher' => CAP_ALLOW,
164             'manager' => CAP_ALLOW
165         ),
167         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
168     ),
170     'moodle/backup:backupactivity' => array(
172         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
174         'captype' => 'write',
175         'contextlevel' => CONTEXT_MODULE,
176         'archetypes' => array(
177             'editingteacher' => CAP_ALLOW,
178             'manager' => CAP_ALLOW
179         ),
181         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
182     ),
184     'moodle/backup:backuptargetimport' => array(
186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
188         'captype' => 'write',
189         'contextlevel' => CONTEXT_COURSE,
190         'archetypes' => array(
191             'editingteacher' => CAP_ALLOW,
192             'manager' => CAP_ALLOW
193         ),
195         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
196     ),
198     'moodle/backup:downloadfile' => array(
200         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
202         'captype' => 'write',
203         'contextlevel' => CONTEXT_COURSE,
204         'archetypes' => array(
205             'editingteacher' => CAP_ALLOW,
206             'manager' => CAP_ALLOW
207         ),
209         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
210     ),
212     'moodle/backup:configure' => array(
214         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
216         'captype' => 'write',
217         'contextlevel' => CONTEXT_COURSE,
218         'archetypes' => array(
219             'editingteacher' => CAP_ALLOW,
220             'manager' => CAP_ALLOW
221         )
222     ),
224     'moodle/backup:userinfo' => array(
226         'riskbitmask' => RISK_PERSONAL,
228         'captype' => 'read',
229         'contextlevel' => CONTEXT_COURSE,
230         'archetypes' => array(
231             'manager' => CAP_ALLOW
232         )
233     ),
235     'moodle/backup:anonymise' => array(
237         'riskbitmask' => RISK_PERSONAL,
239         'captype' => 'read',
240         'contextlevel' => CONTEXT_COURSE,
241         'archetypes' => array(
242             'manager' => CAP_ALLOW
243         )
244     ),
246     'moodle/restore:restorecourse' => array(
248         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
250         'captype' => 'write',
251         'contextlevel' => CONTEXT_COURSE,
252         'archetypes' => array(
253             'editingteacher' => CAP_ALLOW,
254             'manager' => CAP_ALLOW
255         ),
257         'clonepermissionsfrom' =>  'moodle/site:restore'
258     ),
260     'moodle/restore:restoresection' => array(
262         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
264         'captype' => 'write',
265         'contextlevel' => CONTEXT_COURSE,
266         'archetypes' => array(
267             'editingteacher' => CAP_ALLOW,
268             'manager' => CAP_ALLOW
269         ),
271         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
272     ),
274     'moodle/restore:restoreactivity' => array(
276         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
278         'captype' => 'write',
279         'contextlevel' => CONTEXT_COURSE,
280         'archetypes' => array(
281             'editingteacher' => CAP_ALLOW,
282             'manager' => CAP_ALLOW
283         ),
285         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
286     ),
288     'moodle/restore:viewautomatedfilearea' => array(
290         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
292         'captype' => 'write',
293         'contextlevel' => CONTEXT_COURSE,
294         'archetypes' => array(
295             'editingteacher' => CAP_ALLOW,
296             'manager' => CAP_ALLOW
297         ),
298     ),
300     'moodle/restore:restoretargetimport' => array(
302         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
304         'captype' => 'write',
305         'contextlevel' => CONTEXT_COURSE,
306         'archetypes' => array(
307             'editingteacher' => CAP_ALLOW,
308             'manager' => CAP_ALLOW
309         ),
311         'clonepermissionsfrom' =>  'moodle/site:import'
312     ),
314     'moodle/restore:uploadfile' => array(
316         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
318         'captype' => 'write',
319         'contextlevel' => CONTEXT_COURSE,
320         'archetypes' => array(
321             'editingteacher' => CAP_ALLOW,
322             'manager' => CAP_ALLOW
323         ),
325         'clonepermissionsfrom' =>  'moodle/site:backupupload'
326     ),
328     'moodle/restore:configure' => array(
330         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
332         'captype' => 'write',
333         'contextlevel' => CONTEXT_COURSE,
334         'archetypes' => array(
335             'editingteacher' => CAP_ALLOW,
336             'manager' => CAP_ALLOW
337         )
338     ),
340     'moodle/restore:rolldates' => array(
342         'captype' => 'write',
343         'contextlevel' => CONTEXT_COURSE,
344         'archetypes' => array(
345             'coursecreator' => CAP_ALLOW,
346             'manager' => CAP_ALLOW
347         )
348     ),
350     'moodle/restore:userinfo' => array(
352         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
354         'captype' => 'write',
355         'contextlevel' => CONTEXT_COURSE,
356         'archetypes' => array(
357             'manager' => CAP_ALLOW
358         )
359     ),
361     'moodle/restore:createuser' => array(
363         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
365         'captype' => 'write',
366         'contextlevel' => CONTEXT_SYSTEM,
367         'archetypes' => array(
368             'manager' => CAP_ALLOW
369         )
370     ),
372     'moodle/site:manageblocks' => array(
374         'riskbitmask' => RISK_SPAM | RISK_XSS,
376         'captype' => 'write',
377         'contextlevel' => CONTEXT_BLOCK,
378         'archetypes' => array(
379             'editingteacher' => CAP_ALLOW,
380             'manager' => CAP_ALLOW
381         )
382     ),
384     'moodle/site:accessallgroups' => array(
386         'captype' => 'read',
387         'contextlevel' => CONTEXT_MODULE,
388         'archetypes' => array(
389             'editingteacher' => CAP_ALLOW,
390             'manager' => CAP_ALLOW
391         )
392     ),
394     'moodle/site:viewanonymousevents' => array(
396         'captype' => 'read',
397         'contextlevel' => CONTEXT_MODULE,
398         'archetypes' => array(
399             'teacher' => CAP_PROHIBIT,
400             'editingteacher' => CAP_PROHIBIT,
401             'manager' => CAP_ALLOW
402         )
403     ),
405     'moodle/site:viewfullnames' => array(
407         'captype' => 'read',
408         'contextlevel' => CONTEXT_MODULE,
409         'archetypes' => array(
410             'teacher' => CAP_ALLOW,
411             'editingteacher' => CAP_ALLOW,
412             'manager' => CAP_ALLOW
413         )
414     ),
416     // In reports that give lists of users, extra information about each user's
417     // identity (the fields configured in site option showuseridentity) will be
418     // displayed to users who have this capability.
419     'moodle/site:viewuseridentity' => array(
421         'captype' => 'read',
422         'contextlevel' => CONTEXT_MODULE,
423         'archetypes' => array(
424             'teacher' => CAP_ALLOW,
425             'editingteacher' => CAP_ALLOW,
426             'manager' => CAP_ALLOW
427         )
428     ),
430     'moodle/site:viewreports' => array(
432         'riskbitmask' => RISK_PERSONAL,
434         'captype' => 'read',
435         'contextlevel' => CONTEXT_COURSE,
436         'archetypes' => array(
437             'teacher' => CAP_ALLOW,
438             'editingteacher' => CAP_ALLOW,
439             'manager' => CAP_ALLOW
440         )
441     ),
443     'moodle/site:trustcontent' => array(
445         'riskbitmask' => RISK_XSS,
447         'captype' => 'write',
448         'contextlevel' => CONTEXT_MODULE,
449         'archetypes' => array(
450             'editingteacher' => CAP_ALLOW,
451             'manager' => CAP_ALLOW
452         )
453     ),
455     'moodle/site:uploadusers' => array(
457         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
459         'captype' => 'write',
460         'contextlevel' => CONTEXT_SYSTEM,
461         'archetypes' => array(
462             'manager' => CAP_ALLOW
463         )
464     ),
466     // Permission to manage filter setting overrides in subcontexts.
467     'moodle/filter:manage' => array(
469         'captype' => 'write',
470         'contextlevel' => CONTEXT_COURSE,
471         'archetypes' => array(
472             'editingteacher' => CAP_ALLOW,
473             'manager' => CAP_ALLOW,
474         )
475     ),
477     'moodle/user:create' => array(
479         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
481         'captype' => 'write',
482         'contextlevel' => CONTEXT_SYSTEM,
483         'archetypes' => array(
484             'manager' => CAP_ALLOW
485         )
486     ),
488     'moodle/user:delete' => array(
490         'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS,
492         'captype' => 'write',
493         'contextlevel' => CONTEXT_SYSTEM,
494         'archetypes' => array(
495             'manager' => CAP_ALLOW
496         )
497     ),
499     'moodle/user:update' => array(
501         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
503         'captype' => 'write',
504         'contextlevel' => CONTEXT_SYSTEM,
505         'archetypes' => array(
506             'manager' => CAP_ALLOW
507         )
508     ),
510     'moodle/user:viewdetails' => array(
512         'captype' => 'read',
513         'contextlevel' => CONTEXT_COURSE,
514         'archetypes' => array(
515             'guest' => CAP_ALLOW,
516             'student' => CAP_ALLOW,
517             'teacher' => CAP_ALLOW,
518             'editingteacher' => CAP_ALLOW,
519             'manager' => CAP_ALLOW
520         )
521     ),
523     'moodle/user:viewalldetails' => array(
524         'riskbitmask' => RISK_PERSONAL,
525         'captype' => 'read',
526         'contextlevel' => CONTEXT_USER,
527         'archetypes' => array(
528             'manager' => CAP_ALLOW
529         ),
530         'clonepermissionsfrom' => 'moodle/user:update'
531     ),
533     'moodle/user:viewlastip' => array(
534         'riskbitmask' => RISK_PERSONAL,
535         'captype' => 'read',
536         'contextlevel' => CONTEXT_USER,
537         'archetypes' => array(
538             'manager' => CAP_ALLOW
539         ),
540         'clonepermissionsfrom' => 'moodle/user:update'
541     ),
543     'moodle/user:viewhiddendetails' => array(
545         'riskbitmask' => RISK_PERSONAL,
547         'captype' => 'read',
548         'contextlevel' => CONTEXT_COURSE,
549         'archetypes' => array(
550             'teacher' => CAP_ALLOW,
551             'editingteacher' => CAP_ALLOW,
552             'manager' => CAP_ALLOW
553         )
554     ),
556     'moodle/user:loginas' => array(
558         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
560         'captype' => 'write',
561         'contextlevel' => CONTEXT_COURSE,
562         'archetypes' => array(
563             'manager' => CAP_ALLOW
564         )
565     ),
567     // can the user manage the system default profile page?
