Merged branch wip-MDL-30521 with conflict resolutions
[moodle.git] / lib / db / access.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * Capability definitions for Moodle core.
20  *
21  * The capabilities are loaded into the database table when the module is
22  * installed or updated. Whenever the capability definitions are updated,
23  * the module version number should be bumped up.
24  *
25  * The system has four possible values for a capability:
26  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
27  *
28  *
29  * CAPABILITY NAMING CONVENTION
30  *
31  * It is important that capability names are unique. The naming convention
32  * for capabilities that are specific to modules and blocks is as follows:
33  *   [mod/block]/<plugin_name>:<capabilityname>
34  *
35  * component_name should be the same as the directory name of the mod or block.
36  *
37  * Core moodle capabilities are defined thus:
38  *    moodle/<capabilityclass>:<capabilityname>
39  *
40  * Examples: mod/forum:viewpost
41  *           block/recent_activity:view
42  *           moodle/site:deleteuser
43  *
44  * The variable name for the capability definitions array is $capabilities
45  *
46  * @package    core
47  * @subpackage role
48  * @copyright  2006 onwards Martin Dougiamas  http://dougiamas.com
49  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
50  */
52 defined('MOODLE_INTERNAL') || die();
54 $capabilities = array(
55     'moodle/site:config' => array(
57         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
59         'captype' => 'write',
60         'contextlevel' => CONTEXT_SYSTEM,
61         'archetypes' => array(
62         )
63     ),
65     'moodle/site:readallmessages' => array(
67         'riskbitmask' => RISK_PERSONAL,
69         'captype' => 'read',
70         'contextlevel' => CONTEXT_SYSTEM,
71         'archetypes' => array(
72             'manager' => CAP_ALLOW,
73             'editingteacher' => CAP_ALLOW
74         )
75     ),
77     'moodle/site:sendmessage' => array(
79         'riskbitmask' => RISK_SPAM,
81         'captype' => 'write',
82         'contextlevel' => CONTEXT_SYSTEM,
83         'archetypes' => array(
84             'manager' => CAP_ALLOW,
85             'user' => CAP_ALLOW
86         )
87     ),
89     'moodle/site:approvecourse' => array(
91         'riskbitmask' => RISK_XSS,
93         'captype' => 'write',
94         'contextlevel' => CONTEXT_SYSTEM,
95         'archetypes' => array(
96             'manager' => CAP_ALLOW
97         )
98     ),
100     'moodle/backup:backupcourse' => array(
102         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
104         'captype' => 'write',
105         'contextlevel' => CONTEXT_COURSE,
106         'archetypes' => array(
107             'editingteacher' => CAP_ALLOW,
108             'manager' => CAP_ALLOW
109         ),
111         'clonepermissionsfrom' =>  'moodle/site:backup'
112     ),
114     'moodle/backup:backupsection' => array(
116         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
118         'captype' => 'write',
119         'contextlevel' => CONTEXT_COURSE,
120         'archetypes' => array(
121             'editingteacher' => CAP_ALLOW,
122             'manager' => CAP_ALLOW
123         ),
125         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
126     ),
128     'moodle/backup:backupactivity' => array(
130         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
132         'captype' => 'write',
133         'contextlevel' => CONTEXT_MODULE,
134         'archetypes' => array(
135             'editingteacher' => CAP_ALLOW,
136             'manager' => CAP_ALLOW
137         ),
139         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
140     ),
142     'moodle/backup:backuptargethub' => array(
144         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
146         'captype' => 'write',
147         'contextlevel' => CONTEXT_COURSE,
148         'archetypes' => array(
149             'editingteacher' => CAP_ALLOW,
150             'manager' => CAP_ALLOW
151         ),
153         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
154     ),
156     'moodle/backup:backuptargetimport' => array(
158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
160         'captype' => 'write',
161         'contextlevel' => CONTEXT_COURSE,
162         'archetypes' => array(
163             'editingteacher' => CAP_ALLOW,
164             'manager' => CAP_ALLOW
165         ),
167         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
168     ),
170     'moodle/backup:downloadfile' => array(
172         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
174         'captype' => 'write',
175         'contextlevel' => CONTEXT_COURSE,
176         'archetypes' => array(
177             'editingteacher' => CAP_ALLOW,
178             'manager' => CAP_ALLOW
179         ),
181         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
182     ),
184     'moodle/backup:configure' => array(
186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
188         'captype' => 'write',
189         'contextlevel' => CONTEXT_COURSE,
190         'archetypes' => array(
191             'editingteacher' => CAP_ALLOW,
192             'manager' => CAP_ALLOW
193         )
194     ),
196     'moodle/backup:userinfo' => array(
198         'riskbitmask' => RISK_PERSONAL,
200         'captype' => 'read',
201         'contextlevel' => CONTEXT_COURSE,
202         'archetypes' => array(
203             'manager' => CAP_ALLOW
204         )
205     ),
207     'moodle/backup:anonymise' => array(
209         'riskbitmask' => RISK_PERSONAL,
211         'captype' => 'read',
212         'contextlevel' => CONTEXT_COURSE,
213         'archetypes' => array(
214             'manager' => CAP_ALLOW
215         )
216     ),
218     'moodle/restore:restorecourse' => array(
220         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
222         'captype' => 'write',
223         'contextlevel' => CONTEXT_COURSE,
224         'archetypes' => array(
225             'editingteacher' => CAP_ALLOW,
226             'manager' => CAP_ALLOW
227         ),
229         'clonepermissionsfrom' =>  'moodle/site:restore'
230     ),
232     'moodle/restore:restoresection' => array(
234         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
236         'captype' => 'write',
237         'contextlevel' => CONTEXT_COURSE,
238         'archetypes' => array(
239             'editingteacher' => CAP_ALLOW,
240             'manager' => CAP_ALLOW
241         ),
243         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
244     ),
246     'moodle/restore:restoreactivity' => array(
248         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
250         'captype' => 'write',
251         'contextlevel' => CONTEXT_COURSE,
252         'archetypes' => array(
253             'editingteacher' => CAP_ALLOW,
254             'manager' => CAP_ALLOW
255         ),
257         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
258     ),
260     'moodle/restore:viewautomatedfilearea' => array(
262         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
264         'captype' => 'write',
265         'contextlevel' => CONTEXT_COURSE,
266     ),
268     'moodle/restore:restoretargethub' => array(
270         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
272         'captype' => 'write',
273         'contextlevel' => CONTEXT_COURSE,
274         'archetypes' => array(
275             'editingteacher' => CAP_ALLOW,
276             'manager' => CAP_ALLOW
277         ),
279         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
280     ),
