MDL-50851 core_tag: introduce tag collections
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
68     'moodle/site:readallmessages' => array(
70         'riskbitmask' => RISK_PERSONAL,
72         'captype' => 'read',
73         'contextlevel' => CONTEXT_SYSTEM,
74         'archetypes' => array(
75             'manager' => CAP_ALLOW,
76             'editingteacher' => CAP_ALLOW
77         )
78     ),
80     'moodle/site:deleteanymessage' => array(
82         'riskbitmask' => RISK_DATALOSS,
84         'captype' => 'write',
85         'contextlevel' => CONTEXT_SYSTEM,
86         'archetypes' => array(
87             'manager' => CAP_ALLOW
88         )
89     ),
91     'moodle/site:sendmessage' => array(
93         'riskbitmask' => RISK_SPAM,
95         'captype' => 'write',
96         'contextlevel' => CONTEXT_SYSTEM,
97         'archetypes' => array(
98             'manager' => CAP_ALLOW,
99             'user' => CAP_ALLOW
100         )
101     ),
103     'moodle/site:deleteownmessage' => array(
105         'captype' => 'write',
106         'contextlevel' => CONTEXT_SYSTEM,
107         'archetypes' => array(
108             'user' => CAP_ALLOW
109         )
110     ),
112     'moodle/site:approvecourse' => array(
114         'riskbitmask' => RISK_XSS,
116         'captype' => 'write',
117         'contextlevel' => CONTEXT_SYSTEM,
118         'archetypes' => array(
119             'manager' => CAP_ALLOW
120         )
121     ),
123     'moodle/backup:backupcourse' => array(
125         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
127         'captype' => 'write',
128         'contextlevel' => CONTEXT_COURSE,
129         'archetypes' => array(
130             'editingteacher' => CAP_ALLOW,
131             'manager' => CAP_ALLOW
132         ),
134         'clonepermissionsfrom' =>  'moodle/site:backup'
135     ),
137     'moodle/backup:backupsection' => array(
139         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
141         'captype' => 'write',
142         'contextlevel' => CONTEXT_COURSE,
143         'archetypes' => array(
144             'editingteacher' => CAP_ALLOW,
145             'manager' => CAP_ALLOW
146         ),
148         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
149     ),
151     'moodle/backup:backupactivity' => array(
153         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
155         'captype' => 'write',
156         'contextlevel' => CONTEXT_MODULE,
157         'archetypes' => array(
158             'editingteacher' => CAP_ALLOW,
159             'manager' => CAP_ALLOW
160         ),
162         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
163     ),
165     'moodle/backup:backuptargethub' => array(
167         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
169         'captype' => 'write',
170         'contextlevel' => CONTEXT_COURSE,
171         'archetypes' => array(
172             'editingteacher' => CAP_ALLOW,
173             'manager' => CAP_ALLOW
174         ),
176         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
177     ),
179     'moodle/backup:backuptargetimport' => array(
181         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
183         'captype' => 'write',
184         'contextlevel' => CONTEXT_COURSE,
185         'archetypes' => array(
186             'editingteacher' => CAP_ALLOW,
187             'manager' => CAP_ALLOW
188         ),
190         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
191     ),
193     'moodle/backup:downloadfile' => array(
195         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
197         'captype' => 'write',
198         'contextlevel' => CONTEXT_COURSE,
199         'archetypes' => array(
200             'editingteacher' => CAP_ALLOW,
201             'manager' => CAP_ALLOW
202         ),
204         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
205     ),
207     'moodle/backup:configure' => array(
209         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
211         'captype' => 'write',
212         'contextlevel' => CONTEXT_COURSE,
213         'archetypes' => array(
214             'editingteacher' => CAP_ALLOW,
215             'manager' => CAP_ALLOW
216         )
217     ),
219     'moodle/backup:userinfo' => array(
221         'riskbitmask' => RISK_PERSONAL,
223         'captype' => 'read',
224         'contextlevel' => CONTEXT_COURSE,
225         'archetypes' => array(
226             'manager' => CAP_ALLOW
227         )
228     ),
230     'moodle/backup:anonymise' => array(
232         'riskbitmask' => RISK_PERSONAL,
234         'captype' => 'read',
235         'contextlevel' => CONTEXT_COURSE,
236         'archetypes' => array(
237             'manager' => CAP_ALLOW
238         )
239     ),
241     'moodle/restore:restorecourse' => array(
243         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
245         'captype' => 'write',
246         'contextlevel' => CONTEXT_COURSE,
247         'archetypes' => array(
248             'editingteacher' => CAP_ALLOW,
249             'manager' => CAP_ALLOW
250         ),
252         'clonepermissionsfrom' =>  'moodle/site:restore'
253     ),
255     'moodle/restore:restoresection' => array(
257         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
259         'captype' => 'write',
260         'contextlevel' => CONTEXT_COURSE,
261         'archetypes' => array(
262             'editingteacher' => CAP_ALLOW,
263             'manager' => CAP_ALLOW
264         ),
266         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
267     ),
269     'moodle/restore:restoreactivity' => array(
271         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
273         'captype' => 'write',
274         'contextlevel' => CONTEXT_COURSE,
275         'archetypes' => array(
276             'editingteacher' => CAP_ALLOW,
277             'manager' => CAP_ALLOW
278         ),
280         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
281     ),
283     'moodle/restore:viewautomatedfilearea' => array(
285         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
287         'captype' => 'write',
288         'contextlevel' => CONTEXT_COURSE,
289     ),
291     'moodle/restore:restoretargethub' => array(
293         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
295         'captype' => 'write',
296         'contextlevel' => CONTEXT_COURSE,
297         'archetypes' => array(
298             'editingteacher' => CAP_ALLOW,
299             'manager' => CAP_ALLOW
300         ),
302         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
303     ),
305     'moodle/restore:restoretargetimport' => array(
307         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
309         'captype' => 'write',
310         'contextlevel' => CONTEXT_COURSE,
311         'archetypes' => array(
312             'editingteacher' => CAP_ALLOW,
313             'manager' => CAP_ALLOW
314         ),
316         'clonepermissionsfrom' =>  'moodle/site:import'
317     ),
319     'moodle/restore:uploadfile' => array(
321         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
323         'captype' => 'write',
324         'contextlevel' => CONTEXT_COURSE,
325         'archetypes' => array(
326             'editingteacher' => CAP_ALLOW,
327             'manager' => CAP_ALLOW
328         ),
330         'clonepermissionsfrom' =>  'moodle/site:backupupload'
331     ),
333     'moodle/restore:configure' => array(
335         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
337         'captype' => 'write',
338         'contextlevel' => CONTEXT_COURSE,
339         'archetypes' => array(
340             'editingteacher' => CAP_ALLOW,
341             'manager' => CAP_ALLOW
342         )
343     ),
345     'moodle/restore:rolldates' => array(
347         'captype' => 'write',
348         'contextlevel' => CONTEXT_COURSE,
349         'archetypes' => array(
350             'coursecreator' => CAP_ALLOW,
351             'manager' => CAP_ALLOW
352         )
353     ),
355     'moodle/restore:userinfo' => array(
357         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
359         'captype' => 'write',
360         'contextlevel' => CONTEXT_COURSE,
361         'archetypes' => array(
362             'manager' => CAP_ALLOW
363         )
364     ),
366     'moodle/restore:createuser' => array(
368         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
370         'captype' => 'write',
371         'contextlevel' => CONTEXT_SYSTEM,
372         'archetypes' => array(
373             'manager' => CAP_ALLOW
374         )
375     ),
377     'moodle/site:manageblocks' => array(
379         'riskbitmask' => RISK_SPAM | RISK_XSS,
381         'captype' => 'write',
382         'contextlevel' => CONTEXT_BLOCK,
383         'archetypes' => array(
384             'editingteacher' => CAP_ALLOW,
385             'manager' => CAP_ALLOW
386         )
387     ),
389     'moodle/site:accessallgroups' => array(
391         'captype' => 'read',
392         'contextlevel' => CONTEXT_COURSE,
393         'archetypes' => array(
394             'teacher' => CAP_ALLOW,
395             'editingteacher' => CAP_ALLOW,
396             'manager' => CAP_ALLOW
397         )
398     ),
400     'moodle/site:viewfullnames' => array(
402         'captype' => 'read',
403         'contextlevel' => CONTEXT_COURSE,
404         'archetypes' => array(
405             'teacher' => CAP_ALLOW,
406             'editingteacher' => CAP_ALLOW,
407             'manager' => CAP_ALLOW
408         )
409     ),
411     // In reports that give lists of users, extra information about each user's
412     // identity (the fields configured in site option showuseridentity) will be
413     // displayed to users who have this capability.