568     'moodle/user:managesyspages' => array(
570         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
572         'captype' => 'write',
573         'contextlevel' => CONTEXT_SYSTEM,
574         'archetypes' => array(
575             'manager' => CAP_ALLOW
576         )
577     ),
579     // can the user manage another user's profile page?
580     'moodle/user:manageblocks' => array(
582         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
584         'captype' => 'write',
585         'contextlevel' => CONTEXT_USER
586     ),
588     // can the user manage their own profile page?
589     'moodle/user:manageownblocks' => array(
591         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
593         'captype' => 'write',
594         'contextlevel' => CONTEXT_SYSTEM,
595         'archetypes' => array(
596             'user' => CAP_ALLOW
597         )
598     ),
600     // can the user manage their own files?
601     'moodle/user:manageownfiles' => array(
603         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
605         'captype' => 'write',
606         'contextlevel' => CONTEXT_SYSTEM,
607         'archetypes' => array(
608             'user' => CAP_ALLOW
609         )
610     ),
612     // Can the user ignore the setting userquota?
613     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
614     'moodle/user:ignoreuserquota' => array(
615         'riskbitmap' => RISK_SPAM,
616         'captype' => 'write',
617         'contextlevel' => CONTEXT_SYSTEM,
618         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
619     ),
621     // can the user manage the system default dashboard page?
622     'moodle/my:configsyspages' => array(
624         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
626         'captype' => 'write',
627         'contextlevel' => CONTEXT_SYSTEM,
628         'archetypes' => array(
629             'manager' => CAP_ALLOW
630         )
631     ),
633     'moodle/role:assign' => array(
635         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
637         'captype' => 'write',
638         'contextlevel' => CONTEXT_COURSE,
639         'archetypes' => array(
640             'editingteacher' => CAP_ALLOW,
641             'manager' => CAP_ALLOW
642         )
643     ),
645     'moodle/role:review' => array(
647         'riskbitmask' => RISK_PERSONAL,
649         'captype' => 'read',
650         'contextlevel' => CONTEXT_COURSE,
651         'archetypes' => array(
652             'teacher' => CAP_ALLOW,
653             'editingteacher' => CAP_ALLOW,
654             'manager' => CAP_ALLOW
655         )
656     ),
658     'moodle/role:override' => array(
660         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
662         'captype' => 'write',
663         'contextlevel' => CONTEXT_COURSE,
664         'archetypes' => array(
665             'manager' => CAP_ALLOW
666         )
667     ),
669     'moodle/role:safeoverride' => array(
671         'riskbitmask' => RISK_SPAM,
673         'captype' => 'write',
674         'contextlevel' => CONTEXT_COURSE,
675         'archetypes' => array(
676             'editingteacher' => CAP_ALLOW
677         )
678     ),
680     'moodle/role:manage' => array(
682         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
684         'captype' => 'write',
685         'contextlevel' => CONTEXT_SYSTEM,
686         'archetypes' => array(
687             'manager' => CAP_ALLOW
688         )
689     ),
691     'moodle/role:switchroles' => array(
693         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
695         'captype' => 'read',
696         'contextlevel' => CONTEXT_COURSE,
697         'archetypes' => array(
698             'editingteacher' => CAP_ALLOW,
699             'manager' => CAP_ALLOW
700         )
701     ),
703     // Create, update and delete course categories. (Deleting a course category
704     // does not let you delete the courses it contains, unless you also have
705     // moodle/course: delete.) Creating and deleting requires this permission in
706     // the parent category.
707     'moodle/category:manage' => array(
709         'riskbitmask' => RISK_XSS,
711         'captype' => 'write',
712         'contextlevel' => CONTEXT_COURSECAT,
713         'archetypes' => array(
714             'manager' => CAP_ALLOW
715         ),
716         'clonepermissionsfrom' => 'moodle/category:update'
717     ),
719     'moodle/category:viewcourselist' => array(
721         'captype' => 'read',
722         'contextlevel' => CONTEXT_COURSECAT,
723         'archetypes' => array(
724             'guest' => CAP_ALLOW,
725             'user' => CAP_ALLOW,
726         )
727     ),
729     'moodle/category:viewhiddencategories' => array(
731         'captype' => 'read',
732         'contextlevel' => CONTEXT_COURSECAT,
733         'archetypes' => array(
734             'coursecreator' => CAP_ALLOW,
735             'manager' => CAP_ALLOW
736         ),
737         'clonepermissionsfrom' => 'moodle/category:visibility'
738     ),
740     // create, delete, move cohorts in system and course categories,
741     // (cohorts with component !== null can be only moved)
742     'moodle/cohort:manage' => array(
744         'captype' => 'write',
745         'contextlevel' => CONTEXT_COURSECAT,
746         'archetypes' => array(
747             'manager' => CAP_ALLOW
748         )
749     ),
751     // add and remove cohort members (only for cohorts where component !== null)
752     'moodle/cohort:assign' => array(
754         'captype' => 'write',
755         'contextlevel' => CONTEXT_COURSECAT,
756         'archetypes' => array(
757             'manager' => CAP_ALLOW
758         )
759     ),
761     // View visible and hidden cohorts defined in the current context.
762     'moodle/cohort:view' => array(
764         'captype' => 'read',
765         'contextlevel' => CONTEXT_COURSE,
766         'archetypes' => array(
767             'editingteacher' => CAP_ALLOW,
768             'manager' => CAP_ALLOW
769         )
770     ),
772     'moodle/course:create' => array(
774         'riskbitmask' => RISK_XSS,
776         'captype' => 'write',
777         'contextlevel' => CONTEXT_COURSECAT,
778         'archetypes' => array(
779             'coursecreator' => CAP_ALLOW,
780             'manager' => CAP_ALLOW
781         )
782     ),
784     'moodle/course:creategroupconversations' => array(
785         'riskbitmask' => RISK_XSS,
786         'captype' => 'write',
787         'contextlevel' => CONTEXT_COURSE,
788         'archetypes' => array(
789             'editingteacher' => CAP_ALLOW,
790             'manager' => CAP_ALLOW
791         )
792     ),
794     'moodle/course:request' => array(
795         'captype' => 'write',
796         'contextlevel' => CONTEXT_COURSECAT,
797     ),
799     'moodle/course:delete' => array(
801         'riskbitmask' => RISK_DATALOSS,
803         'captype' => 'write',
804         'contextlevel' => CONTEXT_COURSE,
805         'archetypes' => array(
806             'manager' => CAP_ALLOW
807         )
808     ),
810     'moodle/course:update' => array(
812         'riskbitmask' => RISK_XSS,
814         'captype' => 'write',
815         'contextlevel' => CONTEXT_COURSE,
816         'archetypes' => array(
817             'editingteacher' => CAP_ALLOW,
818             'manager' => CAP_ALLOW
819         )
820     ),
822     'moodle/course:view' => array(
824         'captype' => 'read',
825         'contextlevel' => CONTEXT_COURSE,
826         'archetypes' => array(
827             'manager' => CAP_ALLOW,
828         )
829     ),
831     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
832     'moodle/course:enrolreview' => array(
834         'riskbitmask' => RISK_PERSONAL,
836         'captype' => 'read',
837         'contextlevel' => CONTEXT_COURSE,
838         'archetypes' => array(
839             'editingteacher' => CAP_ALLOW,
840             'manager' => CAP_ALLOW,
841         )
842     ),
844     /* add, remove, hide enrol instances in courses */
845     'moodle/course:enrolconfig' => array(
847         'riskbitmask' => RISK_PERSONAL,
849         'captype' => 'write',
850         'contextlevel' => CONTEXT_COURSE,
851         'archetypes' => array(
852             'editingteacher' => CAP_ALLOW,
853             'manager' => CAP_ALLOW,
854         )
855     ),
857     'moodle/course:reviewotherusers' => array(
859         'captype' => 'read',
860         'contextlevel' => CONTEXT_COURSE,
861         'archetypes' => array(
862             'editingteacher' => CAP_ALLOW,
863             'manager' => CAP_ALLOW,
864         ),
865         'clonepermissionsfrom' => 'moodle/role:assign'
866     ),
868     'moodle/course:bulkmessaging' => array(
870         'riskbitmask' => RISK_SPAM,
872         'captype' => 'write',
873         'contextlevel' => CONTEXT_COURSE,
874         'archetypes' => array(
875             'teacher' => CAP_ALLOW,
876             'editingteacher' => CAP_ALLOW,
877             'manager' => CAP_ALLOW
878         )
879     ),
881     'moodle/course:viewhiddenuserfields' => array(
883         'riskbitmask' => RISK_PERSONAL,
885         'captype' => 'read',
886         'contextlevel' => CONTEXT_COURSE,