282     'moodle/restore:restoretargetimport' => array(
284         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
286         'captype' => 'write',
287         'contextlevel' => CONTEXT_COURSE,
288         'archetypes' => array(
289             'editingteacher' => CAP_ALLOW,
290             'manager' => CAP_ALLOW
291         ),
293         'clonepermissionsfrom' =>  'moodle/site:import'
294     ),
296     'moodle/restore:uploadfile' => array(
298         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
300         'captype' => 'write',
301         'contextlevel' => CONTEXT_COURSE,
302         'archetypes' => array(
303             'editingteacher' => CAP_ALLOW,
304             'manager' => CAP_ALLOW
305         ),
307         'clonepermissionsfrom' =>  'moodle/site:backupupload'
308     ),
310     'moodle/restore:configure' => array(
312         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
314         'captype' => 'write',
315         'contextlevel' => CONTEXT_COURSE,
316         'archetypes' => array(
317             'editingteacher' => CAP_ALLOW,
318             'manager' => CAP_ALLOW
319         )
320     ),
322     'moodle/restore:rolldates' => array(
324         'captype' => 'write',
325         'contextlevel' => CONTEXT_COURSE,
326         'archetypes' => array(
327             'coursecreator' => CAP_ALLOW,
328             'manager' => CAP_ALLOW
329         )
330     ),
332     'moodle/restore:userinfo' => array(
334         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
336         'captype' => 'write',
337         'contextlevel' => CONTEXT_COURSE,
338         'archetypes' => array(
339             'manager' => CAP_ALLOW
340         )
341     ),
343     'moodle/restore:createuser' => array(
345         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
347         'captype' => 'write',
348         'contextlevel' => CONTEXT_SYSTEM,
349         'archetypes' => array(
350             'manager' => CAP_ALLOW
351         )
352     ),
354     'moodle/site:manageblocks' => array(
356         'riskbitmask' => RISK_SPAM | RISK_XSS,
358         'captype' => 'write',
359         'contextlevel' => CONTEXT_BLOCK,
360         'archetypes' => array(
361             'editingteacher' => CAP_ALLOW,
362             'manager' => CAP_ALLOW
363         )
364     ),
366     'moodle/site:accessallgroups' => array(
368         'captype' => 'read',
369         'contextlevel' => CONTEXT_COURSE,
370         'archetypes' => array(
371             'teacher' => CAP_ALLOW,
372             'editingteacher' => CAP_ALLOW,
373             'manager' => CAP_ALLOW
374         )
375     ),
377     'moodle/site:viewfullnames' => array(
379         'captype' => 'read',
380         'contextlevel' => CONTEXT_COURSE,
381         'archetypes' => array(
382             'teacher' => CAP_ALLOW,
383             'editingteacher' => CAP_ALLOW,
384             'manager' => CAP_ALLOW
385         )
386     ),
388     // In reports that give lists of users, extra information about each user's
389     // identity (the fields configured in site option showuseridentity) will be
390     // displayed to users who have this capability.
391     'moodle/site:viewuseridentity' => array(
393         'captype' => 'read',
394         'contextlevel' => CONTEXT_COURSE,
395         'archetypes' => array(
396             'teacher' => CAP_ALLOW,
397             'editingteacher' => CAP_ALLOW,
398             'manager' => CAP_ALLOW
399         )
400     ),
402     'moodle/site:viewreports' => array(
404         'riskbitmask' => RISK_PERSONAL,
406         'captype' => 'read',
407         'contextlevel' => CONTEXT_COURSE,
408         'archetypes' => array(
409             'teacher' => CAP_ALLOW,
410             'editingteacher' => CAP_ALLOW,
411             'manager' => CAP_ALLOW
412         )
413     ),
415     'moodle/site:trustcontent' => array(
417         'riskbitmask' => RISK_XSS,
419         'captype' => 'write',
420         'contextlevel' => CONTEXT_COURSE,
421         'archetypes' => array(
422             'editingteacher' => CAP_ALLOW,
423             'manager' => CAP_ALLOW
424         )
425     ),
427     'moodle/site:uploadusers' => array(
429         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
431         'captype' => 'write',
432         'contextlevel' => CONTEXT_SYSTEM,
433         'archetypes' => array(
434             'manager' => CAP_ALLOW
435         )
436     ),
438     // Permission to manage filter setting overrides in subcontexts.
439     'moodle/filter:manage' => array(
441         'captype' => 'write',
442         'contextlevel' => CONTEXT_COURSE,
443         'archetypes' => array(
444             'editingteacher' => CAP_ALLOW,
445             'manager' => CAP_ALLOW,
446         )
447     ),
449     'moodle/user:create' => array(
451         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
453         'captype' => 'write',
454         'contextlevel' => CONTEXT_SYSTEM,
455         'archetypes' => array(
456             'manager' => CAP_ALLOW
457         )
458     ),
460     'moodle/user:delete' => array(
462         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
464         'captype' => 'write',
465         'contextlevel' => CONTEXT_SYSTEM,
466         'archetypes' => array(
467             'manager' => CAP_ALLOW
468         )
469     ),
471     'moodle/user:update' => array(
473         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
475         'captype' => 'write',
476         'contextlevel' => CONTEXT_SYSTEM,
477         'archetypes' => array(
478             'manager' => CAP_ALLOW
479         )
480     ),
482     'moodle/user:viewdetails' => array(
484         'captype' => 'read',
485         'contextlevel' => CONTEXT_COURSE,
486         'archetypes' => array(
487             'guest' => CAP_ALLOW,
488             'student' => CAP_ALLOW,
489             'teacher' => CAP_ALLOW,
490             'editingteacher' => CAP_ALLOW,
491             'manager' => CAP_ALLOW
492         )
493     ),
495     'moodle/user:viewalldetails' => array(
496         'riskbitmask' => RISK_PERSONAL,
497         'captype' => 'read',
498         'contextlevel' => CONTEXT_USER,
499         'archetypes' => array(
500             'manager' => CAP_ALLOW
501         ),
502         'clonepermissionsfrom' => 'moodle/user:update'
503     ),
505     'moodle/user:viewhiddendetails' => array(
507         'riskbitmask' => RISK_PERSONAL,
509         'captype' => 'read',
510         'contextlevel' => CONTEXT_COURSE,
511         'archetypes' => array(
512             'teacher' => CAP_ALLOW,
513             'editingteacher' => CAP_ALLOW,
514             'manager' => CAP_ALLOW
515         )
516     ),
518     'moodle/user:loginas' => array(
520         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
522         'captype' => 'write',
523         'contextlevel' => CONTEXT_COURSE,
524         'archetypes' => array(
525             'manager' => CAP_ALLOW
526         )
527     ),
529     // can the user manage the system default profile page?
530     'moodle/user:managesyspages' => array(
532         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
534         'captype' => 'write',
535         'contextlevel' => CONTEXT_SYSTEM,
536         'archetypes' => array(
537             'manager' => CAP_ALLOW
538         )
539     ),
541     // can the user manage another user's profile page?
542     'moodle/user:manageblocks' => array(
544         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
546         'captype' => 'write',
547         'contextlevel' => CONTEXT_USER
548     ),
550     // can the user manage their own profile page?