414     'moodle/site:viewuseridentity' => array(
416         'captype' => 'read',
417         'contextlevel' => CONTEXT_COURSE,
418         'archetypes' => array(
419             'teacher' => CAP_ALLOW,
420             'editingteacher' => CAP_ALLOW,
421             'manager' => CAP_ALLOW
422         )
423     ),
425     'moodle/site:viewreports' => array(
427         'riskbitmask' => RISK_PERSONAL,
429         'captype' => 'read',
430         'contextlevel' => CONTEXT_COURSE,
431         'archetypes' => array(
432             'teacher' => CAP_ALLOW,
433             'editingteacher' => CAP_ALLOW,
434             'manager' => CAP_ALLOW
435         )
436     ),
438     'moodle/site:trustcontent' => array(
440         'riskbitmask' => RISK_XSS,
442         'captype' => 'write',
443         'contextlevel' => CONTEXT_COURSE,
444         'archetypes' => array(
445             'editingteacher' => CAP_ALLOW,
446             'manager' => CAP_ALLOW
447         )
448     ),
450     'moodle/site:uploadusers' => array(
452         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
454         'captype' => 'write',
455         'contextlevel' => CONTEXT_SYSTEM,
456         'archetypes' => array(
457             'manager' => CAP_ALLOW
458         )
459     ),
461     // Permission to manage filter setting overrides in subcontexts.
462     'moodle/filter:manage' => array(
464         'captype' => 'write',
465         'contextlevel' => CONTEXT_COURSE,
466         'archetypes' => array(
467             'editingteacher' => CAP_ALLOW,
468             'manager' => CAP_ALLOW,
469         )
470     ),
472     'moodle/user:create' => array(
474         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
476         'captype' => 'write',
477         'contextlevel' => CONTEXT_SYSTEM,
478         'archetypes' => array(
479             'manager' => CAP_ALLOW
480         )
481     ),
483     'moodle/user:delete' => array(
485         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
487         'captype' => 'write',
488         'contextlevel' => CONTEXT_SYSTEM,
489         'archetypes' => array(
490             'manager' => CAP_ALLOW
491         )
492     ),
494     'moodle/user:update' => array(
496         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
498         'captype' => 'write',
499         'contextlevel' => CONTEXT_SYSTEM,
500         'archetypes' => array(
501             'manager' => CAP_ALLOW
502         )
503     ),
505     'moodle/user:viewdetails' => array(
507         'captype' => 'read',
508         'contextlevel' => CONTEXT_COURSE,
509         'archetypes' => array(
510             'guest' => CAP_ALLOW,
511             'student' => CAP_ALLOW,
512             'teacher' => CAP_ALLOW,
513             'editingteacher' => CAP_ALLOW,
514             'manager' => CAP_ALLOW
515         )
516     ),
518     'moodle/user:viewalldetails' => array(
519         'riskbitmask' => RISK_PERSONAL,
520         'captype' => 'read',
521         'contextlevel' => CONTEXT_USER,
522         'archetypes' => array(
523             'manager' => CAP_ALLOW
524         ),
525         'clonepermissionsfrom' => 'moodle/user:update'
526     ),
528     'moodle/user:viewlastip' => array(
529         'riskbitmask' => RISK_PERSONAL,
530         'captype' => 'read',
531         'contextlevel' => CONTEXT_USER,
532         'archetypes' => array(
533             'manager' => CAP_ALLOW
534         ),
535         'clonepermissionsfrom' => 'moodle/user:update'
536     ),
538     'moodle/user:viewhiddendetails' => array(
540         'riskbitmask' => RISK_PERSONAL,
542         'captype' => 'read',
543         'contextlevel' => CONTEXT_COURSE,
544         'archetypes' => array(
545             'teacher' => CAP_ALLOW,
546             'editingteacher' => CAP_ALLOW,
547             'manager' => CAP_ALLOW
548         )
549     ),
551     'moodle/user:loginas' => array(
553         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
555         'captype' => 'write',
556         'contextlevel' => CONTEXT_COURSE,
557         'archetypes' => array(
558             'manager' => CAP_ALLOW
559         )
560     ),
562     // can the user manage the system default profile page?
563     'moodle/user:managesyspages' => array(
565         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
567         'captype' => 'write',
568         'contextlevel' => CONTEXT_SYSTEM,
569         'archetypes' => array(
570             'manager' => CAP_ALLOW
571         )
572     ),
574     // can the user manage another user's profile page?
575     'moodle/user:manageblocks' => array(
577         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
579         'captype' => 'write',
580         'contextlevel' => CONTEXT_USER
581     ),
583     // can the user manage their own profile page?
584     'moodle/user:manageownblocks' => array(
586         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
588         'captype' => 'write',
589         'contextlevel' => CONTEXT_SYSTEM,
590         'archetypes' => array(
591             'user' => CAP_ALLOW
592         )
593     ),
595     // can the user manage their own files?
596     'moodle/user:manageownfiles' => array(
598         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
600         'captype' => 'write',
601         'contextlevel' => CONTEXT_SYSTEM,
602         'archetypes' => array(
603             'user' => CAP_ALLOW
604         )
605     ),
607     // Can the user ignore the setting userquota?
608     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
609     'moodle/user:ignoreuserquota' => array(
610         'riskbitmap' => RISK_SPAM,
611         'captype' => 'write',
612         'contextlevel' => CONTEXT_SYSTEM,
613         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
614     ),
616     // can the user manage the system default dashboard page?
617     'moodle/my:configsyspages' => array(
619         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
621         'captype' => 'write',
622         'contextlevel' => CONTEXT_SYSTEM,
623         'archetypes' => array(
624             'manager' => CAP_ALLOW
625         )
626     ),
628     'moodle/role:assign' => array(
630         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
632         'captype' => 'write',
633         'contextlevel' => CONTEXT_COURSE,
634         'archetypes' => array(
635             'editingteacher' => CAP_ALLOW,
636             'manager' => CAP_ALLOW
637         )
638     ),
640     'moodle/role:review' => array(
642         'riskbitmask' => RISK_PERSONAL,
644         'captype' => 'read',
645         'contextlevel' => CONTEXT_COURSE,
646         'archetypes' => array(
647             'teacher' => CAP_ALLOW,
648             'editingteacher' => CAP_ALLOW,
649             'manager' => CAP_ALLOW
650         )
651     ),
653     'moodle/role:override' => array(
655         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
657         'captype' => 'write',
658         'contextlevel' => CONTEXT_COURSE,
659         'archetypes' => array(
660             'manager' => CAP_ALLOW
661         )
662     ),
664     'moodle/role:safeoverride' => array(
666         'riskbitmask' => RISK_SPAM,
668         'captype' => 'write',
669         'contextlevel' => CONTEXT_COURSE,
670         'archetypes' => array(
671             'editingteacher' => CAP_ALLOW
672         )
673     ),
675     'moodle/role:manage' => array(
677         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
679         'captype' => 'write',
680         'contextlevel' => CONTEXT_SYSTEM,
681         'archetypes' => array(
682             'manager' => CAP_ALLOW
683         )
684     ),
686     'moodle/role:switchroles' => array(
688         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
690         'captype' => 'read',
691         'contextlevel' => CONTEXT_COURSE,
692         'archetypes' => array(
693             'editingteacher' => CAP_ALLOW,
694             'manager' => CAP_ALLOW
695         )
696     ),
698     // Create, update and delete course categories. (Deleting a course category
699     // does not let you delete the courses it contains, unless you also have
700     // moodle/course: delete.) Creating and deleting requires this permission in
701     // the parent category.