887         'archetypes' => array(
888             'teacher' => CAP_ALLOW,
889             'editingteacher' => CAP_ALLOW,
890             'manager' => CAP_ALLOW
891         )
892     ),
894     'moodle/course:viewhiddencourses' => array(
896         'captype' => 'read',
897         'contextlevel' => CONTEXT_COURSE,
898         'archetypes' => array(
899             'coursecreator' => CAP_ALLOW,
900             'teacher' => CAP_ALLOW,
901             'editingteacher' => CAP_ALLOW,
902             'manager' => CAP_ALLOW
903         )
904     ),
906     'moodle/course:visibility' => array(
908         'captype' => 'write',
909         'contextlevel' => CONTEXT_COURSE,
910         'archetypes' => array(
911             'editingteacher' => CAP_ALLOW,
912             'manager' => CAP_ALLOW
913         )
914     ),
916     'moodle/course:managefiles' => array(
918         'riskbitmask' => RISK_XSS,
920         'captype' => 'write',
921         'contextlevel' => CONTEXT_COURSE,
922         'archetypes' => array(
923             'editingteacher' => CAP_ALLOW,
924             'manager' => CAP_ALLOW
925         )
926     ),
928     'moodle/course:ignoreavailabilityrestrictions' => array(
929         'captype' => 'read',
930         'contextlevel' => CONTEXT_MODULE,
931         'archetypes' => array(
932             'manager' => CAP_ALLOW,
933             'coursecreator' => CAP_ALLOW,
934             'editingteacher' => CAP_ALLOW,
935             'teacher' => CAP_ALLOW,
936         ),
937         'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities'
938     ),
940     'moodle/course:ignorefilesizelimits' => array(
942         'captype' => 'write',
943         'contextlevel' => CONTEXT_COURSE,
944         'archetypes' => array(
945         )
946     ),
948     'moodle/course:manageactivities' => array(
950         'riskbitmask' => RISK_XSS,
952         'captype' => 'write',
953         'contextlevel' => CONTEXT_MODULE,
954         'archetypes' => array(
955             'editingteacher' => CAP_ALLOW,
956             'manager' => CAP_ALLOW
957         )
958     ),
960     'moodle/course:activityvisibility' => array(
962         'captype' => 'write',
963         'contextlevel' => CONTEXT_MODULE,
964         'archetypes' => array(
965             'editingteacher' => CAP_ALLOW,
966             'manager' => CAP_ALLOW
967         )
968     ),
970     'moodle/course:viewhiddenactivities' => array(
972         'captype' => 'write',
973         'contextlevel' => CONTEXT_MODULE,
974         'archetypes' => array(
975             'teacher' => CAP_ALLOW,
976             'editingteacher' => CAP_ALLOW,
977             'manager' => CAP_ALLOW
978         )
979     ),
981     'moodle/course:viewparticipants' => array(
983         'captype' => 'read',
984         'contextlevel' => CONTEXT_COURSE,
985         'archetypes' => array(
986             'student' => CAP_ALLOW,
987             'teacher' => CAP_ALLOW,
988             'editingteacher' => CAP_ALLOW,
989             'manager' => CAP_ALLOW
990         )
991     ),
993     'moodle/course:changefullname' => array(
995         'riskbitmask' => RISK_XSS,
997         'captype' => 'write',
998         'contextlevel' => CONTEXT_COURSE,
999         'archetypes' => array(
1000             'editingteacher' => CAP_ALLOW,
1001             'manager' => CAP_ALLOW
1002         ),
1003         'clonepermissionsfrom' => 'moodle/course:update'
1004     ),
1006     'moodle/course:changeshortname' => array(
1008         'riskbitmask' => RISK_XSS,
1010         'captype' => 'write',
1011         'contextlevel' => CONTEXT_COURSE,
1012         'archetypes' => array(
1013             'editingteacher' => CAP_ALLOW,
1014             'manager' => CAP_ALLOW
1015         ),
1016         'clonepermissionsfrom' => 'moodle/course:update'
1017     ),
1019     'moodle/course:changelockedcustomfields' => array(
1021         'riskbitmask' => RISK_SPAM,
1023         'captype' => 'write',
1024         'contextlevel' => CONTEXT_COURSE,
1025         'archetypes' => array(
1026             'manager' => CAP_ALLOW
1027         ),
1028     ),
1030     'moodle/course:configurecustomfields' => array(
1032         'riskbitmask' => RISK_SPAM,
1034         'captype' => 'write',
1035         'contextlevel' => CONTEXT_SYSTEM,
1036         'clonepermissionsfrom' => 'moodle/site:config'
1037     ),
1039     'moodle/course:renameroles' => array(
1040         'captype' => 'write',
1041         'contextlevel' => CONTEXT_COURSE,
1042         'archetypes' => array(
1043             'editingteacher' => CAP_ALLOW,
1044             'manager' => CAP_ALLOW
1045         ),
1046         'clonepermissionsfrom' => 'moodle/course:update'
1047     ),
1049     'moodle/course:changeidnumber' => array(
1051         'riskbitmask' => RISK_XSS,
1053         'captype' => 'write',
1054         'contextlevel' => CONTEXT_COURSE,
1055         'archetypes' => array(
1056             'editingteacher' => CAP_ALLOW,
1057             'manager' => CAP_ALLOW
1058         ),
1059         'clonepermissionsfrom' => 'moodle/course:update'
1060     ),
1061     'moodle/course:changecategory' => array(
1062         'riskbitmask' => RISK_XSS,
1064         'captype' => 'write',
1065         'contextlevel' => CONTEXT_COURSE,
1066         'archetypes' => array(
1067             'editingteacher' => CAP_ALLOW,
1068             'manager' => CAP_ALLOW
1069         ),
1070         'clonepermissionsfrom' => 'moodle/course:update'
1071     ),
1073     'moodle/course:changesummary' => array(
1074         'riskbitmask' => RISK_XSS,
1076         'captype' => 'write',
1077         'contextlevel' => CONTEXT_COURSE,
1078         'archetypes' => array(
1079             'editingteacher' => CAP_ALLOW,
1080             'manager' => CAP_ALLOW
1081         ),
1082         'clonepermissionsfrom' => 'moodle/course:update'
1083     ),
1085     'moodle/course:setforcedlanguage' => array(
1086         'captype' => 'write',
1087         'contextlevel' => CONTEXT_COURSE,
1088         'archetypes' => array(
1089             'editingteacher' => CAP_ALLOW,
1090             'manager' => CAP_ALLOW
1091         ),
1092         'clonepermissionsfrom' => 'moodle/course:update'
1093     ),
1096     'moodle/site:viewparticipants' => array(
1098         'captype' => 'read',
1099         'contextlevel' => CONTEXT_SYSTEM,
1100         'archetypes' => array(
1101             'manager' => CAP_ALLOW
1102         )
1103     ),
1105     'moodle/course:isincompletionreports' => array(
1106         'captype' => 'read',
1107         'contextlevel' => CONTEXT_COURSE,
1108         'archetypes' => array(
1109             'student' => CAP_ALLOW,
1110         ),
1111     ),
1113     'moodle/course:viewscales' => array(
1115         'captype' => 'read',
1116         'contextlevel' => CONTEXT_COURSE,
1117         'archetypes' => array(
1118             'student' => CAP_ALLOW,
1119             'teacher' => CAP_ALLOW,
1120             'editingteacher' => CAP_ALLOW,
1121             'manager' => CAP_ALLOW
1122         )
1123     ),
1125     'moodle/course:managescales' => array(
1127         'captype' => 'write',
1128         'contextlevel' => CONTEXT_COURSE,
1129         'archetypes' => array(
1130             'editingteacher' => CAP_ALLOW,
1131             'manager' => CAP_ALLOW
1132         )
1133     ),
1135     'moodle/course:managegroups' => array(
1136         'riskbitmask' => RISK_XSS,
1138         'captype' => 'write',
1139         'contextlevel' => CONTEXT_COURSE,
1140         'archetypes' => array(
1141             'editingteacher' => CAP_ALLOW,
1142             'manager' => CAP_ALLOW
1143         )
1144     ),
1146     'moodle/course:reset' => array(
1148         'riskbitmask' => RISK_DATALOSS,
1150         'captype' => 'write',
1151         'contextlevel' => CONTEXT_COURSE,
1152         'archetypes' => array(
1153             'editingteacher' => CAP_ALLOW,
1154             'manager' => CAP_ALLOW
1155         )
1156     ),
1158     'moodle/course:viewsuspendedusers' => array(
1160         'captype' => 'read',
1161         'contextlevel' => CONTEXT_COURSE,
1162         'archetypes' => array(
1163             'editingteacher' => CAP_ALLOW,
1164             'manager' => CAP_ALLOW
1165         )
1166     ),
1168     'moodle/course:tag' => array(
1169         'riskbitmask' => RISK_SPAM,
1170         'captype' => 'write',
1171         'contextlevel' => CONTEXT_COURSE,
1172         'archetypes' => array(
1173             'manager' => CAP_ALLOW,
1174             'editingteacher' => CAP_ALLOW,
1175         ),
1176         'clonepermissionsfrom' => 'moodle/course:update'
1177     ),
1179     'moodle/blog:view' => array(
1181         'captype' => 'read',
1182         'contextlevel' => CONTEXT_SYSTEM,
1183         'archetypes' => array(
1184             'guest' => CAP_ALLOW,
1185             'user' => CAP_ALLOW,
1186             'student' => CAP_ALLOW,
1187             'teacher' => CAP_ALLOW,
1188             'editingteacher' => CAP_ALLOW,
1189             'manager' => CAP_ALLOW
1190         )
1191     ),
1193     'moodle/blog:search' => array(
1194         'captype' => 'read',
1195         'contextlevel' => CONTEXT_SYSTEM,
1196         'archetypes' => array(
1197             'guest' => CAP_ALLOW,