551     'moodle/user:manageownblocks' => array(
553         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
555         'captype' => 'write',
556         'contextlevel' => CONTEXT_SYSTEM,
557         'archetypes' => array(
558             'user' => CAP_ALLOW
559         )
560     ),
562     // can the user manage their own files?
563     'moodle/user:manageownfiles' => array(
565         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
567         'captype' => 'write',
568         'contextlevel' => CONTEXT_SYSTEM,
569         'archetypes' => array(
570             'user' => CAP_ALLOW
571         )
572     ),
574     // can the user manage the system default dashboard page?
575     'moodle/my:configsyspages' => array(
577         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
579         'captype' => 'write',
580         'contextlevel' => CONTEXT_SYSTEM,
581         'archetypes' => array(
582             'manager' => CAP_ALLOW
583         )
584     ),
586     'moodle/role:assign' => array(
588         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
590         'captype' => 'write',
591         'contextlevel' => CONTEXT_COURSE,
592         'archetypes' => array(
593             'editingteacher' => CAP_ALLOW,
594             'manager' => CAP_ALLOW
595         )
596     ),
598     'moodle/role:review' => array(
600         'riskbitmask' => RISK_PERSONAL,
602         'captype' => 'read',
603         'contextlevel' => CONTEXT_COURSE,
604         'archetypes' => array(
605             'teacher' => CAP_ALLOW,
606             'editingteacher' => CAP_ALLOW,
607             'manager' => CAP_ALLOW
608         )
609     ),
611     'moodle/role:override' => array(
613         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
615         'captype' => 'write',
616         'contextlevel' => CONTEXT_COURSE,
617         'archetypes' => array(
618             'manager' => CAP_ALLOW
619         )
620     ),
622     'moodle/role:safeoverride' => array(
624         'riskbitmask' => RISK_SPAM,
626         'captype' => 'write',
627         'contextlevel' => CONTEXT_COURSE,
628         'archetypes' => array(
629             'editingteacher' => CAP_ALLOW
630         )
631     ),
633     'moodle/role:manage' => array(
635         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
637         'captype' => 'write',
638         'contextlevel' => CONTEXT_SYSTEM,
639         'archetypes' => array(
640             'manager' => CAP_ALLOW
641         )
642     ),
644     'moodle/role:switchroles' => array(
646         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
648         'captype' => 'read',
649         'contextlevel' => CONTEXT_COURSE,
650         'archetypes' => array(
651             'editingteacher' => CAP_ALLOW,
652             'manager' => CAP_ALLOW
653         )
654     ),
656     // Create, update and delete course categories. (Deleting a course category
657     // does not let you delete the courses it contains, unless you also have
658     // moodle/course: delete.) Creating and deleting requires this permission in
659     // the parent category.
660     'moodle/category:manage' => array(
662         'riskbitmask' => RISK_XSS,
664         'captype' => 'write',
665         'contextlevel' => CONTEXT_COURSECAT,
666         'archetypes' => array(
667             'manager' => CAP_ALLOW
668         ),
669         'clonepermissionsfrom' => 'moodle/category:update'
670     ),
672     'moodle/category:viewhiddencategories' => array(
674         'captype' => 'read',
675         'contextlevel' => CONTEXT_COURSECAT,
676         'archetypes' => array(
677             'coursecreator' => CAP_ALLOW,
678             'manager' => CAP_ALLOW
679         ),
680         'clonepermissionsfrom' => 'moodle/category:visibility'
681     ),
683     // create, delete, move cohorts in system and course categories,
684     // (cohorts with component !== null can be only moved)
685     'moodle/cohort:manage' => array(
687         'captype' => 'write',
688         'contextlevel' => CONTEXT_COURSECAT,
689         'archetypes' => array(
690             'manager' => CAP_ALLOW
691         )
692     ),
694     // add and remove cohort members (only for cohorts where component !== null)
695     'moodle/cohort:assign' => array(
697         'captype' => 'write',
698         'contextlevel' => CONTEXT_COURSECAT,
699         'archetypes' => array(
700             'manager' => CAP_ALLOW
701         )
702     ),
704     // view members of a cohort, this can be used in course context too,
705     // this also controls the ability to actually use cohort
706     'moodle/cohort:view' => array(
708         'captype' => 'read',
709         'contextlevel' => CONTEXT_COURSE,
710         'archetypes' => array(
711             'editingteacher' => CAP_ALLOW,
712             'manager' => CAP_ALLOW
713         )
714     ),
716     'moodle/course:create' => array(
718         'riskbitmask' => RISK_XSS,
720         'captype' => 'write',
721         'contextlevel' => CONTEXT_COURSECAT,
722         'archetypes' => array(
723             'coursecreator' => CAP_ALLOW,
724             'manager' => CAP_ALLOW
725         )
726     ),
728     'moodle/course:request' => array(
729         'captype' => 'write',
730         'contextlevel' => CONTEXT_SYSTEM,
731         'archetypes' => array(
732             'user' => CAP_ALLOW,
733         )
734     ),
736     'moodle/course:delete' => array(
738         'riskbitmask' => RISK_DATALOSS,
740         'captype' => 'write',
741         'contextlevel' => CONTEXT_COURSE,
742         'archetypes' => array(
743             'manager' => CAP_ALLOW
744         )
745     ),
747     'moodle/course:update' => array(
749         'riskbitmask' => RISK_XSS,
751         'captype' => 'write',
752         'contextlevel' => CONTEXT_COURSE,
753         'archetypes' => array(
754             'editingteacher' => CAP_ALLOW,
755             'manager' => CAP_ALLOW
756         )
757     ),
759     'moodle/course:view' => array(
761         'captype' => 'read',
762         'contextlevel' => CONTEXT_COURSE,
763         'archetypes' => array(