702     'moodle/category:manage' => array(
704         'riskbitmask' => RISK_XSS,
706         'captype' => 'write',
707         'contextlevel' => CONTEXT_COURSECAT,
708         'archetypes' => array(
709             'manager' => CAP_ALLOW
710         ),
711         'clonepermissionsfrom' => 'moodle/category:update'
712     ),
714     'moodle/category:viewhiddencategories' => array(
716         'captype' => 'read',
717         'contextlevel' => CONTEXT_COURSECAT,
718         'archetypes' => array(
719             'coursecreator' => CAP_ALLOW,
720             'manager' => CAP_ALLOW
721         ),
722         'clonepermissionsfrom' => 'moodle/category:visibility'
723     ),
725     // create, delete, move cohorts in system and course categories,
726     // (cohorts with component !== null can be only moved)
727     'moodle/cohort:manage' => array(
729         'captype' => 'write',
730         'contextlevel' => CONTEXT_COURSECAT,
731         'archetypes' => array(
732             'manager' => CAP_ALLOW
733         )
734     ),
736     // add and remove cohort members (only for cohorts where component !== null)
737     'moodle/cohort:assign' => array(
739         'captype' => 'write',
740         'contextlevel' => CONTEXT_COURSECAT,
741         'archetypes' => array(
742             'manager' => CAP_ALLOW
743         )
744     ),
746     // View visible and hidden cohorts defined in the current context.
747     'moodle/cohort:view' => array(
749         'captype' => 'read',
750         'contextlevel' => CONTEXT_COURSE,
751         'archetypes' => array(
752             'editingteacher' => CAP_ALLOW,
753             'manager' => CAP_ALLOW
754         )
755     ),
757     'moodle/course:create' => array(
759         'riskbitmask' => RISK_XSS,
761         'captype' => 'write',
762         'contextlevel' => CONTEXT_COURSECAT,
763         'archetypes' => array(
764             'coursecreator' => CAP_ALLOW,
765             'manager' => CAP_ALLOW
766         )
767     ),
769     'moodle/course:request' => array(
770         'captype' => 'write',
771         'contextlevel' => CONTEXT_SYSTEM,
772         'archetypes' => array(
773             'user' => CAP_ALLOW,
774         )
775     ),
777     'moodle/course:delete' => array(
779         'riskbitmask' => RISK_DATALOSS,
781         'captype' => 'write',
782         'contextlevel' => CONTEXT_COURSE,
783         'archetypes' => array(
784             'manager' => CAP_ALLOW
785         )
786     ),
788     'moodle/course:update' => array(
790         'riskbitmask' => RISK_XSS,
792         'captype' => 'write',
793         'contextlevel' => CONTEXT_COURSE,
794         'archetypes' => array(
795             'editingteacher' => CAP_ALLOW,
796             'manager' => CAP_ALLOW
797         )
798     ),
800     'moodle/course:view' => array(
802         'captype' => 'read',
803         'contextlevel' => CONTEXT_COURSE,
804         'archetypes' => array(
805             'manager' => CAP_ALLOW,
806         )
807     ),
809     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
810     'moodle/course:enrolreview' => array(
812         'riskbitmask' => RISK_PERSONAL,
814         'captype' => 'read',
815         'contextlevel' => CONTEXT_COURSE,
816         'archetypes' => array(
817             'editingteacher' => CAP_ALLOW,
818             'manager' => CAP_ALLOW,
819         )
820     ),
822     /* add, remove, hide enrol instances in courses */
823     'moodle/course:enrolconfig' => array(
825         'riskbitmask' => RISK_PERSONAL,
827         'captype' => 'write',
828         'contextlevel' => CONTEXT_COURSE,
829         'archetypes' => array(
830             'editingteacher' => CAP_ALLOW,
831             'manager' => CAP_ALLOW,
832         )
833     ),
835     'moodle/course:reviewotherusers' => array(
837         'captype' => 'read',
838         'contextlevel' => CONTEXT_COURSE,
839         'archetypes' => array(
840             'editingteacher' => CAP_ALLOW,
841             'manager' => CAP_ALLOW,
842         ),
843         'clonepermissionsfrom' => 'moodle/role:assign'
844     ),
846     'moodle/course:bulkmessaging' => array(
848         'riskbitmask' => RISK_SPAM,
850         'captype' => 'write',
851         'contextlevel' => CONTEXT_COURSE,
852         'archetypes' => array(
853             'teacher' => CAP_ALLOW,
854             'editingteacher' => CAP_ALLOW,
855             'manager' => CAP_ALLOW
856         )
857     ),
859     'moodle/course:viewhiddenuserfields' => array(
861         'riskbitmask' => RISK_PERSONAL,
863         'captype' => 'read',
864         'contextlevel' => CONTEXT_COURSE,
865         'archetypes' => array(
866             'teacher' => CAP_ALLOW,
867             'editingteacher' => CAP_ALLOW,
868             'manager' => CAP_ALLOW
869         )
870     ),
872     'moodle/course:viewhiddencourses' => array(
874         'captype' => 'read',
875         'contextlevel' => CONTEXT_COURSE,
876         'archetypes' => array(
877             'coursecreator' => CAP_ALLOW,
878             'teacher' => CAP_ALLOW,
879             'editingteacher' => CAP_ALLOW,
880             'manager' => CAP_ALLOW
881         )
882     ),
884     'moodle/course:visibility' => array(
886         'captype' => 'write',
887         'contextlevel' => CONTEXT_COURSE,
888         'archetypes' => array(
889             'editingteacher' => CAP_ALLOW,
890             'manager' => CAP_ALLOW
891         )
892     ),
894     'moodle/course:managefiles' => array(
896         'riskbitmask' => RISK_XSS,
898         'captype' => 'write',
899         'contextlevel' => CONTEXT_COURSE,
900         'archetypes' => array(
901             'editingteacher' => CAP_ALLOW,
902             'manager' => CAP_ALLOW
903         )
904     ),
906     'moodle/course:ignorefilesizelimits' => array(
908         'captype' => 'write',
909         'contextlevel' => CONTEXT_COURSE,
910         'archetypes' => array(
911         )
912     ),
914     'moodle/course:manageactivities' => array(
916         'riskbitmask' => RISK_XSS,
918         'captype' => 'write',
919         'contextlevel' => CONTEXT_MODULE,
920         'archetypes' => array(
921             'editingteacher' => CAP_ALLOW,
922             'manager' => CAP_ALLOW
923         )
924     ),
926     'moodle/course:activityvisibility' => array(
928         'captype' => 'write',
929         'contextlevel' => CONTEXT_MODULE,
930         'archetypes' => array(
931             'editingteacher' => CAP_ALLOW,
932             'manager' => CAP_ALLOW
933         )
934     ),
936     'moodle/course:viewhiddenactivities' => array(
938         'captype' => 'write',
939         'contextlevel' => CONTEXT_MODULE,
940         'archetypes' => array(
941             'teacher' => CAP_ALLOW,
942             'editingteacher' => CAP_ALLOW,
943             'manager' => CAP_ALLOW
944         )
945     ),
947     'moodle/course:viewparticipants' => array(
949         'captype' => 'read',
950         'contextlevel' => CONTEXT_COURSE,
951         'archetypes' => array(
952             'student' => CAP_ALLOW,
953             'teacher' => CAP_ALLOW,