1198             'user' => CAP_ALLOW,
1199             'student' => CAP_ALLOW,
1200             'teacher' => CAP_ALLOW,
1201             'editingteacher' => CAP_ALLOW,
1202             'manager' => CAP_ALLOW
1203         )
1204     ),
1206     'moodle/blog:viewdrafts' => array(
1208         'riskbitmask' => RISK_PERSONAL,
1209         'captype' => 'read',
1210         'contextlevel' => CONTEXT_SYSTEM,
1211         'archetypes' => array(
1212             'manager' => CAP_ALLOW
1213         )
1214     ),
1216     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1218         'riskbitmask' => RISK_SPAM,
1220         'captype' => 'write',
1221         'contextlevel' => CONTEXT_SYSTEM,
1222         'archetypes' => array(
1223             'user' => CAP_ALLOW,
1224             'manager' => CAP_ALLOW
1225         )
1226     ),
1228     'moodle/blog:manageentries' => array(
1230         'riskbitmask' => RISK_SPAM,
1232         'captype' => 'write',
1233         'contextlevel' => CONTEXT_SYSTEM,
1234         'archetypes' => array(
1235             'teacher' => CAP_ALLOW,
1236             'editingteacher' => CAP_ALLOW,
1237             'manager' => CAP_ALLOW
1238         )
1239     ),
1241     'moodle/blog:manageexternal' => array(
1243         'riskbitmask' => RISK_SPAM,
1245         'captype' => 'write',
1246         'contextlevel' => CONTEXT_SYSTEM,
1247         'archetypes' => array(
1248             'student' => CAP_ALLOW,
1249             'user' => CAP_ALLOW,
1250             'teacher' => CAP_ALLOW,
1251             'editingteacher' => CAP_ALLOW,
1252             'manager' => CAP_ALLOW
1253         )
1254     ),
1256     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1258         'riskbitmask' => RISK_SPAM,
1260         'captype' => 'write',
1261         'contextlevel' => CONTEXT_COURSE,
1262         'archetypes' => array(
1263             'user' => CAP_ALLOW,
1264             'manager' => CAP_ALLOW
1265         )
1266     ),
1268     'moodle/calendar:managegroupentries' => array(
1270         'riskbitmask' => RISK_SPAM,
1272         'captype' => 'write',
1273         'contextlevel' => CONTEXT_COURSE,
1274         'archetypes' => array(
1275             'teacher' => CAP_ALLOW,
1276             'editingteacher' => CAP_ALLOW,
1277             'manager' => CAP_ALLOW
1278         )
1279     ),
1281     'moodle/calendar:manageentries' => array(
1283         'riskbitmask' => RISK_SPAM,
1285         'captype' => 'write',
1286         'contextlevel' => CONTEXT_COURSE,
1287         'archetypes' => array(
1288             'teacher' => CAP_ALLOW,
1289             'editingteacher' => CAP_ALLOW,
1290             'manager' => CAP_ALLOW
1291         )
1292     ),
1294     'moodle/user:editprofile' => array(
1296         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1298         'captype' => 'write',
1299         'contextlevel' => CONTEXT_USER,
1300         'archetypes' => array(
1301             'manager' => CAP_ALLOW
1302         )
1303     ),
1305     'moodle/user:editownprofile' => array(
1307         'riskbitmask' => RISK_SPAM,
1309         'captype' => 'write',
1310         'contextlevel' => CONTEXT_SYSTEM,
1311         'archetypes' => array(
1312             'guest' => CAP_PROHIBIT,
1313             'user' => CAP_ALLOW,
1314             'manager' => CAP_ALLOW
1315         )
1316     ),
1318     'moodle/user:changeownpassword' => array(
1320         'captype' => 'write',
1321         'contextlevel' => CONTEXT_SYSTEM,
1322         'archetypes' => array(
1323             'guest' => CAP_PROHIBIT,
1324             'user' => CAP_ALLOW,
1325             'manager' => CAP_ALLOW
1326         )
1327     ),
1329     // The next 3 might make no sense for some roles, e.g teacher, etc.
1330     // since the next level up is site. These are more for the parent role
1331     'moodle/user:readuserposts' => array(
1333         'captype' => 'read',
1334         'contextlevel' => CONTEXT_USER,
1335         'archetypes' => array(
1336             'student' => CAP_ALLOW,
1337             'teacher' => CAP_ALLOW,
1338             'editingteacher' => CAP_ALLOW,
1339             'manager' => CAP_ALLOW
1340         )
1341     ),
1343     'moodle/user:readuserblogs' => array(
1345         'captype' => 'read',
1346         'contextlevel' => CONTEXT_USER,
1347         'archetypes' => array(
1348             'student' => CAP_ALLOW,
1349             'teacher' => CAP_ALLOW,
1350             'editingteacher' => CAP_ALLOW,
1351             'manager' => CAP_ALLOW
1352         )
1353     ),
1355     // designed for parent role - not used in legacy roles
1356     'moodle/user:viewuseractivitiesreport' => array(
1357         'riskbitmask' => RISK_PERSONAL,
1359         'captype' => 'read',
1360         'contextlevel' => CONTEXT_USER,
1361         'archetypes' => array(
1362         )
1363     ),
1365     //capabilities designed for the new message system configuration
1366     'moodle/user:editmessageprofile' => array(
1368          'riskbitmask' => RISK_SPAM,
1370          'captype' => 'write',
1371          'contextlevel' => CONTEXT_USER,
1372          'archetypes' => array(
1373              'manager' => CAP_ALLOW
1374          )
1375      ),
1377      'moodle/user:editownmessageprofile' => array(
1379          'captype' => 'write',
1380          'contextlevel' => CONTEXT_SYSTEM,
1381          'archetypes' => array(
1382              'guest' => CAP_PROHIBIT,
1383              'user' => CAP_ALLOW,
1384              'manager' => CAP_ALLOW
1385          )
1386      ),
1388     'moodle/question:managecategory' => array(
1389         'riskbitmask' => RISK_SPAM | RISK_XSS,
1390         'captype' => 'write',
1391         'contextlevel' => CONTEXT_COURSE,
1392         'archetypes' => array(
1393             'editingteacher' => CAP_ALLOW,
1394             'manager' => CAP_ALLOW
1395         )
1396     ),
1398     //new in moodle 1.9
1399     'moodle/question:add' => array(
1400         'riskbitmask' => RISK_SPAM | RISK_XSS,
1401         'captype' => 'write',
1402         'contextlevel' => CONTEXT_COURSE,
1403         'archetypes' => array(
1404             'editingteacher' => CAP_ALLOW,
1405             'manager' => CAP_ALLOW
1406         ),
1407         'clonepermissionsfrom' =>  'moodle/question:manage'
1408     ),
1409     'moodle/question:editmine' => array(
1410         'riskbitmask' => RISK_SPAM | RISK_XSS,
1411         'captype' => 'write',
1412         'contextlevel' => CONTEXT_COURSE,
1413         'archetypes' => array(
1414             'editingteacher' => CAP_ALLOW,
1415             'manager' => CAP_ALLOW
1416         ),
1417         'clonepermissionsfrom' =>  'moodle/question:manage'
1418     ),
1419     'moodle/question:editall' => array(
1420         'riskbitmask' => RISK_SPAM | RISK_XSS,
1421         'captype' => 'write',
1422         'contextlevel' => CONTEXT_COURSE,
1423         'archetypes' => array(
1424             'editingteacher' => CAP_ALLOW,
1425             'manager' => CAP_ALLOW
1426         ),
1427         'clonepermissionsfrom' =>  'moodle/question:manage'
1428     ),
1429     'moodle/question:viewmine' => array(
1430         'captype' => 'read',
1431         'contextlevel' => CONTEXT_COURSE,
1432         'archetypes' => array(
1433             'editingteacher' => CAP_ALLOW,
1434             'manager' => CAP_ALLOW
1435         ),
1436         'clonepermissionsfrom' =>  'moodle/question:manage'
1437     ),
1438     'moodle/question:viewall' => array(
1439         'captype' => 'read',
1440         'contextlevel' => CONTEXT_COURSE,
1441         'archetypes' => array(
1442             'editingteacher' => CAP_ALLOW,
1443             'manager' => CAP_ALLOW
1444         ),
1445         'clonepermissionsfrom' =>  'moodle/question:manage'
1446     ),
1447     'moodle/question:usemine' => array(
1448         'captype' => 'read',
1449         'contextlevel' => CONTEXT_COURSE,
1450         'archetypes' => array(
1451             'editingteacher' => CAP_ALLOW,
1452             'manager' => CAP_ALLOW
1453         ),
1454         'clonepermissionsfrom' =>  'moodle/question:manage'
1455     ),
1456     'moodle/question:useall' => array(
1457         'captype' => 'read',
1458         'contextlevel' => CONTEXT_COURSE,
1459         'archetypes' => array(
1460             'editingteacher' => CAP_ALLOW,
1461             'manager' => CAP_ALLOW
1462         ),
1463         'clonepermissionsfrom' =>  'moodle/question:manage'
1464     ),
1465     'moodle/question:movemine' => array(
1466         'captype' => 'write',
1467         'contextlevel' => CONTEXT_COURSE,
1468         'archetypes' => array(
1469             'editingteacher' => CAP_ALLOW,
1470             'manager' => CAP_ALLOW
1471         ),
1472         'clonepermissionsfrom' =>  'moodle/question:manage'
1473     ),
1474     'moodle/question:moveall' => array(
1475         'captype' => 'write',
1476         'contextlevel' => CONTEXT_COURSE,
1477         'archetypes' => array(
1478             'editingteacher' => CAP_ALLOW,
1479             'manager' => CAP_ALLOW
1480         ),
1481         'clonepermissionsfrom' =>  'moodle/question:manage'
1482     ),
1483     //END new in moodle 1.9
1485     // Configure the installed question types.