764             'manager' => CAP_ALLOW,
765         )
766     ),
768     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
769     'moodle/course:enrolreview' => array(
771         'riskbitmask' => RISK_PERSONAL,
773         'captype' => 'read',
774         'contextlevel' => CONTEXT_COURSE,
775         'archetypes' => array(
776             'editingteacher' => CAP_ALLOW,
777             'manager' => CAP_ALLOW,
778         )
779     ),
781     /* add, remove, hide enrol instances in courses */
782     'moodle/course:enrolconfig' => array(
784         'riskbitmask' => RISK_PERSONAL,
786         'captype' => 'write',
787         'contextlevel' => CONTEXT_COURSE,
788         'archetypes' => array(
789             'editingteacher' => CAP_ALLOW,
790             'manager' => CAP_ALLOW,
791         )
792     ),
794     'moodle/course:bulkmessaging' => array(
796         'riskbitmask' => RISK_SPAM,
798         'captype' => 'write',
799         'contextlevel' => CONTEXT_COURSE,
800         'archetypes' => array(
801             'teacher' => CAP_ALLOW,
802             'editingteacher' => CAP_ALLOW,
803             'manager' => CAP_ALLOW
804         )
805     ),
807     'moodle/course:viewhiddenuserfields' => array(
809         'riskbitmask' => RISK_PERSONAL,
811         'captype' => 'read',
812         'contextlevel' => CONTEXT_COURSE,
813         'archetypes' => array(
814             'teacher' => CAP_ALLOW,
815             'editingteacher' => CAP_ALLOW,
816             'manager' => CAP_ALLOW
817         )
818     ),
820     'moodle/course:viewhiddencourses' => array(
822         'captype' => 'read',
823         'contextlevel' => CONTEXT_COURSE,
824         'archetypes' => array(
825             'coursecreator' => CAP_ALLOW,
826             'teacher' => CAP_ALLOW,
827             'editingteacher' => CAP_ALLOW,
828             'manager' => CAP_ALLOW
829         )
830     ),
832     'moodle/course:visibility' => array(
834         'captype' => 'write',
835         'contextlevel' => CONTEXT_COURSE,
836         'archetypes' => array(
837             'editingteacher' => CAP_ALLOW,
838             'manager' => CAP_ALLOW
839         )
840     ),
842     'moodle/course:managefiles' => array(
844         'riskbitmask' => RISK_XSS,
846         'captype' => 'write',
847         'contextlevel' => CONTEXT_COURSE,
848         'archetypes' => array(
849             'editingteacher' => CAP_ALLOW,
850             'manager' => CAP_ALLOW
851         )
852     ),
854     'moodle/course:manageactivities' => array(
856         'riskbitmask' => RISK_XSS,
858         'captype' => 'write',
859         'contextlevel' => CONTEXT_MODULE,
860         'archetypes' => array(
861             'editingteacher' => CAP_ALLOW,
862             'manager' => CAP_ALLOW
863         )
864     ),
866     'moodle/course:activityvisibility' => array(
868         'captype' => 'write',
869         'contextlevel' => CONTEXT_MODULE,
870         'archetypes' => array(
871             'editingteacher' => CAP_ALLOW,
872             'manager' => CAP_ALLOW
873         )
874     ),
876     'moodle/course:viewhiddenactivities' => array(
878         'captype' => 'write',
879         'contextlevel' => CONTEXT_MODULE,
880         'archetypes' => array(
881             'teacher' => CAP_ALLOW,
882             'editingteacher' => CAP_ALLOW,
883             'manager' => CAP_ALLOW
884         )
885     ),
887     'moodle/course:viewparticipants' => array(
889         'captype' => 'read',
890         'contextlevel' => CONTEXT_COURSE,
891         'archetypes' => array(
892             'student' => CAP_ALLOW,
893             'teacher' => CAP_ALLOW,
894             'editingteacher' => CAP_ALLOW,
895             'manager' => CAP_ALLOW
896         )
897     ),
899     'moodle/course:changefullname' => array(
901         'riskbitmask' => RISK_XSS,
903         'captype' => 'write',
904         'contextlevel' => CONTEXT_COURSE,
905         'archetypes' => array(
906             'editingteacher' => CAP_ALLOW,
907             'manager' => CAP_ALLOW
908         ),
909         'clonepermissionsfrom' => 'moodle/course:update'
910     ),
912     'moodle/course:changeshortname' => array(
914         'riskbitmask' => RISK_XSS,
916         'captype' => 'write',
917         'contextlevel' => CONTEXT_COURSE,
918         'archetypes' => array(
919             'editingteacher' => CAP_ALLOW,
920             'manager' => CAP_ALLOW
921         ),
922         'clonepermissionsfrom' => 'moodle/course:update'
923     ),
925     'moodle/course:changeidnumber' => array(
927         'riskbitmask' => RISK_XSS,
929         'captype' => 'write',
930         'contextlevel' => CONTEXT_COURSE,
931         'archetypes' => array(
932             'editingteacher' => CAP_ALLOW,
933             'manager' => CAP_ALLOW
934         ),
935         'clonepermissionsfrom' => 'moodle/course:update'
936     ),
937     'moodle/course:changecategory' => array(
938         'riskbitmask' => RISK_XSS,
940         'captype' => 'write',
941         'contextlevel' => CONTEXT_COURSE,
942         'archetypes' => array(
943             'editingteacher' => CAP_ALLOW,
944             'manager' => CAP_ALLOW
945         ),
946         'clonepermissionsfrom' => 'moodle/course:update'
947     ),
949     'moodle/course:changesummary' => array(
950         'riskbitmask' => RISK_XSS,
952         'captype' => 'write',
953         'contextlevel' => CONTEXT_COURSE,
954         'archetypes' => array(
955             'editingteacher' => CAP_ALLOW,
956             'manager' => CAP_ALLOW
957         ),
958         'clonepermissionsfrom' => 'moodle/course:update'
959     ),
962     'moodle/site:viewparticipants' => array(
964         'captype' => 'read',
965         'contextlevel' => CONTEXT_SYSTEM,
966         'archetypes' => array(
967             'manager' => CAP_ALLOW
968         )
969     ),
971     'moodle/course:viewscales' => array(
973         'captype' => 'read',
974         'contextlevel' => CONTEXT_COURSE,
975         'archetypes' => array(
976             'student' => CAP_ALLOW,
977             'teacher' => CAP_ALLOW,