954             'editingteacher' => CAP_ALLOW,
955             'manager' => CAP_ALLOW
956         )
957     ),
959     'moodle/course:changefullname' => array(
961         'riskbitmask' => RISK_XSS,
963         'captype' => 'write',
964         'contextlevel' => CONTEXT_COURSE,
965         'archetypes' => array(
966             'editingteacher' => CAP_ALLOW,
967             'manager' => CAP_ALLOW
968         ),
969         'clonepermissionsfrom' => 'moodle/course:update'
970     ),
972     'moodle/course:changeshortname' => array(
974         'riskbitmask' => RISK_XSS,
976         'captype' => 'write',
977         'contextlevel' => CONTEXT_COURSE,
978         'archetypes' => array(
979             'editingteacher' => CAP_ALLOW,
980             'manager' => CAP_ALLOW
981         ),
982         'clonepermissionsfrom' => 'moodle/course:update'
983     ),
985     'moodle/course:renameroles' => array(
986         'captype' => 'write',
987         'contextlevel' => CONTEXT_COURSE,
988         'archetypes' => array(
989             'editingteacher' => CAP_ALLOW,
990             'manager' => CAP_ALLOW
991         ),
992         'clonepermissionsfrom' => 'moodle/course:update'
993     ),
995     'moodle/course:changeidnumber' => array(
997         'riskbitmask' => RISK_XSS,
999         'captype' => 'write',
1000         'contextlevel' => CONTEXT_COURSE,
1001         'archetypes' => array(
1002             'editingteacher' => CAP_ALLOW,
1003             'manager' => CAP_ALLOW
1004         ),
1005         'clonepermissionsfrom' => 'moodle/course:update'
1006     ),
1007     'moodle/course:changecategory' => array(
1008         'riskbitmask' => RISK_XSS,
1010         'captype' => 'write',
1011         'contextlevel' => CONTEXT_COURSE,
1012         'archetypes' => array(
1013             'editingteacher' => CAP_ALLOW,
1014             'manager' => CAP_ALLOW
1015         ),
1016         'clonepermissionsfrom' => 'moodle/course:update'
1017     ),
1019     'moodle/course:changesummary' => array(
1020         'riskbitmask' => RISK_XSS,
1022         'captype' => 'write',
1023         'contextlevel' => CONTEXT_COURSE,
1024         'archetypes' => array(
1025             'editingteacher' => CAP_ALLOW,
1026             'manager' => CAP_ALLOW
1027         ),
1028         'clonepermissionsfrom' => 'moodle/course:update'
1029     ),
1032     'moodle/site:viewparticipants' => array(
1034         'captype' => 'read',
1035         'contextlevel' => CONTEXT_SYSTEM,
1036         'archetypes' => array(
1037             'manager' => CAP_ALLOW
1038         )
1039     ),
1041     'moodle/course:isincompletionreports' => array(
1042         'captype' => 'read',
1043         'contextlevel' => CONTEXT_COURSE,
1044         'archetypes' => array(
1045             'student' => CAP_ALLOW,
1046         ),
1047     ),
1049     'moodle/course:viewscales' => array(
1051         'captype' => 'read',
1052         'contextlevel' => CONTEXT_COURSE,
1053         'archetypes' => array(
1054             'student' => CAP_ALLOW,
1055             'teacher' => CAP_ALLOW,
1056             'editingteacher' => CAP_ALLOW,
1057             'manager' => CAP_ALLOW
1058         )
1059     ),
1061     'moodle/course:managescales' => array(
1063         'captype' => 'write',
1064         'contextlevel' => CONTEXT_COURSE,
1065         'archetypes' => array(
1066             'editingteacher' => CAP_ALLOW,
1067             'manager' => CAP_ALLOW
1068         )
1069     ),
1071     'moodle/course:managegroups' => array(
1073         'captype' => 'write',
1074         'contextlevel' => CONTEXT_COURSE,
1075         'archetypes' => array(
1076             'editingteacher' => CAP_ALLOW,
1077             'manager' => CAP_ALLOW
1078         )
1079     ),
1081     'moodle/course:reset' => array(
1083         'riskbitmask' => RISK_DATALOSS,
1085         'captype' => 'write',
1086         'contextlevel' => CONTEXT_COURSE,
1087         'archetypes' => array(
1088             'editingteacher' => CAP_ALLOW,
1089             'manager' => CAP_ALLOW
1090         )
1091     ),
1093     'moodle/course:viewsuspendedusers' => array(
1095         'captype' => 'read',
1096         'contextlevel' => CONTEXT_SYSTEM,
1097         'archetypes' => array(
1098             'editingteacher' => CAP_ALLOW,
1099             'manager' => CAP_ALLOW
1100         )
1101     ),
1103     'moodle/course:tag' => array(
1104         'riskbitmask' => RISK_SPAM,
1105         'captype' => 'write',
1106         'contextlevel' => CONTEXT_COURSE,
1107         'archetypes' => array(
1108             'manager' => CAP_ALLOW,
1109             'editingteacher' => CAP_ALLOW,
1110         ),
1111         'clonepermissionsfrom' => 'moodle/course:update'
1112     ),
1114     'moodle/blog:view' => array(
1116         'captype' => 'read',
1117         'contextlevel' => CONTEXT_SYSTEM,
1118         'archetypes' => array(
1119             'guest' => CAP_ALLOW,
1120             'user' => CAP_ALLOW,
1121             'student' => CAP_ALLOW,
1122             'teacher' => CAP_ALLOW,
1123             'editingteacher' => CAP_ALLOW,
1124             'manager' => CAP_ALLOW
1125         )
1126     ),
1128     'moodle/blog:search' => array(
1129         'captype' => 'read',
1130         'contextlevel' => CONTEXT_SYSTEM,
1131         'archetypes' => array(
1132             'guest' => CAP_ALLOW,
1133             'user' => CAP_ALLOW,
1134             'student' => CAP_ALLOW,
1135             'teacher' => CAP_ALLOW,
1136             'editingteacher' => CAP_ALLOW,
1137             'manager' => CAP_ALLOW
1138         )
1139     ),
1141     'moodle/blog:viewdrafts' => array(
1143         'riskbitmask' => RISK_PERSONAL,
1144         'captype' => 'read',
1145         'contextlevel' => CONTEXT_SYSTEM,
1146         'archetypes' => array(
1147             'manager' => CAP_ALLOW
1148         )
1149     ),
1151     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1153         'riskbitmask' => RISK_SPAM,
1155         'captype' => 'write',
1156         'contextlevel' => CONTEXT_SYSTEM,
1157         'archetypes' => array(
1158             'user' => CAP_ALLOW,
1159             'manager' => CAP_ALLOW
1160         )
1161     ),
1163     'moodle/blog:manageentries' => array(
1165         'riskbitmask' => RISK_SPAM,
1167         'captype' => 'write',
1168         'contextlevel' => CONTEXT_SYSTEM,
1169         'archetypes' => array(
1170             'teacher' => CAP_ALLOW,
1171             'editingteacher' => CAP_ALLOW,
1172             'manager' => CAP_ALLOW
1173         )
1174     ),
1176     'moodle/blog:manageexternal' => array(
1178         'riskbitmask' => RISK_SPAM,
1180         'captype' => 'write',
1181         'contextlevel' => CONTEXT_SYSTEM,
1182         'archetypes' => array(
1183             'student' => CAP_ALLOW,
1184             'user' => CAP_ALLOW,
1185             'teacher' => CAP_ALLOW,
1186             'editingteacher' => CAP_ALLOW,
1187             'manager' => CAP_ALLOW
1188         )
1189     ),
1191     // TODO: Remove 'moodle/blog:associatecourse' and 'moodle/blog:associatemodule' after a few releases.