1486     'moodle/question:config' => array(
1487         'riskbitmask' => RISK_CONFIG,
1488         'captype' => 'write',
1489         'contextlevel' => CONTEXT_SYSTEM,
1490         'archetypes' => array(
1491             'manager' => CAP_ALLOW
1492         )
1493     ),
1495     // While attempting questions, the ability to flag particular questions for later reference.
1496     'moodle/question:flag' => array(
1497         'captype' => 'write',
1498         'contextlevel' => CONTEXT_COURSE,
1499         'archetypes' => array(
1500             'student' => CAP_ALLOW,
1501             'teacher' => CAP_ALLOW,
1502             'editingteacher' => CAP_ALLOW,
1503             'manager' => CAP_ALLOW
1504         )
1505     ),
1507     // Controls whether the user can tag his own questions.
1508     'moodle/question:tagmine' => array(
1509         'captype' => 'write',
1510         'contextlevel' => CONTEXT_COURSE,
1511         'archetypes' => array(
1512             'editingteacher' => CAP_ALLOW,
1513             'manager' => CAP_ALLOW
1514         ),
1515         'clonepermissionsfrom' => 'moodle/question:editmine'
1516     ),
1518     // Controls whether the user can tag all questions.
1519     'moodle/question:tagall' => array(
1520         'captype' => 'write',
1521         'contextlevel' => CONTEXT_COURSE,
1522         'archetypes' => array(
1523             'editingteacher' => CAP_ALLOW,
1524             'manager' => CAP_ALLOW
1525         ),
1526         'clonepermissionsfrom' => 'moodle/question:editall'
1527     ),
1529     'moodle/site:doclinks' => array(
1530         'captype' => 'read',
1531         'contextlevel' => CONTEXT_SYSTEM,
1532         'archetypes' => array(
1533             'teacher' => CAP_ALLOW,
1534             'editingteacher' => CAP_ALLOW,
1535             'manager' => CAP_ALLOW
1536         )
1537     ),
1539     'moodle/course:sectionvisibility' => array(
1541         'captype' => 'write',
1542         'contextlevel' => CONTEXT_COURSE,
1543         'archetypes' => array(
1544             'editingteacher' => CAP_ALLOW,
1545             'manager' => CAP_ALLOW
1546         )
1547     ),
1549     'moodle/course:useremail' => array(
1551         'captype' => 'write',
1552         'contextlevel' => CONTEXT_COURSE,
1553         'archetypes' => array(
1554             'editingteacher' => CAP_ALLOW,
1555             'manager' => CAP_ALLOW
1556         )
1557     ),
1559     'moodle/course:viewhiddensections' => array(
1561         'captype' => 'write',
1562         'contextlevel' => CONTEXT_COURSE,
1563         'archetypes' => array(
1564             'editingteacher' => CAP_ALLOW,
1565             'manager' => CAP_ALLOW
1566         )
1567     ),
1569     'moodle/course:setcurrentsection' => array(
1571         'captype' => 'write',
1572         'contextlevel' => CONTEXT_COURSE,
1573         'archetypes' => array(
1574             'editingteacher' => CAP_ALLOW,
1575             'manager' => CAP_ALLOW
1576         )
1577     ),
1579     'moodle/course:movesections' => array(
1581         'captype' => 'write',
1582         'contextlevel' => CONTEXT_COURSE,
1583         'archetypes' => array(
1584             'editingteacher' => CAP_ALLOW,
1585             'manager' => CAP_ALLOW
1586         ),
1587         'clonepermissionsfrom' => 'moodle/course:update'
1588     ),
1590     'moodle/site:mnetlogintoremote' => array(
1592         'captype' => 'read',
1593         'contextlevel' => CONTEXT_SYSTEM,
1594         'archetypes' => array(
1595         )
1596     ),
1598     'moodle/grade:viewall' => array(
1599         'riskbitmask' => RISK_PERSONAL,
1600         'captype' => 'read',
1601         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1602         'archetypes' => array(
1603             'teacher' => CAP_ALLOW,
1604             'editingteacher' => CAP_ALLOW,
1605             'manager' => CAP_ALLOW
1606         ),
1607         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1608     ),
1610     'moodle/grade:view' => array(
1611         'captype' => 'read',
1612         'contextlevel' => CONTEXT_COURSE,
1613         'archetypes' => array(
1614             'student' => CAP_ALLOW
1615         )
1616     ),
1618     'moodle/grade:viewhidden' => array(
1619         'riskbitmask' => RISK_PERSONAL,
1620         'captype' => 'read',
1621         'contextlevel' => CONTEXT_COURSE,
1622         'archetypes' => array(
1623             'teacher' => CAP_ALLOW,
1624             'editingteacher' => CAP_ALLOW,
1625             'manager' => CAP_ALLOW
1626         ),
1627         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1628     ),
1630     'moodle/grade:import' => array(
1631         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1632         'captype' => 'write',
1633         'contextlevel' => CONTEXT_COURSE,
1634         'archetypes' => array(
1635             'editingteacher' => CAP_ALLOW,
1636             'manager' => CAP_ALLOW
1637         ),
1638         'clonepermissionsfrom' => 'moodle/course:managegrades'
1639     ),
1641     'moodle/grade:export' => array(
1642         'riskbitmask' => RISK_PERSONAL,
1643         'captype' => 'read',
1644         'contextlevel' => CONTEXT_COURSE,
1645         'archetypes' => array(
1646             'teacher' => CAP_ALLOW,
1647             'editingteacher' => CAP_ALLOW,
1648             'manager' => CAP_ALLOW
1649         ),
1650         'clonepermissionsfrom' => 'moodle/course:managegrades'
1651     ),
1653     'moodle/grade:manage' => array(
1654         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1655         'captype' => 'write',
1656         'contextlevel' => CONTEXT_COURSE,
1657         'archetypes' => array(
1658             'editingteacher' => CAP_ALLOW,
1659             'manager' => CAP_ALLOW
1660         ),
1661         'clonepermissionsfrom' => 'moodle/course:managegrades'
1662     ),
1664     'moodle/grade:edit' => array(
1665         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1666         'captype' => 'write',
1667         'contextlevel' => CONTEXT_COURSE,
1668         'archetypes' => array(
1669             'editingteacher' => CAP_ALLOW,
1670             'manager' => CAP_ALLOW
1671         ),
1672         'clonepermissionsfrom' => 'moodle/course:managegrades'
1673     ),
1675     // ability to define advanced grading forms in activities either from scratch
1676     // or from a shared template
1677     'moodle/grade:managegradingforms' => array(
1678         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1679         'captype' => 'write',
1680         'contextlevel' => CONTEXT_COURSE,
1681         'archetypes' => array(
1682             'editingteacher' => CAP_ALLOW,
1683             'manager' => CAP_ALLOW
1684         ),
1685         'clonepermissionsfrom' => 'moodle/course:managegrades'
1686     ),
1688     // ability to save a grading form as a new shared template and eventually edit
1689     // and remove own templates (templates originally shared by that user)
1690     'moodle/grade:sharegradingforms' => array(
1691         'riskbitmask' => RISK_XSS,
1692         'captype' => 'write',
1693         'contextlevel' => CONTEXT_SYSTEM,
1694         'archetypes' => array(
1695             'manager' => CAP_ALLOW
1696         ),
1697     ),
1699     // ability to edit and remove any shared template, even those originally shared
1700     // by other users
1701     'moodle/grade:managesharedforms' => array(
1702         'riskbitmask' => RISK_XSS,
1703         'captype' => 'write',
1704         'contextlevel' => CONTEXT_SYSTEM,
1705         'archetypes' => array(
1706             'manager' => CAP_ALLOW
1707         ),
1708     ),
1710     'moodle/grade:manageoutcomes' => array(
1711         'captype' => 'write',
1712         'contextlevel' => CONTEXT_COURSE,
1713         'archetypes' => array(
1714             'editingteacher' => CAP_ALLOW,
1715             'manager' => CAP_ALLOW
1716         ),
1717         'clonepermissionsfrom' => 'moodle/course:managegrades'
1718     ),
1720     'moodle/grade:manageletters' => array(
1721         'captype' => 'write',
1722         'contextlevel' => CONTEXT_COURSE,
1723         'archetypes' => array(
1724             'editingteacher' => CAP_ALLOW,
1725             'manager' => CAP_ALLOW
1726         ),
1727         'clonepermissionsfrom' => 'moodle/course:managegrades'