978             'editingteacher' => CAP_ALLOW,
979             'manager' => CAP_ALLOW
980         )
981     ),
983     'moodle/course:managescales' => array(
985         'captype' => 'write',
986         'contextlevel' => CONTEXT_COURSE,
987         'archetypes' => array(
988             'editingteacher' => CAP_ALLOW,
989             'manager' => CAP_ALLOW
990         )
991     ),
993     'moodle/course:managegroups' => array(
995         'captype' => 'write',
996         'contextlevel' => CONTEXT_COURSE,
997         'archetypes' => array(
998             'editingteacher' => CAP_ALLOW,
999             'manager' => CAP_ALLOW
1000         )
1001     ),
1003     'moodle/course:reset' => array(
1005         'riskbitmask' => RISK_DATALOSS,
1007         'captype' => 'write',
1008         'contextlevel' => CONTEXT_COURSE,
1009         'archetypes' => array(
1010             'editingteacher' => CAP_ALLOW,
1011             'manager' => CAP_ALLOW
1012         )
1013     ),
1015     'moodle/blog:view' => array(
1017         'captype' => 'read',
1018         'contextlevel' => CONTEXT_SYSTEM,
1019         'archetypes' => array(
1020             'guest' => CAP_ALLOW,
1021             'user' => CAP_ALLOW,
1022             'student' => CAP_ALLOW,
1023             'teacher' => CAP_ALLOW,
1024             'editingteacher' => CAP_ALLOW,
1025             'manager' => CAP_ALLOW
1026         )
1027     ),
1029     'moodle/blog:search' => array(
1030         'captype' => 'read',
1031         'contextlevel' => CONTEXT_SYSTEM,
1032         'archetypes' => array(
1033             'guest' => CAP_ALLOW,
1034             'user' => CAP_ALLOW,
1035             'student' => CAP_ALLOW,
1036             'teacher' => CAP_ALLOW,
1037             'editingteacher' => CAP_ALLOW,
1038             'manager' => CAP_ALLOW
1039         )
1040     ),
1042     'moodle/blog:viewdrafts' => array(
1044         'riskbitmask' => RISK_PERSONAL,
1045         'captype' => 'read',
1046         'contextlevel' => CONTEXT_SYSTEM,
1047         'archetypes' => array(
1048             'manager' => CAP_ALLOW
1049         )
1050     ),
1052     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1054         'riskbitmask' => RISK_SPAM,
1056         'captype' => 'write',
1057         'contextlevel' => CONTEXT_SYSTEM,
1058         'archetypes' => array(
1059             'user' => CAP_ALLOW,
1060             'manager' => CAP_ALLOW
1061         )
1062     ),
1064     'moodle/blog:manageentries' => array(
1066         'riskbitmask' => RISK_SPAM,
1068         'captype' => 'write',
1069         'contextlevel' => CONTEXT_SYSTEM,
1070         'archetypes' => array(
1071             'teacher' => CAP_ALLOW,
1072             'editingteacher' => CAP_ALLOW,
1073             'manager' => CAP_ALLOW
1074         )
1075     ),
1077     'moodle/blog:manageexternal' => array(
1079         'riskbitmask' => RISK_SPAM,
1081         'captype' => 'write',
1082         'contextlevel' => CONTEXT_SYSTEM,
1083         'archetypes' => array(
1084             'student' => CAP_ALLOW,
1085             'user' => CAP_ALLOW,
1086             'teacher' => CAP_ALLOW,
1087             'editingteacher' => CAP_ALLOW,
1088             'manager' => CAP_ALLOW
1089         )
1090     ),
1092     'moodle/blog:associatecourse' => array(
1094         'captype' => 'write',
1095         'contextlevel' => CONTEXT_COURSE,
1096         'archetypes' => array(
1097             'student' => CAP_ALLOW,
1098             'user' => CAP_ALLOW,
1099             'teacher' => CAP_ALLOW,
1100             'editingteacher' => CAP_ALLOW,
1101             'manager' => CAP_ALLOW
1102         )
1103     ),
1105     'moodle/blog:associatemodule' => array(
1107         'captype' => 'write',
1108         'contextlevel' => CONTEXT_MODULE,
1109         'archetypes' => array(
1110             'student' => CAP_ALLOW,
1111             'user' => CAP_ALLOW,
1112             'teacher' => CAP_ALLOW,
1113             'editingteacher' => CAP_ALLOW,
1114             'manager' => CAP_ALLOW
1115         )
1116     ),
1118     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1120         'riskbitmask' => RISK_SPAM,
1122         'captype' => 'write',
1123         'contextlevel' => CONTEXT_COURSE,
1124         'archetypes' => array(
1125             'user' => CAP_ALLOW,
1126             'manager' => CAP_ALLOW
1127         )
1128     ),
1130     'moodle/calendar:managegroupentries' => array(
1132         'riskbitmask' => RISK_SPAM,
1134         'captype' => 'write',
1135         'contextlevel' => CONTEXT_COURSE,
1136         'archetypes' => array(
1137             'teacher' => CAP_ALLOW,
1138             'editingteacher' => CAP_ALLOW,
1139             'manager' => CAP_ALLOW
1140         )
1141     ),
1143     'moodle/calendar:manageentries' => array(
1145         'riskbitmask' => RISK_SPAM,
1147         'captype' => 'write',
1148         'contextlevel' => CONTEXT_COURSE,
1149         'archetypes' => array(
1150             'teacher' => CAP_ALLOW,
1151             'editingteacher' => CAP_ALLOW,
1152             'manager' => CAP_ALLOW
1153         )
1154     ),
1156     'moodle/user:editprofile' => array(
1158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1160         'captype' => 'write',
1161         'contextlevel' => CONTEXT_USER,
1162         'archetypes' => array(
1163             'manager' => CAP_ALLOW
1164         )
1165     ),
1167     'moodle/user:editownprofile' => array(
1169         'riskbitmask' => RISK_SPAM,
1171         'captype' => 'write',
1172         'contextlevel' => CONTEXT_SYSTEM,
1173         'archetypes' => array(
1174             'guest' => CAP_PROHIBIT,
1175             'user' => CAP_ALLOW,
1176             'manager' => CAP_ALLOW
1177         )
1178     ),
1180     'moodle/user:changeownpassword' => array(
1182         'captype' => 'write',
1183         'contextlevel' => CONTEXT_SYSTEM,
1184         'archetypes' => array(
1185             'guest' => CAP_PROHIBIT,
1186             'user' => CAP_ALLOW,
1187             'manager' => CAP_ALLOW
1188         )
1189     ),
1191     // The next 3 might make no sense for some roles, e.g teacher, etc.