1192     'moodle/blog:associatecourse' => array(
1194         'captype' => 'write',
1195         'contextlevel' => CONTEXT_COURSE,
1196         'archetypes' => array()
1197     ),
1199     'moodle/blog:associatemodule' => array(
1201         'captype' => 'write',
1202         'contextlevel' => CONTEXT_MODULE,
1203         'archetypes' => array()
1204     ),
1206     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1208         'riskbitmask' => RISK_SPAM,
1210         'captype' => 'write',
1211         'contextlevel' => CONTEXT_COURSE,
1212         'archetypes' => array(
1213             'user' => CAP_ALLOW,
1214             'manager' => CAP_ALLOW
1215         )
1216     ),
1218     'moodle/calendar:managegroupentries' => array(
1220         'riskbitmask' => RISK_SPAM,
1222         'captype' => 'write',
1223         'contextlevel' => CONTEXT_COURSE,
1224         'archetypes' => array(
1225             'teacher' => CAP_ALLOW,
1226             'editingteacher' => CAP_ALLOW,
1227             'manager' => CAP_ALLOW
1228         )
1229     ),
1231     'moodle/calendar:manageentries' => array(
1233         'riskbitmask' => RISK_SPAM,
1235         'captype' => 'write',
1236         'contextlevel' => CONTEXT_COURSE,
1237         'archetypes' => array(
1238             'teacher' => CAP_ALLOW,
1239             'editingteacher' => CAP_ALLOW,
1240             'manager' => CAP_ALLOW
1241         )
1242     ),
1244     'moodle/user:editprofile' => array(
1246         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1248         'captype' => 'write',
1249         'contextlevel' => CONTEXT_USER,
1250         'archetypes' => array(
1251             'manager' => CAP_ALLOW
1252         )
1253     ),
1255     'moodle/user:editownprofile' => array(
1257         'riskbitmask' => RISK_SPAM,
1259         'captype' => 'write',
1260         'contextlevel' => CONTEXT_SYSTEM,
1261         'archetypes' => array(
1262             'guest' => CAP_PROHIBIT,
1263             'user' => CAP_ALLOW,
1264             'manager' => CAP_ALLOW
1265         )
1266     ),
1268     'moodle/user:changeownpassword' => array(
1270         'captype' => 'write',
1271         'contextlevel' => CONTEXT_SYSTEM,
1272         'archetypes' => array(
1273             'guest' => CAP_PROHIBIT,
1274             'user' => CAP_ALLOW,
1275             'manager' => CAP_ALLOW
1276         )
1277     ),
1279     // The next 3 might make no sense for some roles, e.g teacher, etc.
1280     // since the next level up is site. These are more for the parent role
1281     'moodle/user:readuserposts' => array(
1283         'captype' => 'read',
1284         'contextlevel' => CONTEXT_USER,
1285         'archetypes' => array(
1286             'student' => CAP_ALLOW,
1287             'teacher' => CAP_ALLOW,
1288             'editingteacher' => CAP_ALLOW,
1289             'manager' => CAP_ALLOW
1290         )
1291     ),
1293     'moodle/user:readuserblogs' => array(
1295         'captype' => 'read',
1296         'contextlevel' => CONTEXT_USER,
1297         'archetypes' => array(
1298             'student' => CAP_ALLOW,
1299             'teacher' => CAP_ALLOW,
1300             'editingteacher' => CAP_ALLOW,
1301             'manager' => CAP_ALLOW
1302         )
1303     ),
1305     // designed for parent role - not used in legacy roles
1306     'moodle/user:viewuseractivitiesreport' => array(
1307         'riskbitmask' => RISK_PERSONAL,
1309         'captype' => 'read',
1310         'contextlevel' => CONTEXT_USER,
1311         'archetypes' => array(
1312         )
1313     ),
1315     //capabilities designed for the new message system configuration
1316     'moodle/user:editmessageprofile' => array(
1318          'riskbitmask' => RISK_SPAM,
1320          'captype' => 'write',
1321          'contextlevel' => CONTEXT_USER,
1322          'archetypes' => array(
1323              'manager' => CAP_ALLOW
1324          )
1325      ),
1327      'moodle/user:editownmessageprofile' => array(
1329          'captype' => 'write',
1330          'contextlevel' => CONTEXT_SYSTEM,
1331          'archetypes' => array(
1332              'guest' => CAP_PROHIBIT,
1333              'user' => CAP_ALLOW,
1334              'manager' => CAP_ALLOW
1335          )
1336      ),
1338     'moodle/question:managecategory' => array(
1339         'riskbitmask' => RISK_SPAM | RISK_XSS,
1340         'captype' => 'write',
1341         'contextlevel' => CONTEXT_COURSE,
1342         'archetypes' => array(
1343             'editingteacher' => CAP_ALLOW,
1344             'manager' => CAP_ALLOW
1345         )
1346     ),
1348     //new in moodle 1.9
1349     'moodle/question:add' => array(
1350         'riskbitmask' => RISK_SPAM | RISK_XSS,
1351         'captype' => 'write',
1352         'contextlevel' => CONTEXT_COURSE,
1353         'archetypes' => array(
1354             'editingteacher' => CAP_ALLOW,
1355             'manager' => CAP_ALLOW
1356         ),
1357         'clonepermissionsfrom' =>  'moodle/question:manage'
1358     ),
1359     'moodle/question:editmine' => array(
1360         'riskbitmask' => RISK_SPAM | RISK_XSS,
1361         'captype' => 'write',
1362         'contextlevel' => CONTEXT_COURSE,
1363         'archetypes' => array(
1364             'editingteacher' => CAP_ALLOW,
1365             'manager' => CAP_ALLOW
1366         ),
1367         'clonepermissionsfrom' =>  'moodle/question:manage'
1368     ),
1369     'moodle/question:editall' => array(
1370         'riskbitmask' => RISK_SPAM | RISK_XSS,
1371         'captype' => 'write',
1372         'contextlevel' => CONTEXT_COURSE,
1373         'archetypes' => array(
1374             'editingteacher' => CAP_ALLOW,
1375             'manager' => CAP_ALLOW
1376         ),
1377         'clonepermissionsfrom' =>  'moodle/question:manage'
1378     ),
1379     'moodle/question:viewmine' => array(
1380         'captype' => 'read',
1381         'contextlevel' => CONTEXT_COURSE,
1382         'archetypes' => array(
1383             'editingteacher' => CAP_ALLOW,
1384             'manager' => CAP_ALLOW
1385         ),
1386         'clonepermissionsfrom' =>  'moodle/question:manage'
1387     ),
1388     'moodle/question:viewall' => array(
1389         'captype' => 'read',
1390         'contextlevel' => CONTEXT_COURSE,
1391         'archetypes' => array(
1392             'editingteacher' => CAP_ALLOW,
1393             'manager' => CAP_ALLOW
1394         ),
1395         'clonepermissionsfrom' =>  'moodle/question:manage'
1396     ),
1397     'moodle/question:usemine' => array(
1398         'captype' => 'read',
1399         'contextlevel' => CONTEXT_COURSE,
1400         'archetypes' => array(
1401             'editingteacher' => CAP_ALLOW,
1402             'manager' => CAP_ALLOW
1403         ),
1404         'clonepermissionsfrom' =>  'moodle/question:manage'
1405     ),
1406     'moodle/question:useall' => array(
1407         'captype' => 'read',
1408         'contextlevel' => CONTEXT_COURSE,
1409         'archetypes' => array(
1410             'editingteacher' => CAP_ALLOW,
1411             'manager' => CAP_ALLOW
1412         ),
1413         'clonepermissionsfrom' =>  'moodle/question:manage'
1414     ),
1415     'moodle/question:movemine' => array(
1416         'captype' => 'write',
1417         'contextlevel' => CONTEXT_COURSE,
1418         'archetypes' => array(
1419             'editingteacher' => CAP_ALLOW,
1420             'manager' => CAP_ALLOW
1421         ),
1422         'clonepermissionsfrom' =>  'moodle/question:manage'
1423     ),
1424     'moodle/question:moveall' => array(
1425         'captype' => 'write',
1426         'contextlevel' => CONTEXT_COURSE,
1427         'archetypes' => array(
1428             'editingteacher' => CAP_ALLOW,
1429             'manager' => CAP_ALLOW
1430         ),
1431         'clonepermissionsfrom' =>  'moodle/question:manage'
1432     ),
1433     //END new in moodle 1.9
1435     // Configure the installed question types.
