improved docs and license headers, adding direct access protection
[moodle.git] / lib / db / access.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * Capability definitions for Moodle core.
20  *
21  * The capabilities are loaded into the database table when the module is
22  * installed or updated. Whenever the capability definitions are updated,
23  * the module version number should be bumped up.
24  *
25  * The system has four possible values for a capability:
26  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
27  *
28  *
29  * CAPABILITY NAMING CONVENTION
30  *
31  * It is important that capability names are unique. The naming convention
32  * for capabilities that are specific to modules and blocks is as follows:
33  *   [mod/block]/<plugin_name>:<capabilityname>
34  *
35  * component_name should be the same as the directory name of the mod or block.
36  *
37  * Core moodle capabilities are defined thus:
38  *    moodle/<capabilityclass>:<capabilityname>
39  *
40  * Examples: mod/forum:viewpost
41  *           block/recent_activity:view
42  *           moodle/site:deleteuser
43  *
44  * The variable name for the capability definitions array is $capabilities
45  *
46  * @package    core
47  * @subpackage role
48  * @copyright  2006 onwards Martin Dougiamas  http://dougiamas.com
49  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
50  */
52 defined('MOODLE_INTERNAL') || die();
54 $capabilities = array(
55     'moodle/site:config' => array(
57         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
59         'captype' => 'write',
60         'contextlevel' => CONTEXT_SYSTEM,
61         'archetypes' => array(
62         )
63     ),
65     'moodle/site:readallmessages' => array(
67         'riskbitmask' => RISK_PERSONAL,
69         'captype' => 'read',
70         'contextlevel' => CONTEXT_SYSTEM,
71         'archetypes' => array(
72             'manager' => CAP_ALLOW,
73             'editingteacher' => CAP_ALLOW
74         )
75     ),
77     'moodle/site:sendmessage' => array(
79         'riskbitmask' => RISK_SPAM,
81         'captype' => 'write',
82         'contextlevel' => CONTEXT_SYSTEM,
83         'archetypes' => array(
84             'manager' => CAP_ALLOW,
85             'user' => CAP_ALLOW
86         )
87     ),
89     'moodle/site:approvecourse' => array(
91         'riskbitmask' => RISK_XSS,
93         'captype' => 'write',
94         'contextlevel' => CONTEXT_SYSTEM,
95         'archetypes' => array(
96             'manager' => CAP_ALLOW
97         )
98     ),
100     'moodle/backup:backupcourse' => array(
102         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
104         'captype' => 'write',
105         'contextlevel' => CONTEXT_COURSE,
106         'archetypes' => array(
107             'editingteacher' => CAP_ALLOW,
108             'manager' => CAP_ALLOW
109         ),
111         'clonepermissionsfrom' =>  'moodle/site:backup'
112     ),
114     'moodle/backup:backupsection' => array(
116         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
118         'captype' => 'write',
119         'contextlevel' => CONTEXT_COURSE,
120         'archetypes' => array(
121             'editingteacher' => CAP_ALLOW,
122             'manager' => CAP_ALLOW
123         ),
125         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
126     ),
128     'moodle/backup:backupactivity' => array(
130         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
132         'captype' => 'write',
133         'contextlevel' => CONTEXT_MODULE,
134         'archetypes' => array(
135             'editingteacher' => CAP_ALLOW,
136             'manager' => CAP_ALLOW
137         ),
139         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
140     ),
142     'moodle/backup:backuptargethub' => array(
144         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
146         'captype' => 'write',
147         'contextlevel' => CONTEXT_COURSE,
148         'archetypes' => array(
149             'editingteacher' => CAP_ALLOW,
150             'manager' => CAP_ALLOW
151         ),
153         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
154     ),
156     'moodle/backup:backuptargetimport' => array(