1192     // since the next level up is site. These are more for the parent role
1193     'moodle/user:readuserposts' => array(
1195         'captype' => 'read',
1196         'contextlevel' => CONTEXT_USER,
1197         'archetypes' => array(
1198             'student' => CAP_ALLOW,
1199             'teacher' => CAP_ALLOW,
1200             'editingteacher' => CAP_ALLOW,
1201             'manager' => CAP_ALLOW
1202         )
1203     ),
1205     'moodle/user:readuserblogs' => array(
1207         'captype' => 'read',
1208         'contextlevel' => CONTEXT_USER,
1209         'archetypes' => array(
1210             'student' => CAP_ALLOW,
1211             'teacher' => CAP_ALLOW,
1212             'editingteacher' => CAP_ALLOW,
1213             'manager' => CAP_ALLOW
1214         )
1215     ),
1217     // designed for parent role - not used in legacy roles
1218     'moodle/user:viewuseractivitiesreport' => array(
1219         'riskbitmask' => RISK_PERSONAL,
1221         'captype' => 'read',
1222         'contextlevel' => CONTEXT_USER,
1223         'archetypes' => array(
1224         )
1225     ),
1227     //capabilities designed for the new message system configuration
1228     'moodle/user:editmessageprofile' => array(
1230          'riskbitmask' => RISK_SPAM,
1232          'captype' => 'write',
1233          'contextlevel' => CONTEXT_USER,
1234          'archetypes' => array(
1235              'manager' => CAP_ALLOW
1236          )
1237      ),
1239      'moodle/user:editownmessageprofile' => array(
1241          'captype' => 'write',
1242          'contextlevel' => CONTEXT_SYSTEM,
1243          'archetypes' => array(
1244              'guest' => CAP_PROHIBIT,
1245              'user' => CAP_ALLOW,
1246              'manager' => CAP_ALLOW
1247          )
1248      ),
1250     'moodle/question:managecategory' => array(
1251         'riskbitmask' => RISK_SPAM | RISK_XSS,
1252         'captype' => 'write',
1253         'contextlevel' => CONTEXT_COURSE,
1254         'archetypes' => array(
1255             'editingteacher' => CAP_ALLOW,
1256             'manager' => CAP_ALLOW
1257         )
1258     ),
1260     //new in moodle 1.9
1261     'moodle/question:add' => array(
1262         'riskbitmask' => RISK_SPAM | RISK_XSS,
1263         'captype' => 'write',
1264         'contextlevel' => CONTEXT_COURSE,
1265         'archetypes' => array(
1266             'editingteacher' => CAP_ALLOW,
1267             'manager' => CAP_ALLOW
1268         ),
1269         'clonepermissionsfrom' =>  'moodle/question:manage'
1270     ),
1271     'moodle/question:editmine' => array(
1272         'riskbitmask' => RISK_SPAM | RISK_XSS,
1273         'captype' => 'write',
1274         'contextlevel' => CONTEXT_COURSE,
1275         'archetypes' => array(
1276             'editingteacher' => CAP_ALLOW,
1277             'manager' => CAP_ALLOW
1278         ),
1279         'clonepermissionsfrom' =>  'moodle/question:manage'
1280     ),
1281     'moodle/question:editall' => array(
1282         'riskbitmask' => RISK_SPAM | RISK_XSS,
1283         'captype' => 'write',
1284         'contextlevel' => CONTEXT_COURSE,
1285         'archetypes' => array(
1286             'editingteacher' => CAP_ALLOW,
1287             'manager' => CAP_ALLOW
1288         ),
1289         'clonepermissionsfrom' =>  'moodle/question:manage'
1290     ),
1291     'moodle/question:viewmine' => array(
1292         'captype' => 'read',
1293         'contextlevel' => CONTEXT_COURSE,
1294         'archetypes' => array(
1295             'editingteacher' => CAP_ALLOW,
1296             'manager' => CAP_ALLOW
1297         ),
1298         'clonepermissionsfrom' =>  'moodle/question:manage'
1299     ),
1300     'moodle/question:viewall' => array(
1301         'captype' => 'read',
1302         'contextlevel' => CONTEXT_COURSE,
1303         'archetypes' => array(
1304             'editingteacher' => CAP_ALLOW,
1305             'manager' => CAP_ALLOW
1306         ),
1307         'clonepermissionsfrom' =>  'moodle/question:manage'
1308     ),
1309     'moodle/question:usemine' => array(
1310         'captype' => 'read',
1311         'contextlevel' => CONTEXT_COURSE,
1312         'archetypes' => array(
1313             'editingteacher' => CAP_ALLOW,
1314             'manager' => CAP_ALLOW
1315         ),
1316         'clonepermissionsfrom' =>  'moodle/question:manage'
1317     ),
1318     'moodle/question:useall' => array(
1319         'captype' => 'read',
1320         'contextlevel' => CONTEXT_COURSE,
1321         'archetypes' => array(
1322             'editingteacher' => CAP_ALLOW,
1323             'manager' => CAP_ALLOW
1324         ),
1325         'clonepermissionsfrom' =>  'moodle/question:manage'
1326     ),
1327     'moodle/question:movemine' => array(
1328         'captype' => 'write',
1329         'contextlevel' => CONTEXT_COURSE,
1330         'archetypes' => array(
1331             'editingteacher' => CAP_ALLOW,
1332             'manager' => CAP_ALLOW
1333         ),
1334         'clonepermissionsfrom' =>  'moodle/question:manage'
1335     ),
1336     'moodle/question:moveall' => array(
1337         'captype' => 'write',
1338         'contextlevel' => CONTEXT_COURSE,
1339         'archetypes' => array(
1340             'editingteacher' => CAP_ALLOW,
1341             'manager' => CAP_ALLOW
1342         ),
1343         'clonepermissionsfrom' =>  'moodle/question:manage'
1344     ),
1345     //END new in moodle 1.9
1347     // Configure the installed question types.
1348     'moodle/question:config' => array(
1349         'riskbitmask' => RISK_CONFIG,
1350         'captype' => 'write',
1351         'contextlevel' => CONTEXT_SYSTEM,
1352         'archetypes' => array(
1353             'manager' => CAP_ALLOW
1354         )
1355     ),
1357     // While attempting questions, the ability to flag particular questions for later reference.
1358     'moodle/question:flag' => array(
1359         'captype' => 'write',
1360         'contextlevel' => CONTEXT_COURSE,
1361         'archetypes' => array(
1362             'student' => CAP_ALLOW,
1363             'teacher' => CAP_ALLOW,
1364             'editingteacher' => CAP_ALLOW,
1365             'manager' => CAP_ALLOW
1366         )
1367     ),
1369     'moodle/site:doclinks' => array(
1370         'captype' => 'read',
1371         'contextlevel' => CONTEXT_SYSTEM,
1372         'archetypes' => array(
1373             'teacher' => CAP_ALLOW,
1374             'editingteacher' => CAP_ALLOW,
1375             'manager' => CAP_ALLOW
1376         )
1377     ),
1379     'moodle/course:sectionvisibility' => array(
1381         'captype' => 'write',
1382         'contextlevel' => CONTEXT_COURSE,
1383         'archetypes' => array(
1384             'editingteacher' => CAP_ALLOW,
1385             'manager' => CAP_ALLOW
1386         )
1387     ),
1389     'moodle/course:useremail' => array(
1391         'captype' => 'write',
1392         'contextlevel' => CONTEXT_COURSE,
1393         'archetypes' => array(
1394             'editingteacher' => CAP_ALLOW,
1395             'manager' => CAP_ALLOW
1396         )
1397     ),
1399     'moodle/course:viewhiddensections' => array(