1728     ),
1730     'moodle/grade:hide' => array(
1731         'captype' => 'write',
1732         'contextlevel' => CONTEXT_COURSE,
1733         'archetypes' => array(
1734             'editingteacher' => CAP_ALLOW,
1735             'manager' => CAP_ALLOW
1736         )
1737     ),
1739     'moodle/grade:lock' => array(
1740         'captype' => 'write',
1741         'contextlevel' => CONTEXT_COURSE,
1742         'archetypes' => array(
1743             'editingteacher' => CAP_ALLOW,
1744             'manager' => CAP_ALLOW
1745         )
1746     ),
1748     'moodle/grade:unlock' => array(
1749         'captype' => 'write',
1750         'contextlevel' => CONTEXT_COURSE,
1751         'archetypes' => array(
1752             'editingteacher' => CAP_ALLOW,
1753             'manager' => CAP_ALLOW
1754         )
1755     ),
1757     'moodle/my:manageblocks' => array(
1758         'captype' => 'write',
1759         'contextlevel' => CONTEXT_SYSTEM,
1760         'archetypes' => array(
1761             'user' => CAP_ALLOW
1762         )
1763     ),
1765     'moodle/notes:view' => array(
1766         'captype' => 'read',
1767         'contextlevel' => CONTEXT_COURSE,
1768         'archetypes' => array(
1769             'teacher' => CAP_ALLOW,
1770             'editingteacher' => CAP_ALLOW,
1771             'manager' => CAP_ALLOW
1772         )
1773     ),
1775     'moodle/notes:manage' => array(
1776         'riskbitmask' => RISK_SPAM,
1778         'captype' => 'write',
1779         'contextlevel' => CONTEXT_COURSE,
1780         'archetypes' => array(
1781             'teacher' => CAP_ALLOW,
1782             'editingteacher' => CAP_ALLOW,
1783             'manager' => CAP_ALLOW
1784         )
1785     ),
1787     'moodle/tag:manage' => array(
1788         'riskbitmask' => RISK_SPAM,
1790         'captype' => 'write',
1791         'contextlevel' => CONTEXT_SYSTEM,
1792         'archetypes' => array(
1793             'manager' => CAP_ALLOW
1794         )
1795     ),
1797     'moodle/tag:edit' => array(
1798         'riskbitmask' => RISK_SPAM,
1800         'captype' => 'write',
1801         'contextlevel' => CONTEXT_SYSTEM,
1802         'archetypes' => array(
1803             'manager' => CAP_ALLOW
1804         )
1805     ),
1807     'moodle/tag:flag' => array(
1808         'riskbitmask' => RISK_SPAM,
1810         'captype' => 'write',
1811         'contextlevel' => CONTEXT_SYSTEM,
1812         'archetypes' => array(
1813             'user' => CAP_ALLOW
1814         )
1815     ),
1817     'moodle/tag:editblocks' => array(
1818         'captype' => 'write',
1819         'contextlevel' => CONTEXT_SYSTEM,
1820         'archetypes' => array(
1821             'teacher' => CAP_ALLOW,
1822             'editingteacher' => CAP_ALLOW,
1823             'manager' => CAP_ALLOW
1824         )
1825     ),
1827     'moodle/block:view' => array(
1828         'captype' => 'read',
1829         'contextlevel' => CONTEXT_BLOCK,
1830         'archetypes' => array(
1831             'guest' => CAP_ALLOW,
1832             'user' => CAP_ALLOW,
1833             'student' => CAP_ALLOW,
1834             'teacher' => CAP_ALLOW,
1835             'editingteacher' => CAP_ALLOW,
1836         )
1837     ),
1839     'moodle/block:edit' => array(
1840         'riskbitmask' => RISK_SPAM | RISK_XSS,
1842         'captype' => 'write',
1843         'contextlevel' => CONTEXT_BLOCK,
1844         'archetypes' => array(
1845             'editingteacher' => CAP_ALLOW,
1846             'manager' => CAP_ALLOW
1847         )
1848     ),
1850     'moodle/portfolio:export' => array(
1851         'captype' => 'read',
1852         'contextlevel' => CONTEXT_SYSTEM,
1853         'archetypes' => array(
1854             'user' => CAP_ALLOW,
1855             'student' => CAP_ALLOW,
1856             'teacher' => CAP_ALLOW,
1857             'editingteacher' => CAP_ALLOW,
1858         )
1859     ),
1860     'moodle/comment:view' => array(
1861         'captype' => 'read',
1862         'contextlevel' => CONTEXT_COURSE,
1863         'archetypes' => array(
1864             'frontpage' => CAP_ALLOW,
1865             'guest' => CAP_ALLOW,
1866             'user' => CAP_ALLOW,
1867             'student' => CAP_ALLOW,
1868             'teacher' => CAP_ALLOW,
1869             'editingteacher' => CAP_ALLOW,
1870             'manager' => CAP_ALLOW
1871         )
1872     ),
1873     'moodle/comment:post' => array(
1875         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1876         'captype' => 'write',
1877         'contextlevel' => CONTEXT_COURSE,
1878         'archetypes' => array(
1879             'user' => CAP_ALLOW,
1880             'student' => CAP_ALLOW,
1881             'teacher' => CAP_ALLOW,
1882             'editingteacher' => CAP_ALLOW,
1883             'manager' => CAP_ALLOW
1884         )
1885     ),
1886     'moodle/comment:delete' => array(
1888         'riskbitmask' => RISK_DATALOSS,
1889         'captype' => 'write',
1890         'contextlevel' => CONTEXT_COURSE,
1891         'archetypes' => array(
1892             'editingteacher' => CAP_ALLOW,
1893             'manager' => CAP_ALLOW
1894         )
1895     ),
1896     'moodle/webservice:createtoken' => array(
1898         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1899         'captype' => 'write',
1900         'contextlevel' => CONTEXT_SYSTEM,
1901         'archetypes' => array(
1902             'manager' => CAP_ALLOW
1903         )
1904     ),
1905     'moodle/webservice:managealltokens' => array(
1907         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL,
1908         'captype' => 'write',
1909         'contextlevel' => CONTEXT_SYSTEM,
1910         'archetypes' => array()
1911     ),
1912     'moodle/webservice:createmobiletoken' => array(
1914         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1915         'captype' => 'write',
1916         'contextlevel' => CONTEXT_SYSTEM,
1917         'archetypes' => array(
1918             'user' => CAP_ALLOW
1919         )
1920     ),
1921     'moodle/rating:view' => array(
1923         'captype' => 'read',
1924         'contextlevel' => CONTEXT_COURSE,
1925         'archetypes' => array(
1926             'user' => CAP_ALLOW,
1927             'student' => CAP_ALLOW,
1928             'teacher' => CAP_ALLOW,
1929             'editingteacher' => CAP_ALLOW,
1930             'manager' => CAP_ALLOW
1931         )
1932     ),
1933     'moodle/rating:viewany' => array(
1935         'riskbitmask' => RISK_PERSONAL,
1936         'captype' => 'read',
1937         'contextlevel' => CONTEXT_COURSE,
1938         'archetypes' => array(
1939             'user' => CAP_ALLOW,
1940             'student' => CAP_ALLOW,
1941             'teacher' => CAP_ALLOW,
1942             'editingteacher' => CAP_ALLOW,
1943             'manager' => CAP_ALLOW
1944         )
1945     ),
1946     'moodle/rating:viewall' => array(
1948         'riskbitmask' => RISK_PERSONAL,
1949         'captype' => 'read',
1950         'contextlevel' => CONTEXT_COURSE,
1951         'archetypes' => array(
1952             'user' => CAP_ALLOW,
1953             'student' => CAP_ALLOW,
1954             'teacher' => CAP_ALLOW,
1955             'editingteacher' => CAP_ALLOW,
1956             'manager' => CAP_ALLOW
1957         )
1958     ),
1959     'moodle/rating:rate' => array(
1961         'captype' => 'write',
1962         'contextlevel' => CONTEXT_COURSE,
1963         'archetypes' => array(
1964             'user' => CAP_ALLOW,
1965             'student' => CAP_ALLOW,
1966             'teacher' => CAP_ALLOW,
1967             'editingteacher' => CAP_ALLOW,
1968             'manager' => CAP_ALLOW
1969         )
1970     ),
1971     'moodle/course:markcomplete' => array(
1972         'captype' => 'write',
1973         'contextlevel' => CONTEXT_COURSE,
1974         'archetypes' => array(
1975             'teacher' => CAP_ALLOW,
1976             'editingteacher' => CAP_ALLOW,
1977             'manager' => CAP_ALLOW
1978         )
1979     ),
1980     'moodle/course:overridecompletion' => array(
1981         'captype' => 'write',
1982         'contextlevel' => CONTEXT_COURSE,
1983         'archetypes' => array(
1984             'teacher' => CAP_ALLOW,
1985             'editingteacher' => CAP_ALLOW,
1986             'manager' => CAP_ALLOW
1987         )
1988     ),
1990     // Badges.