158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
160         'captype' => 'write',
161         'contextlevel' => CONTEXT_COURSE,
162         'archetypes' => array(
163             'editingteacher' => CAP_ALLOW,
164             'manager' => CAP_ALLOW
165         ),
167         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
168     ),
170     'moodle/backup:downloadfile' => array(
172         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
174         'captype' => 'write',
175         'contextlevel' => CONTEXT_COURSE,
176         'archetypes' => array(
177             'editingteacher' => CAP_ALLOW,
178             'manager' => CAP_ALLOW
179         ),
181         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
182     ),
184     'moodle/backup:configure' => array(
186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
188         'captype' => 'write',
189         'contextlevel' => CONTEXT_COURSE,
190         'archetypes' => array(
191             'editingteacher' => CAP_ALLOW,
192             'manager' => CAP_ALLOW
193         )
194     ),
196     'moodle/backup:userinfo' => array(
198         'riskbitmask' => RISK_PERSONAL,
200         'captype' => 'read',
201         'contextlevel' => CONTEXT_COURSE,
202         'archetypes' => array(
203             'manager' => CAP_ALLOW
204         )
205     ),
207     'moodle/backup:anonymise' => array(
209         'riskbitmask' => RISK_PERSONAL,
211         'captype' => 'read',
212         'contextlevel' => CONTEXT_COURSE,
213         'archetypes' => array(
214             'manager' => CAP_ALLOW
215         )
216     ),
218     'moodle/restore:restorecourse' => array(
220         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
222         'captype' => 'write',
223         'contextlevel' => CONTEXT_COURSE,
224         'archetypes' => array(
225             'editingteacher' => CAP_ALLOW,
226             'manager' => CAP_ALLOW
227         ),
229         'clonepermissionsfrom' =>  'moodle/site:restore'
230     ),
232     'moodle/restore:restoresection' => array(
234         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
236         'captype' => 'write',
237         'contextlevel' => CONTEXT_COURSE,
238         'archetypes' => array(
239             'editingteacher' => CAP_ALLOW,
240             'manager' => CAP_ALLOW
241         ),
243         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
244     ),
246     'moodle/restore:restoreactivity' => array(
248         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
250         'captype' => 'write',
251         'contextlevel' => CONTEXT_MODULE,
252         'archetypes' => array(
253             'editingteacher' => CAP_ALLOW,
254             'manager' => CAP_ALLOW
255         ),
257         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
258     ),
260     'moodle/restore:restoretargethub' => array(
262         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
264         'captype' => 'write',
265         'contextlevel' => CONTEXT_COURSE,
266         'archetypes' => array(
267             'editingteacher' => CAP_ALLOW,
268             'manager' => CAP_ALLOW
269         ),
271         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
272     ),
274     'moodle/restore:restoretargetimport' => array(
276         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
278         'captype' => 'write',
279         'contextlevel' => CONTEXT_COURSE,
280         'archetypes' => array(
281             'editingteacher' => CAP_ALLOW,
282             'manager' => CAP_ALLOW
283         ),
285         'clonepermissionsfrom' =>  'moodle/site:import'
286     ),
288     'moodle/restore:uploadfile' => array(
290         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
292         'captype' => 'write',
293         'contextlevel' => CONTEXT_COURSE,
294         'archetypes' => array(
295             'editingteacher' => CAP_ALLOW,
296             'manager' => CAP_ALLOW
297         ),
299         'clonepermissionsfrom' =>  'moodle/site:backupupload'
300     ),
302     'moodle/restore:configure' => array(
304         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
306         'captype' => 'write',
307         'contextlevel' => CONTEXT_COURSE,