1401         'captype' => 'write',
1402         'contextlevel' => CONTEXT_COURSE,
1403         'archetypes' => array(
1404             'editingteacher' => CAP_ALLOW,
1405             'manager' => CAP_ALLOW
1406         )
1407     ),
1409     'moodle/course:setcurrentsection' => array(
1411         'captype' => 'write',
1412         'contextlevel' => CONTEXT_COURSE,
1413         'archetypes' => array(
1414             'editingteacher' => CAP_ALLOW,
1415             'manager' => CAP_ALLOW
1416         )
1417     ),
1419     'moodle/site:mnetlogintoremote' => array(
1421         'captype' => 'read',
1422         'contextlevel' => CONTEXT_SYSTEM,
1423         'archetypes' => array(
1424         )
1425     ),
1427     'moodle/grade:viewall' => array(
1428         'riskbitmask' => RISK_PERSONAL,
1429         'captype' => 'read',
1430         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1431         'archetypes' => array(
1432             'teacher' => CAP_ALLOW,
1433             'editingteacher' => CAP_ALLOW,
1434             'manager' => CAP_ALLOW
1435         ),
1436         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1437     ),
1439     'moodle/grade:view' => array(
1440         'captype' => 'read',
1441         'contextlevel' => CONTEXT_COURSE,
1442         'archetypes' => array(
1443             'student' => CAP_ALLOW
1444         )
1445     ),
1447     'moodle/grade:viewhidden' => array(
1448         'riskbitmask' => RISK_PERSONAL,
1449         'captype' => 'read',
1450         'contextlevel' => CONTEXT_COURSE,
1451         'archetypes' => array(
1452             'teacher' => CAP_ALLOW,
1453             'editingteacher' => CAP_ALLOW,
1454             'manager' => CAP_ALLOW
1455         ),
1456         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1457     ),
1459     'moodle/grade:import' => array(
1460         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1461         'captype' => 'write',
1462         'contextlevel' => CONTEXT_COURSE,
1463         'archetypes' => array(
1464             'editingteacher' => CAP_ALLOW,
1465             'manager' => CAP_ALLOW
1466         ),
1467         'clonepermissionsfrom' => 'moodle/course:managegrades'
1468     ),
1470     'moodle/grade:export' => array(
1471         'riskbitmask' => RISK_PERSONAL,
1472         'captype' => 'read',
1473         'contextlevel' => CONTEXT_COURSE,
1474         'archetypes' => array(
1475             'teacher' => CAP_ALLOW,
1476             'editingteacher' => CAP_ALLOW,
1477             'manager' => CAP_ALLOW
1478         ),
1479         'clonepermissionsfrom' => 'moodle/course:managegrades'
1480     ),
1482     'moodle/grade:manage' => array(
1483         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1484         'captype' => 'write',
1485         'contextlevel' => CONTEXT_COURSE,
1486         'archetypes' => array(
1487             'editingteacher' => CAP_ALLOW,
1488             'manager' => CAP_ALLOW
1489         ),
1490         'clonepermissionsfrom' => 'moodle/course:managegrades'
1491     ),
1493     'moodle/grade:edit' => array(
1494         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1495         'captype' => 'write',
1496         'contextlevel' => CONTEXT_COURSE,
1497         'archetypes' => array(
1498             'editingteacher' => CAP_ALLOW,
1499             'manager' => CAP_ALLOW
1500         ),
1501         'clonepermissionsfrom' => 'moodle/course:managegrades'
1502     ),
1504     // ability to define advanced grading forms in activities either from scratch
1505     // or from a shared template
1506     'moodle/grade:managegradingforms' => array(
1507         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1508         'captype' => 'write',
1509         'contextlevel' => CONTEXT_COURSE,
1510         'archetypes' => array(
1511             'editingteacher' => CAP_ALLOW,
1512             'manager' => CAP_ALLOW
1513         ),
1514         'clonepermissionsfrom' => 'moodle/course:managegrades'
1515     ),
1517     // ability to save a grading form as a new shared template and eventually edit
1518     // and remove own templates (templates originally shared by that user)
1519     'moodle/grade:sharegradingforms' => array(
1520         'riskbitmask' => RISK_XSS,
1521         'captype' => 'write',
1522         'contextlevel' => CONTEXT_SYSTEM,
1523         'archetypes' => array(
1524             'manager' => CAP_ALLOW
1525         ),
1526     ),
1528     // ability to edit and remove any shared template, even those originally shared
1529     // by other users
1530     'moodle/grade:managesharedforms' => array(
1531         'riskbitmask' => RISK_XSS,
1532         'captype' => 'write',
1533         'contextlevel' => CONTEXT_SYSTEM,
1534         'archetypes' => array(
1535             'manager' => CAP_ALLOW
1536         ),
1537     ),
1539     'moodle/grade:manageoutcomes' => array(
1540         'captype' => 'write',
1541         'contextlevel' => CONTEXT_COURSE,
1542         'archetypes' => array(
1543             'editingteacher' => CAP_ALLOW,
1544             'manager' => CAP_ALLOW
1545         ),
1546         'clonepermissionsfrom' => 'moodle/course:managegrades'
1547     ),
1549     'moodle/grade:manageletters' => array(
1550         'captype' => 'write',
1551         'contextlevel' => CONTEXT_COURSE,
1552         'archetypes' => array(
1553             'editingteacher' => CAP_ALLOW,
1554             'manager' => CAP_ALLOW
1555         ),
1556         'clonepermissionsfrom' => 'moodle/course:managegrades'
1557     ),
1559     'moodle/grade:hide' => array(
1560         'captype' => 'write',
1561         'contextlevel' => CONTEXT_COURSE,
1562         'archetypes' => array(
1563             'editingteacher' => CAP_ALLOW,
1564             'manager' => CAP_ALLOW
1565         )
1566     ),
1568     'moodle/grade:lock' => array(
1569         'captype' => 'write',
1570         'contextlevel' => CONTEXT_COURSE,
1571         'archetypes' => array(
1572             'editingteacher' => CAP_ALLOW,
1573             'manager' => CAP_ALLOW
1574         )
1575     ),
1577     'moodle/grade:unlock' => array(
1578         'captype' => 'write',
1579         'contextlevel' => CONTEXT_COURSE,
1580         'archetypes' => array(
1581             'editingteacher' => CAP_ALLOW,
1582             'manager' => CAP_ALLOW
1583         )
1584     ),
1586     'moodle/my:manageblocks' => array(
1587         'captype' => 'write',
1588         'contextlevel' => CONTEXT_SYSTEM,
1589         'archetypes' => array(
1590             'user' => CAP_ALLOW
1591         )
1592     ),
1594     'moodle/notes:view' => array(
1595         'captype' => 'read',
1596         'contextlevel' => CONTEXT_COURSE,
1597         'archetypes' => array(
1598             'teacher' => CAP_ALLOW,
1599             'editingteacher' => CAP_ALLOW,
1600             'manager' => CAP_ALLOW
1601         )
1602     ),
1604     'moodle/notes:manage' => array(
1605         'riskbitmask' => RISK_SPAM,
1607         'captype' => 'write',
1608         'contextlevel' => CONTEXT_COURSE,
1609         'archetypes' => array(
1610             'teacher' => CAP_ALLOW,