1991     'moodle/badges:manageglobalsettings' => array(
1992         'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
1993         'captype'      => 'write',
1994         'contextlevel' => CONTEXT_SYSTEM,
1995         'archetypes'   => array(
1996             'manager'       => CAP_ALLOW,
1997         )
1998     ),
2000     // View available badges without earning them.
2001     'moodle/badges:viewbadges' => array(
2002         'captype'       => 'read',
2003         'contextlevel'  => CONTEXT_COURSE,
2004         'archetypes'    => array(
2005             'user'          => CAP_ALLOW,
2006         )
2007     ),
2009     // Manage badges on own private badges page.
2010     'moodle/badges:manageownbadges' => array(
2011         'riskbitmap'    => RISK_SPAM,
2012         'captype'       => 'write',
2013         'contextlevel'  => CONTEXT_USER,
2014         'archetypes'    => array(
2015             'user'    => CAP_ALLOW
2016         )
2017     ),
2019     // View public badges in other users' profiles.
2020     'moodle/badges:viewotherbadges' => array(
2021         'riskbitmap'    => RISK_PERSONAL,
2022         'captype'       => 'read',
2023         'contextlevel'  => CONTEXT_USER,
2024         'archetypes'    => array(
2025             'user'    => CAP_ALLOW
2026         )
2027     ),
2029     // Earn badge.
2030     'moodle/badges:earnbadge' => array(
2031         'captype'       => 'write',
2032         'contextlevel'  => CONTEXT_COURSE,
2033         'archetypes'    => array(
2034             'user'           => CAP_ALLOW,
2035         )
2036     ),
2038     // Create/duplicate badges.
2039     'moodle/badges:createbadge' => array(
2040         'riskbitmask'  => RISK_SPAM,
2041         'captype'      => 'write',
2042         'contextlevel' => CONTEXT_COURSE,
2043         'archetypes'   => array(
2044             'manager'        => CAP_ALLOW,
2045             'editingteacher' => CAP_ALLOW,
2046         )
2047     ),
2049     // Delete badges.
2050     'moodle/badges:deletebadge' => array(
2051         'riskbitmask'  => RISK_DATALOSS,
2052         'captype'      => 'write',
2053         'contextlevel' => CONTEXT_COURSE,
2054         'archetypes'   => array(
2055             'manager'        => CAP_ALLOW,
2056             'editingteacher' => CAP_ALLOW,
2057         )
2058     ),
2060     // Set up/edit badge details.
2061     'moodle/badges:configuredetails' => array(
2062         'riskbitmask'  => RISK_SPAM,
2063         'captype'      => 'write',
2064         'contextlevel' => CONTEXT_COURSE,
2065         'archetypes'   => array(
2066             'manager'        => CAP_ALLOW,
2067             'editingteacher' => CAP_ALLOW,
2068         )
2069     ),
2071     // Set up/edit criteria of earning a badge.
2072     'moodle/badges:configurecriteria' => array(
2073         'riskbitmask'  => RISK_XSS,
2074         'captype'      => 'write',
2075         'contextlevel' => CONTEXT_COURSE,
2076         'archetypes'   => array(
2077             'manager'        => CAP_ALLOW,
2078             'editingteacher' => CAP_ALLOW,
2079         )
2080     ),
2082     // Configure badge messages.
2083     'moodle/badges:configuremessages' => array(
2084         'riskbitmask'  => RISK_SPAM,
2085         'captype'      => 'write',
2086         'contextlevel' => CONTEXT_COURSE,
2087         'archetypes'   => array(
2088             'manager'        => CAP_ALLOW,
2089             'editingteacher' => CAP_ALLOW,
2090         )
2091     ),
2093     // Award badge to a user.
2094     'moodle/badges:awardbadge' => array(
2095         'riskbitmask'  => RISK_SPAM,
2096         'captype'      => 'write',
2097         'contextlevel' => CONTEXT_COURSE,
2098         'archetypes'   => array(
2099             'manager'        => CAP_ALLOW,
2100             'teacher'        => CAP_ALLOW,
2101             'editingteacher' => CAP_ALLOW,
2102         )
2103     ),
2105     // Revoke badge from a user.
2106     'moodle/badges:revokebadge' => array(
2107         'riskbitmask'  => RISK_SPAM,
2108         'captype'      => 'write',
2109         'contextlevel' => CONTEXT_COURSE,
2110         'archetypes'   => array(
2111             'manager'        => CAP_ALLOW,
2112             'teacher'        => CAP_ALLOW,
2113             'editingteacher' => CAP_ALLOW,
2114         )
2115     ),
2117     // View users who earned a specific badge without being able to award a badge.
2118     'moodle/badges:viewawarded' => array(
2119         'riskbitmask'  => RISK_PERSONAL,
2120         'captype'      => 'read',
2121         'contextlevel' => CONTEXT_COURSE,
2122         'archetypes'   => array(
2123                 'manager'        => CAP_ALLOW,
2124                 'teacher'        => CAP_ALLOW,
2125                 'editingteacher' => CAP_ALLOW,
2126         )
2127     ),
2129     'moodle/site:forcelanguage' => array(
2130         'captype' => 'read',
2131         'contextlevel' => CONTEXT_SYSTEM,
2132         'archetypes' => array(
2133         )
2134     ),
2136     // Perform site-wide search queries through the search API.
2137     'moodle/search:query' => array(
2138         'captype' => 'read',
2139         'contextlevel' => CONTEXT_SYSTEM,
2140         'archetypes' => array(
2141             'guest' => CAP_ALLOW,
2142             'user' => CAP_ALLOW,
2143             'student' => CAP_ALLOW,
2144             'teacher' => CAP_ALLOW,
2145             'editingteacher' => CAP_ALLOW,
2146             'manager' => CAP_ALLOW
2147         )
2148     ),
2150     // Competencies.
2151     'moodle/competency:competencymanage' => array(
2152         'captype' => 'write',
2153         'contextlevel' => CONTEXT_COURSECAT,
2154         'archetypes' => array(
2155             'manager' => CAP_ALLOW
2156         )
2157     ),
2158     'moodle/competency:competencyview' => array(
2159         'captype' => 'read',
2160         'contextlevel' => CONTEXT_COURSECAT,
2161         'archetypes' => array(
2162             'user' => CAP_ALLOW
2163         ),
2164     ),
2165     'moodle/competency:competencygrade' => array(
2166         'captype' => 'write',
2167         'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER.
2168         'archetypes' => array(
2169             'editingteacher' => CAP_ALLOW,
2170             'teacher' => CAP_ALLOW,
2171             'manager' => CAP_ALLOW
2172         ),
2173     ),
2174     // Course competencies.
2175     'moodle/competency:coursecompetencymanage' => array(
2176         'captype' => 'write',
2177         'contextlevel' => CONTEXT_COURSE,
2178         'archetypes' => array(
2179             'editingteacher' => CAP_ALLOW,
2180             'manager' => CAP_ALLOW
2181         ),
2182     ),
2183     'moodle/competency:coursecompetencyconfigure' => array(
2184         'captype' => 'write',
2185         'contextlevel' => CONTEXT_MODULE,
2186         'archetypes' => array(
2187             'manager' => CAP_ALLOW
2188         ),
2189     ),
2190     'moodle/competency:coursecompetencygradable' => array(
2191         'captype' => 'read',
2192         'contextlevel' => CONTEXT_COURSE,
2193         'archetypes' => array(
2194             'student' => CAP_ALLOW
2195         ),
2196         'clonepermissionsfrom' => 'moodle/course:isincompletionreports'
2197     ),
2198     'moodle/competency:coursecompetencyview' => array(
2199         'captype' => 'read',
2200         'contextlevel' => CONTEXT_COURSE,
2201         'archetypes' => array(
2202             'user' => CAP_ALLOW
2203         ),
2204     ),
2205     // Evidence.
2206     'moodle/competency:evidencedelete' => array(
2207         'captype' => 'write',
2208         'contextlevel' => CONTEXT_USER,
2209         'archetypes' => array(
2210         ),
2211         'clonepermissionsfrom' => 'moodle/site:config'
2212     ),
2213     // User plans.