1436     'moodle/question:config' => array(
1437         'riskbitmask' => RISK_CONFIG,
1438         'captype' => 'write',
1439         'contextlevel' => CONTEXT_SYSTEM,
1440         'archetypes' => array(
1441             'manager' => CAP_ALLOW
1442         )
1443     ),
1445     // While attempting questions, the ability to flag particular questions for later reference.
1446     'moodle/question:flag' => array(
1447         'captype' => 'write',
1448         'contextlevel' => CONTEXT_COURSE,
1449         'archetypes' => array(
1450             'student' => CAP_ALLOW,
1451             'teacher' => CAP_ALLOW,
1452             'editingteacher' => CAP_ALLOW,
1453             'manager' => CAP_ALLOW
1454         )
1455     ),
1457     'moodle/site:doclinks' => array(
1458         'captype' => 'read',
1459         'contextlevel' => CONTEXT_SYSTEM,
1460         'archetypes' => array(
1461             'teacher' => CAP_ALLOW,
1462             'editingteacher' => CAP_ALLOW,
1463             'manager' => CAP_ALLOW
1464         )
1465     ),
1467     'moodle/course:sectionvisibility' => array(
1469         'captype' => 'write',
1470         'contextlevel' => CONTEXT_COURSE,
1471         'archetypes' => array(
1472             'editingteacher' => CAP_ALLOW,
1473             'manager' => CAP_ALLOW
1474         )
1475     ),
1477     'moodle/course:useremail' => array(
1479         'captype' => 'write',
1480         'contextlevel' => CONTEXT_COURSE,
1481         'archetypes' => array(
1482             'editingteacher' => CAP_ALLOW,
1483             'manager' => CAP_ALLOW
1484         )
1485     ),
1487     'moodle/course:viewhiddensections' => array(
1489         'captype' => 'write',
1490         'contextlevel' => CONTEXT_COURSE,
1491         'archetypes' => array(
1492             'editingteacher' => CAP_ALLOW,
1493             'manager' => CAP_ALLOW
1494         )
1495     ),
1497     'moodle/course:setcurrentsection' => array(
1499         'captype' => 'write',
1500         'contextlevel' => CONTEXT_COURSE,
1501         'archetypes' => array(
1502             'editingteacher' => CAP_ALLOW,
1503             'manager' => CAP_ALLOW
1504         )
1505     ),
1507     'moodle/course:movesections' => array(
1509         'captype' => 'write',
1510         'contextlevel' => CONTEXT_COURSE,
1511         'archetypes' => array(
1512             'editingteacher' => CAP_ALLOW,
1513             'manager' => CAP_ALLOW
1514         ),
1515         'clonepermissionsfrom' => 'moodle/course:update'
1516     ),
1518     'moodle/site:mnetlogintoremote' => array(
1520         'captype' => 'read',
1521         'contextlevel' => CONTEXT_SYSTEM,
1522         'archetypes' => array(
1523         )
1524     ),
1526     'moodle/grade:viewall' => array(
1527         'riskbitmask' => RISK_PERSONAL,
1528         'captype' => 'read',
1529         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1530         'archetypes' => array(
1531             'teacher' => CAP_ALLOW,
1532             'editingteacher' => CAP_ALLOW,
1533             'manager' => CAP_ALLOW
1534         ),
1535         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1536     ),
1538     'moodle/grade:view' => array(
1539         'captype' => 'read',
1540         'contextlevel' => CONTEXT_COURSE,
1541         'archetypes' => array(
1542             'student' => CAP_ALLOW
1543         )
1544     ),
1546     'moodle/grade:viewhidden' => array(
1547         'riskbitmask' => RISK_PERSONAL,
1548         'captype' => 'read',
1549         'contextlevel' => CONTEXT_COURSE,
1550         'archetypes' => array(
1551             'teacher' => CAP_ALLOW,
1552             'editingteacher' => CAP_ALLOW,
1553             'manager' => CAP_ALLOW
1554         ),
1555         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1556     ),
1558     'moodle/grade:import' => array(
1559         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1560         'captype' => 'write',
1561         'contextlevel' => CONTEXT_COURSE,
1562         'archetypes' => array(
1563             'editingteacher' => CAP_ALLOW,
1564             'manager' => CAP_ALLOW
1565         ),
1566         'clonepermissionsfrom' => 'moodle/course:managegrades'
1567     ),
1569     'moodle/grade:export' => array(
1570         'riskbitmask' => RISK_PERSONAL,
1571         'captype' => 'read',
1572         'contextlevel' => CONTEXT_COURSE,
1573         'archetypes' => array(
1574             'teacher' => CAP_ALLOW,
1575             'editingteacher' => CAP_ALLOW,
1576             'manager' => CAP_ALLOW
1577         ),
1578         'clonepermissionsfrom' => 'moodle/course:managegrades'
1579     ),
1581     'moodle/grade:manage' => array(
1582         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1583         'captype' => 'write',
1584         'contextlevel' => CONTEXT_COURSE,
1585         'archetypes' => array(
1586             'editingteacher' => CAP_ALLOW,
1587             'manager' => CAP_ALLOW
1588         ),
1589         'clonepermissionsfrom' => 'moodle/course:managegrades'
1590     ),
1592     'moodle/grade:edit' => array(
1593         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1594         'captype' => 'write',
1595         'contextlevel' => CONTEXT_COURSE,
1596         'archetypes' => array(
1597             'editingteacher' => CAP_ALLOW,
1598             'manager' => CAP_ALLOW
1599         ),
1600         'clonepermissionsfrom' => 'moodle/course:managegrades'
1601     ),
1603     // ability to define advanced grading forms in activities either from scratch
1604     // or from a shared template
1605     'moodle/grade:managegradingforms' => array(
1606         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1607         'captype' => 'write',
1608         'contextlevel' => CONTEXT_COURSE,
1609         'archetypes' => array(
1610             'editingteacher' => CAP_ALLOW,
1611             'manager' => CAP_ALLOW
1612         ),
1613         'clonepermissionsfrom' => 'moodle/course:managegrades'
1614     ),
1616     // ability to save a grading form as a new shared template and eventually edit
1617     // and remove own templates (templates originally shared by that user)
1618     'moodle/grade:sharegradingforms' => array(
1619         'riskbitmask' => RISK_XSS,
1620         'captype' => 'write',
1621         'contextlevel' => CONTEXT_SYSTEM,
1622         'archetypes' => array(
1623             'manager' => CAP_ALLOW
1624         ),
1625     ),
1627     // ability to edit and remove any shared template, even those originally shared
1628     // by other users
1629     'moodle/grade:managesharedforms' => array(
1630         'riskbitmask' => RISK_XSS,
1631         'captype' => 'write',
1632         'contextlevel' => CONTEXT_SYSTEM,
1633         'archetypes' => array(
1634             'manager' => CAP_ALLOW
1635         ),
1636     ),
1638     'moodle/grade:manageoutcomes' => array(
1639         'captype' => 'write',