1611             'editingteacher' => CAP_ALLOW,
1612             'manager' => CAP_ALLOW
1613         )
1614     ),
1616     'moodle/tag:manage' => array(
1617         'riskbitmask' => RISK_SPAM,
1619         'captype' => 'write',
1620         'contextlevel' => CONTEXT_SYSTEM,
1621         'archetypes' => array(
1622             'teacher' => CAP_ALLOW,
1623             'editingteacher' => CAP_ALLOW,
1624             'manager' => CAP_ALLOW
1625         )
1626     ),
1628     'moodle/tag:create' => array(
1629         'riskbitmask' => RISK_SPAM,
1631         'captype' => 'write',
1632         'contextlevel' => CONTEXT_SYSTEM,
1633         'archetypes' => array(
1634             'manager' => CAP_ALLOW,
1635             'user' => CAP_ALLOW
1636         )
1637     ),
1639     'moodle/tag:edit' => array(
1640         'riskbitmask' => RISK_SPAM,
1642         'captype' => 'write',
1643         'contextlevel' => CONTEXT_SYSTEM,
1644         'archetypes' => array(
1645             'manager' => CAP_ALLOW,
1646             'user' => CAP_ALLOW
1647         )
1648     ),
1650     'moodle/tag:editblocks' => array(
1651         'captype' => 'write',
1652         'contextlevel' => CONTEXT_SYSTEM,
1653         'archetypes' => array(
1654             'teacher' => CAP_ALLOW,
1655             'editingteacher' => CAP_ALLOW,
1656             'manager' => CAP_ALLOW
1657         )
1658     ),
1660     'moodle/block:view' => array(
1661         'captype' => 'read',
1662         'contextlevel' => CONTEXT_BLOCK,
1663         'archetypes' => array(
1664             'guest' => CAP_ALLOW,
1665             'user' => CAP_ALLOW,
1666             'student' => CAP_ALLOW,
1667             'teacher' => CAP_ALLOW,
1668             'editingteacher' => CAP_ALLOW,
1669         )
1670     ),
1672     'moodle/block:edit' => array(
1673         'riskbitmask' => RISK_SPAM | RISK_XSS,
1675         'captype' => 'write',
1676         'contextlevel' => CONTEXT_BLOCK,
1677         'archetypes' => array(
1678             'editingteacher' => CAP_ALLOW,
1679         )
1680     ),
1682     'moodle/portfolio:export' => array(
1683         'captype' => 'read',
1684         'contextlevel' => CONTEXT_SYSTEM,
1685         'archetypes' => array(
1686             'user' => CAP_ALLOW,
1687             'student' => CAP_ALLOW,
1688             'teacher' => CAP_ALLOW,
1689             'editingteacher' => CAP_ALLOW,
1690         )
1691     ),
1692     'moodle/comment:view' => array(
1693         'captype' => 'read',
1694         'contextlevel' => CONTEXT_COURSE,
1695         'archetypes' => array(
1696             'frontpage' => CAP_ALLOW,
1697             'guest' => CAP_ALLOW,
1698             'user' => CAP_ALLOW,
1699             'student' => CAP_ALLOW,
1700             'teacher' => CAP_ALLOW,
1701             'editingteacher' => CAP_ALLOW,
1702             'manager' => CAP_ALLOW
1703         )
1704     ),
1705     'moodle/comment:post' => array(
1707         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1708         'captype' => 'write',
1709         'contextlevel' => CONTEXT_COURSE,
1710         'archetypes' => array(
1711             'user' => CAP_ALLOW,
1712             'student' => CAP_ALLOW,
1713             'teacher' => CAP_ALLOW,
1714             'editingteacher' => CAP_ALLOW,
1715             'manager' => CAP_ALLOW
1716         )
1717     ),
1718     'moodle/comment:delete' => array(
1720         'riskbitmask' => RISK_DATALOSS,
1721         'captype' => 'write',
1722         'contextlevel' => CONTEXT_COURSE,
1723         'archetypes' => array(
1724             'editingteacher' => CAP_ALLOW,
1725             'manager' => CAP_ALLOW
1726         )
1727     ),
1728     'moodle/webservice:createtoken' => array(
1730         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1731         'captype' => 'write',
1732         'contextlevel' => CONTEXT_SYSTEM,
1733         'archetypes' => array(
1734             'manager' => CAP_ALLOW
1735         )
1736     ),
1737     'moodle/webservice:createmobiletoken' => array(
1739         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1740         'captype' => 'write',
1741         'contextlevel' => CONTEXT_SYSTEM,
1742         'archetypes' => array(
1743             'user' => CAP_ALLOW
1744         )
1745     ),
1746     'moodle/rating:view' => array(
1748         'captype' => 'read',
1749         'contextlevel' => CONTEXT_COURSE,
1750         'archetypes' => array(
1751             'user' => CAP_ALLOW,
1752             'student' => CAP_ALLOW,
1753             'teacher' => CAP_ALLOW,
1754             'editingteacher' => CAP_ALLOW,
1755             'manager' => CAP_ALLOW
1756         )
1757     ),
1758     'moodle/rating:viewany' => array(
1760         'riskbitmask' => RISK_PERSONAL,
1761         'captype' => 'read',
1762         'contextlevel' => CONTEXT_COURSE,
1763         'archetypes' => array(
1764             'user' => CAP_ALLOW,
1765             'student' => CAP_ALLOW,
1766             'teacher' => CAP_ALLOW,
1767             'editingteacher' => CAP_ALLOW,
1768             'manager' => CAP_ALLOW
1769         )
1770     ),
1771     'moodle/rating:viewall' => array(
1773         'riskbitmask' => RISK_PERSONAL,
1774         'captype' => 'read',
1775         'contextlevel' => CONTEXT_COURSE,
1776         'archetypes' => array(
1777             'user' => CAP_ALLOW,
1778             'student' => CAP_ALLOW,
1779             'teacher' => CAP_ALLOW,
1780             'editingteacher' => CAP_ALLOW,
1781             'manager' => CAP_ALLOW
1782         )
1783     ),
1784     'moodle/rating:rate' => array(
1786         'captype' => 'write',
1787         'contextlevel' => CONTEXT_COURSE,
1788         'archetypes' => array(
1789             'user' => CAP_ALLOW,
1790             'student' => CAP_ALLOW,
1791             'teacher' => CAP_ALLOW,
1792             'editingteacher' => CAP_ALLOW,
1793             'manager' => CAP_ALLOW
1794         )
1795     ),
1796      'moodle/course:publish' => array(
1798         'captype' => 'write',
1799         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1800         'contextlevel' => CONTEXT_SYSTEM,
1801         'archetypes' => array(
1802             'manager' => CAP_ALLOW
1803         )
1804     ),
1805     'moodle/course:markcomplete' => array(
1806         'captype' => 'write',
1807         'contextlevel' => CONTEXT_COURSE,
1808         'archetypes' => array(
1809             'teacher' => CAP_ALLOW,
1810             'editingteacher' => CAP_ALLOW,
1811             'manager' => CAP_ALLOW
1812         )
1813     ),
1814     'moodle/community:add' => array(
1815         'captype' => 'write',
1816         'contextlevel' => CONTEXT_SYSTEM,
1817         'archetypes' => array(
1818             'manager' => CAP_ALLOW,
1819             'teacher' => CAP_ALLOW,
1820             'editingteacher' => CAP_ALLOW,
1821         )
1822     ),
1823     'moodle/community:download' => array(
1824         'captype' => 'write',
1825         'contextlevel' => CONTEXT_SYSTEM,
1826         'archetypes' => array(
1827             'manager' => CAP_ALLOW,
1828             'editingteacher' => CAP_ALLOW,
1829         )
1830     )
1831 );