2214     'moodle/competency:planmanage' => array(
2215         'captype' => 'write',
2216         'contextlevel' => CONTEXT_USER,
2217         'archetypes' => array(
2218             'manager' => CAP_ALLOW
2219         ),
2220     ),
2221     'moodle/competency:planmanagedraft' => array(
2222         'captype' => 'write',
2223         'contextlevel' => CONTEXT_USER,
2224         'archetypes' => array(
2225             'manager' => CAP_ALLOW
2226         ),
2227     ),
2228     'moodle/competency:planmanageown' => array(
2229         'captype' => 'write',
2230         'contextlevel' => CONTEXT_USER,
2231         'archetypes' => array(
2232         ),
2233     ),
2234     'moodle/competency:planmanageowndraft' => array(
2235         'captype' => 'write',
2236         'contextlevel' => CONTEXT_USER,
2237         'archetypes' => array(
2238         ),
2239     ),
2240     'moodle/competency:planview' => array(
2241         'captype' => 'read',
2242         'contextlevel' => CONTEXT_USER,
2243         'archetypes' => array(
2244             'manager' => CAP_ALLOW
2245         ),
2246     ),
2247     'moodle/competency:planviewdraft' => array(
2248         'captype' => 'read',
2249         'contextlevel' => CONTEXT_USER,
2250         'archetypes' => array(
2251             'manager' => CAP_ALLOW
2252         ),
2253     ),
2254     'moodle/competency:planviewown' => array(
2255         'captype' => 'read',
2256         'contextlevel' => CONTEXT_USER,
2257         'archetypes' => array(
2258             'user' => CAP_ALLOW
2259         ),
2260     ),
2261     'moodle/competency:planviewowndraft' => array(
2262         'captype' => 'read',
2263         'contextlevel' => CONTEXT_USER,
2264         'archetypes' => array(
2265         ),
2266     ),
2267     'moodle/competency:planrequestreview' => array(
2268         'captype' => 'write',
2269         'contextlevel' => CONTEXT_USER,
2270         'archetypes' => array(
2271             'manager' => CAP_ALLOW
2272         )
2273     ),
2274     'moodle/competency:planrequestreviewown' => array(
2275         'captype' => 'write',
2276         'contextlevel' => CONTEXT_USER,
2277         'archetypes' => array(
2278             'user' => CAP_ALLOW
2279         )
2280     ),
2281     'moodle/competency:planreview' => array(
2282         'captype' => 'write',
2283         'contextlevel' => CONTEXT_USER,
2284         'archetypes' => array(
2285             'manager' => CAP_ALLOW
2286         ),
2287     ),
2288     'moodle/competency:plancomment' => array(
2289         'captype' => 'write',
2290         'contextlevel' => CONTEXT_USER,
2291         'archetypes' => array(
2292             'manager' => CAP_ALLOW
2293         ),
2294     ),
2295     'moodle/competency:plancommentown' => array(
2296         'captype' => 'write',
2297         'contextlevel' => CONTEXT_USER,
2298         'archetypes' => array(
2299             'user' => CAP_ALLOW
2300         ),
2301     ),
2302     // User competencies.
2303     'moodle/competency:usercompetencyview' => array(
2304         'captype' => 'read',
2305         'contextlevel' => CONTEXT_USER,     // And CONTEXT_COURSE.
2306         'archetypes' => array(
2307             'manager' => CAP_ALLOW,
2308             'editingteacher' => CAP_ALLOW,
2309             'teacher' => CAP_ALLOW
2310         )
2311     ),
2312     'moodle/competency:usercompetencyrequestreview' => array(
2313         'captype' => 'write',
2314         'contextlevel' => CONTEXT_USER,
2315         'archetypes' => array(
2316             'manager' => CAP_ALLOW
2317         )
2318     ),
2319     'moodle/competency:usercompetencyrequestreviewown' => array(
2320         'captype' => 'write',
2321         'contextlevel' => CONTEXT_USER,
2322         'archetypes' => array(
2323             'user' => CAP_ALLOW
2324         )
2325     ),
2326     'moodle/competency:usercompetencyreview' => array(
2327         'captype' => 'write',
2328         'contextlevel' => CONTEXT_USER,
2329         'archetypes' => array(
2330             'manager' => CAP_ALLOW
2331         ),
2332     ),
2333     'moodle/competency:usercompetencycomment' => array(
2334         'captype' => 'write',
2335         'contextlevel' => CONTEXT_USER,
2336         'archetypes' => array(
2337             'manager' => CAP_ALLOW
2338         ),
2339     ),
2340     'moodle/competency:usercompetencycommentown' => array(
2341         'captype' => 'write',
2342         'contextlevel' => CONTEXT_USER,
2343         'archetypes' => array(
2344             'user' => CAP_ALLOW
2345         ),
2346     ),
2347     // Template.
2348     'moodle/competency:templatemanage' => array(
2349         'captype' => 'write',
2350         'contextlevel' => CONTEXT_COURSECAT,
2351         'archetypes' => array(
2352             'manager' => CAP_ALLOW
2353         ),
2354     ),
2355     'moodle/analytics:listinsights' => array(
2356         'riskbitmask' => RISK_PERSONAL,
2357         'captype' => 'read',
2358         'contextlevel' => CONTEXT_COURSE,
2359         'archetypes' => array(
2360             'teacher' => CAP_ALLOW,
2361             'editingteacher' => CAP_ALLOW,
2362             'manager' => CAP_ALLOW
2363         )
2364     ),
2365     'moodle/analytics:managemodels' => array(
2366         'riskbitmask' => RISK_CONFIG,
2367         'captype' => 'write',
2368         'contextlevel' => CONTEXT_SYSTEM,
2369         'archetypes' => array(
2370             'manager' => CAP_ALLOW
2371         ),
2372     ),
2373     'moodle/competency:templateview' => array(
2374         'captype' => 'read',
2375         'contextlevel' => CONTEXT_COURSECAT,
2376         'archetypes' => array(
2377             'manager' => CAP_ALLOW
2378         ),
2379     ),
2380     // User evidence.
2381     'moodle/competency:userevidencemanage' => array(
2382         'captype' => 'write',
2383         'contextlevel' => CONTEXT_USER,
2384         'archetypes' => array(
2385             'manager' => CAP_ALLOW
2386         ),
2387     ),
2388     'moodle/competency:userevidencemanageown' => array(
2389         'captype' => 'write',
2390         'contextlevel' => CONTEXT_USER,
2391         'archetypes' => array(
2392             'user' => CAP_ALLOW
2393         ),
2394     ),
2395     'moodle/competency:userevidenceview' => array(
2396         'captype' => 'read',
2397         'contextlevel' => CONTEXT_USER,
2398         'archetypes' => array(
2399             'manager' => CAP_ALLOW
2400         ),
2401     ),
2402     'moodle/site:maintenanceaccess' => array(
2403         'captype' => 'write',
2404         'contextlevel' => CONTEXT_SYSTEM,
2405         'archetypes' => array(
2406         )
2407     ),
2408     // Allow message any user, regardlesss of the privacy preferences for messaging.
2409     'moodle/site:messageanyuser' => array(
2410         'riskbitmask' => RISK_SPAM,
2411         'captype' => 'write',
2412         'contextlevel' => CONTEXT_SYSTEM,
2413         'archetypes' => array(
2414             'teacher' => CAP_ALLOW,
2415             'editingteacher' => CAP_ALLOW,
2416             'manager' => CAP_ALLOW
2417         )
2418     ),
2420     // Context locking/unlocking.
2421     'moodle/site:managecontextlocks' => [
2422         'captype' => 'write',
2423         'contextlevel' => CONTEXT_MODULE,
2424         'archetypes' => [
2425         ],
2426     ],
2428     // Manual completion toggling.
2429     'moodle/course:togglecompletion' => [
2430         'captype' => 'write',
2431         'contextlevel' => CONTEXT_MODULE,
2432         'archetypes' => [
2433             'user' => CAP_ALLOW,
2434         ],
2435     ],
2437     'moodle/analytics:listowninsights' => array(
2438         'captype' => 'read',
2439         'contextlevel' => CONTEXT_SYSTEM,
2440         'archetypes' => array(
2441             'user' => CAP_ALLOW
2442         )
2443     ),
2445     // Set display option buttons to an H5P content.
2446     'moodle/h5p:setdisplayoptions' => array(
2447         'captype' => 'write',
2448         'contextlevel' => CONTEXT_MODULE,
2449         'archetypes' => array(
2450             'editingteacher' => CAP_ALLOW,
2451         )
2452     ),
2454     // Allow to deploy H5P content.
2455     'moodle/h5p:deploy' => array(
2456         'riskbitmask' => RISK_XSS,
2457         'captype' => 'write',
2458         'contextlevel' => CONTEXT_MODULE,
2459         'archetypes' => array(
2460             'manager'        => CAP_ALLOW,
2461             'editingteacher' => CAP_ALLOW,
2462         )
2463     ),
2465     // Allow to update H5P content-type libraries.
2466     'moodle/h5p:updatelibraries' => [
2467         'riskbitmask' => RISK_XSS,
2468         'captype' => 'write',
2469         'contextlevel' => CONTEXT_MODULE,
2470         'archetypes' => [
2471             'manager' => CAP_ALLOW,
2472         ]
2473     ],
2474 );