1640         'contextlevel' => CONTEXT_COURSE,
1641         'archetypes' => array(
1642             'editingteacher' => CAP_ALLOW,
1643             'manager' => CAP_ALLOW
1644         ),
1645         'clonepermissionsfrom' => 'moodle/course:managegrades'
1646     ),
1648     'moodle/grade:manageletters' => array(
1649         'captype' => 'write',
1650         'contextlevel' => CONTEXT_COURSE,
1651         'archetypes' => array(
1652             'editingteacher' => CAP_ALLOW,
1653             'manager' => CAP_ALLOW
1654         ),
1655         'clonepermissionsfrom' => 'moodle/course:managegrades'
1656     ),
1658     'moodle/grade:hide' => array(
1659         'captype' => 'write',
1660         'contextlevel' => CONTEXT_COURSE,
1661         'archetypes' => array(
1662             'editingteacher' => CAP_ALLOW,
1663             'manager' => CAP_ALLOW
1664         )
1665     ),
1667     'moodle/grade:lock' => array(
1668         'captype' => 'write',
1669         'contextlevel' => CONTEXT_COURSE,
1670         'archetypes' => array(
1671             'editingteacher' => CAP_ALLOW,
1672             'manager' => CAP_ALLOW
1673         )
1674     ),
1676     'moodle/grade:unlock' => array(
1677         'captype' => 'write',
1678         'contextlevel' => CONTEXT_COURSE,
1679         'archetypes' => array(
1680             'editingteacher' => CAP_ALLOW,
1681             'manager' => CAP_ALLOW
1682         )
1683     ),
1685     'moodle/my:manageblocks' => array(
1686         'captype' => 'write',
1687         'contextlevel' => CONTEXT_SYSTEM,
1688         'archetypes' => array(
1689             'user' => CAP_ALLOW
1690         )
1691     ),
1693     'moodle/notes:view' => array(
1694         'captype' => 'read',
1695         'contextlevel' => CONTEXT_COURSE,
1696         'archetypes' => array(
1697             'teacher' => CAP_ALLOW,
1698             'editingteacher' => CAP_ALLOW,
1699             'manager' => CAP_ALLOW
1700         )
1701     ),
1703     'moodle/notes:manage' => array(
1704         'riskbitmask' => RISK_SPAM,
1706         'captype' => 'write',
1707         'contextlevel' => CONTEXT_COURSE,
1708         'archetypes' => array(
1709             'teacher' => CAP_ALLOW,
1710             'editingteacher' => CAP_ALLOW,
1711             'manager' => CAP_ALLOW
1712         )
1713     ),
1715     'moodle/tag:manage' => array(
1716         'riskbitmask' => RISK_SPAM,
1718         'captype' => 'write',
1719         'contextlevel' => CONTEXT_SYSTEM,
1720         'archetypes' => array(
1721             'manager' => CAP_ALLOW
1722         )
1723     ),
1725     'moodle/tag:edit' => array(
1726         'riskbitmask' => RISK_SPAM,
1728         'captype' => 'write',
1729         'contextlevel' => CONTEXT_SYSTEM,
1730         'archetypes' => array(
1731             'manager' => CAP_ALLOW
1732         )
1733     ),
1735     'moodle/tag:flag' => array(
1736         'riskbitmask' => RISK_SPAM,
1738         'captype' => 'write',
1739         'contextlevel' => CONTEXT_SYSTEM,
1740         'archetypes' => array(
1741             'user' => CAP_ALLOW
1742         )
1743     ),
1745     'moodle/tag:editblocks' => array(
1746         'captype' => 'write',
1747         'contextlevel' => CONTEXT_SYSTEM,
1748         'archetypes' => array(
1749             'teacher' => CAP_ALLOW,
1750             'editingteacher' => CAP_ALLOW,
1751             'manager' => CAP_ALLOW
1752         )
1753     ),
1755     'moodle/block:view' => array(
1756         'captype' => 'read',
1757         'contextlevel' => CONTEXT_BLOCK,
1758         'archetypes' => array(
1759             'guest' => CAP_ALLOW,
1760             'user' => CAP_ALLOW,
1761             'student' => CAP_ALLOW,
1762             'teacher' => CAP_ALLOW,
1763             'editingteacher' => CAP_ALLOW,
1764         )
1765     ),
1767     'moodle/block:edit' => array(
1768         'riskbitmask' => RISK_SPAM | RISK_XSS,
1770         'captype' => 'write',
1771         'contextlevel' => CONTEXT_BLOCK,
1772         'archetypes' => array(
1773             'editingteacher' => CAP_ALLOW,
1774             'manager' => CAP_ALLOW
1775         )
1776     ),
1778     'moodle/portfolio:export' => array(
1779         'captype' => 'read',
1780         'contextlevel' => CONTEXT_SYSTEM,
1781         'archetypes' => array(
1782             'user' => CAP_ALLOW,
1783             'student' => CAP_ALLOW,
1784             'teacher' => CAP_ALLOW,
1785             'editingteacher' => CAP_ALLOW,
1786         )
1787     ),
1788     'moodle/comment:view' => array(
1789         'captype' => 'read',
1790         'contextlevel' => CONTEXT_COURSE,
1791         'archetypes' => array(
1792             'frontpage' => CAP_ALLOW,
1793             'guest' => CAP_ALLOW,
1794             'user' => CAP_ALLOW,
1795             'student' => CAP_ALLOW,
1796             'teacher' => CAP_ALLOW,
1797             'editingteacher' => CAP_ALLOW,
1798             'manager' => CAP_ALLOW
1799         )
1800     ),
1801     'moodle/comment:post' => array(
1803         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1804         'captype' => 'write',
1805         'contextlevel' => CONTEXT_COURSE,
1806         'archetypes' => array(
1807             'user' => CAP_ALLOW,
1808             'student' => CAP_ALLOW,
1809             'teacher' => CAP_ALLOW,
1810             'editingteacher' => CAP_ALLOW,
1811             'manager' => CAP_ALLOW
1812         )
1813     ),
1814     'moodle/comment:delete' => array(
1816         'riskbitmask' => RISK_DATALOSS,
1817         'captype' => 'write',
1818         'contextlevel' => CONTEXT_COURSE,
1819         'archetypes' => array(
1820             'editingteacher' => CAP_ALLOW,
1821             'manager' => CAP_ALLOW
1822         )
1823     ),
1824     'moodle/webservice:createtoken' => array(
1826         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1827         'captype' => 'write',
1828         'contextlevel' => CONTEXT_SYSTEM,
1829         'archetypes' => array(
1830             'manager' => CAP_ALLOW
1831         )
1832     ),
1833     'moodle/webservice:createmobiletoken' => array(
1835         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1836         'captype' => 'write',
1837         'contextlevel' => CONTEXT_SYSTEM,
1838         'archetypes' => array(
1839             'user' => CAP_ALLOW
1840         )
1841     ),
1842     'moodle/rating:view' => array(
1844         'captype' => 'read',
1845         'contextlevel' => CONTEXT_COURSE,
1846         'archetypes' => array(
1847             'user' => CAP_ALLOW,
1848             'student' => CAP_ALLOW,
1849             'teacher' => CAP_ALLOW,
1850             'editingteacher' => CAP_ALLOW,
1851             'manager' => CAP_ALLOW
1852         )
1853     ),
1854     'moodle/rating:viewany' => array(
1856         'riskbitmask' => RISK_PERSONAL,
1857         'captype' => 'read',
1858         'contextlevel' => CONTEXT_COURSE,
1859         'archetypes' => array(
1860             'user' => CAP_ALLOW,
1861             'student' => CAP_ALLOW,
1862             'teacher' => CAP_ALLOW,
1863             'editingteacher' => CAP_ALLOW,
1864             'manager' => CAP_ALLOW
1865         )
1866     ),
1867     'moodle/rating:viewall' => array(
1869         'riskbitmask' => RISK_PERSONAL,
1870         'captype' => 'read',
1871         'contextlevel' => CONTEXT_COURSE,
1872         'archetypes' => array(
1873             'user' => CAP_ALLOW,
1874             'student' => CAP_ALLOW,
1875             'teacher' => CAP_ALLOW,
1876             'editingteacher' => CAP_ALLOW,
1877             'manager' => CAP_ALLOW
1878         )
1879     ),
1880     'moodle/rating:rate' => array(
1882         'captype' => 'write',
1883         'contextlevel' => CONTEXT_COURSE,
1884         'archetypes' => array(
1885             'user' => CAP_ALLOW,
1886             'student' => CAP_ALLOW,
1887             'teacher' => CAP_ALLOW,
1888             'editingteacher' => CAP_ALLOW,
1889             'manager' => CAP_ALLOW
1890         )
1891     ),
1892      'moodle/course:publish' => array(
1894         'captype' => 'write',
1895         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1896         'contextlevel' => CONTEXT_SYSTEM,
1897         'archetypes' => array(
1898             'manager' => CAP_ALLOW
1899         )
1900     ),
1901     'moodle/course:markcomplete' => array(
1902         'captype' => 'write',
1903         'contextlevel' => CONTEXT_COURSE,
1904         'archetypes' => array(
1905             'teacher' => CAP_ALLOW,
1906             'editingteacher' => CAP_ALLOW,
1907             'manager' => CAP_ALLOW
1908         )
1909     ),
1910     'moodle/community:add' => array(
1911         'captype' => 'write',
1912         'contextlevel' => CONTEXT_SYSTEM,
1913         'archetypes' => array(
1914             'manager' => CAP_ALLOW,
1915             'teacher' => CAP_ALLOW,
1916             'editingteacher' => CAP_ALLOW,
1917         )
1918     ),
1919     'moodle/community:download' => array(
1920         'captype' => 'write',
1921         'contextlevel' => CONTEXT_SYSTEM,
1922         'archetypes' => array(
1923             'manager' => CAP_ALLOW,
1924             'editingteacher' => CAP_ALLOW,
1925         )
1926     ),
1928     // Badges.
1929     'moodle/badges:manageglobalsettings' => array(
1930         'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
1931         'captype'      => 'write',
1932         'contextlevel' => CONTEXT_SYSTEM,
1933         'archetypes'   => array(
1934             'manager'       => CAP_ALLOW,
1935         )
1936     ),
1938     // View available badges without earning them.
1939     'moodle/badges:viewbadges' => array(
1940         'captype'       => 'read',
1941         'contextlevel'  => CONTEXT_COURSE,
1942         'archetypes'    => array(
1943             'user'          => CAP_ALLOW,
1944         )
1945     ),
1947     // Manage badges on own private badges page.
1948     'moodle/badges:manageownbadges' => array(
1949         'riskbitmap'    => RISK_SPAM,
1950         'captype'       => 'write',
1951         'contextlevel'  => CONTEXT_USER,
1952         'archetypes'    => array(
1953             'user'    => CAP_ALLOW
1954         )
1955     ),
1957     // View public badges in other users' profiles.
1958     'moodle/badges:viewotherbadges' => array(
1959         'riskbitmap'    => RISK_PERSONAL,
1960         'captype'       => 'read',
1961         'contextlevel'  => CONTEXT_USER,
1962         'archetypes'    => array(
1963             'user'    => CAP_ALLOW
1964         )
1965     ),
1967     // Earn badge.
1968     'moodle/badges:earnbadge' => array(
1969         'captype'       => 'write',
1970         'contextlevel'  => CONTEXT_COURSE,
1971         'archetypes'    => array(
1972             'user'           => CAP_ALLOW,
1973         )
1974     ),
1976     // Create/duplicate badges.
1977     'moodle/badges:createbadge' => array(
1978         'riskbitmask'  => RISK_SPAM,
1979         'captype'      => 'write',
1980         'contextlevel' => CONTEXT_COURSE,
1981         'archetypes'   => array(
1982             'manager'        => CAP_ALLOW,
1983             'editingteacher' => CAP_ALLOW,
1984         )
1985     ),
1987     // Delete badges.
1988     'moodle/badges:deletebadge' => array(
1989         'riskbitmask'  => RISK_DATALOSS,
1990         'captype'      => 'write',
1991         'contextlevel' => CONTEXT_COURSE,
1992         'archetypes'   => array(
1993             'manager'        => CAP_ALLOW,
1994             'editingteacher' => CAP_ALLOW,
1995         )
1996     ),
1998     // Set up/edit badge details.
1999     'moodle/badges:configuredetails' => array(
2000         'riskbitmask'  => RISK_SPAM,
2001         'captype'      => 'write',
2002         'contextlevel' => CONTEXT_COURSE,
2003         'archetypes'   => array(
2004             'manager'        => CAP_ALLOW,
2005             'editingteacher' => CAP_ALLOW,
2006         )
2007     ),
2009     // Set up/edit criteria of earning a badge.
2010     'moodle/badges:configurecriteria' => array(
2011         'riskbitmask'  => RISK_XSS,
2012         'captype'      => 'write',
2013         'contextlevel' => CONTEXT_COURSE,
2014         'archetypes'   => array(
2015             'manager'        => CAP_ALLOW,
2016             'editingteacher' => CAP_ALLOW,
2017         )
2018     ),
2020     // Configure badge messages.
2021     'moodle/badges:configuremessages' => array(
2022         'riskbitmask'  => RISK_SPAM,
2023         'captype'      => 'write',
2024         'contextlevel' => CONTEXT_COURSE,
2025         'archetypes'   => array(
2026             'manager'        => CAP_ALLOW,
2027             'editingteacher' => CAP_ALLOW,
2028         )
2029     ),
2031     // Award badge to a user.
2032     'moodle/badges:awardbadge' => array(
2033         'riskbitmask'  => RISK_SPAM,
2034         'captype'      => 'write',
2035         'contextlevel' => CONTEXT_COURSE,
2036         'archetypes'   => array(
2037             'manager'        => CAP_ALLOW,
2038             'teacher'        => CAP_ALLOW,
2039             'editingteacher' => CAP_ALLOW,
2040         )
2041     ),
2043     // View users who earned a specific badge without being able to award a badge.
2044     'moodle/badges:viewawarded' => array(
2045         'riskbitmask'  => RISK_PERSONAL,
2046         'captype'      => 'read',
2047         'contextlevel' => CONTEXT_COURSE,
2048         'archetypes'   => array(
2049                 'manager'        => CAP_ALLOW,
2050                 'teacher'        => CAP_ALLOW,
2051                 'editingteacher' => CAP_ALLOW,
2052         )
2053     ),
2055     'moodle/site:forcelanguage' => array(
2056         'captype' => 'read',
2057         'contextlevel' => CONTEXT_SYSTEM,
2058         'archetypes' => array(
2059         )
2060     )
2061 );