308         'archetypes' => array(
309             'editingteacher' => CAP_ALLOW,
310             'manager' => CAP_ALLOW
311         )
312     ),
314     'moodle/restore:rolldates' => array(
316         'captype' => 'write',
317         'contextlevel' => CONTEXT_COURSE,
318         'archetypes' => array(
319             'coursecreator' => CAP_ALLOW,
320             'manager' => CAP_ALLOW
321         )
322     ),
324     'moodle/restore:userinfo' => array(
326         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
328         'captype' => 'write',
329         'contextlevel' => CONTEXT_COURSE,
330         'archetypes' => array(
331             'manager' => CAP_ALLOW
332         )
333     ),
335     'moodle/restore:createuser' => array(
337         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
339         'captype' => 'write',
340         'contextlevel' => CONTEXT_SYSTEM,
341         'archetypes' => array(
342             'manager' => CAP_ALLOW
343         )
344     ),
346     'moodle/site:manageblocks' => array(
348         'riskbitmask' => RISK_SPAM | RISK_XSS,
350         'captype' => 'write',
351         'contextlevel' => CONTEXT_BLOCK,
352         'archetypes' => array(
353             'editingteacher' => CAP_ALLOW,
354             'manager' => CAP_ALLOW
355         )
356     ),
358     'moodle/site:accessallgroups' => array(
360         'captype' => 'read',
361         'contextlevel' => CONTEXT_COURSE,
362         'archetypes' => array(
363             'teacher' => CAP_ALLOW,
364             'editingteacher' => CAP_ALLOW,
365             'manager' => CAP_ALLOW
366         )
367     ),
369     'moodle/site:viewfullnames' => array(
371         'captype' => 'read',
372         'contextlevel' => CONTEXT_COURSE,
373         'archetypes' => array(
374             'teacher' => CAP_ALLOW,
375             'editingteacher' => CAP_ALLOW,
376             'manager' => CAP_ALLOW
377         )
378     ),
380     'moodle/site:viewreports' => array(
382         'riskbitmask' => RISK_PERSONAL,
384         'captype' => 'read',
385         'contextlevel' => CONTEXT_COURSE,
386         'archetypes' => array(
387             'teacher' => CAP_ALLOW,
388             'editingteacher' => CAP_ALLOW,
389             'manager' => CAP_ALLOW
390         )
391     ),
393     'moodle/site:trustcontent' => array(
395         'riskbitmask' => RISK_XSS,
397         'captype' => 'write',
398         'contextlevel' => CONTEXT_COURSE,
399         'archetypes' => array(
400             'editingteacher' => CAP_ALLOW,
401             'manager' => CAP_ALLOW
402         )
403     ),
405     'moodle/site:uploadusers' => array(
407         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
409         'captype' => 'write',
410         'contextlevel' => CONTEXT_SYSTEM,
411         'archetypes' => array(
412             'manager' => CAP_ALLOW
413         )
414     ),
416     'moodle/site:langeditmaster' => array(
418         'riskbitmask' => RISK_CONFIG | RISK_XSS,
420         'captype' => 'write',
421         'contextlevel' => CONTEXT_SYSTEM,
422         'archetypes' => array(
423         )
424     ),
426     'moodle/site:langeditlocal' => array(
428         'riskbitmask' => RISK_CONFIG | RISK_XSS,
430         'captype' => 'write',
431         'contextlevel' => CONTEXT_SYSTEM,
432         'archetypes' => array(
433             'manager' => CAP_ALLOW
434         )
435     ),
437     // Permission to manage filter setting overrides in subcontexts.
438     'moodle/filter:manage' => array(
440         'captype' => 'write',
441         'contextlevel' => CONTEXT_COURSE,
442         'archetypes' => array(
443             'editingteacher' => CAP_ALLOW,
444             'coursecreator' => CAP_ALLOW,
445             'manager' => CAP_ALLOW,
446         )
447     ),
449     'moodle/user:create' => array(
451         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
453         'captype' => 'write',
454         'contextlevel' => CONTEXT_SYSTEM,
455         'archetypes' => array(
456             'manager' => CAP_ALLOW
457         )
458     ),
460     'moodle/user:delete' => array(
462         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
464         'captype' => 'write',
465         'contextlevel' => CONTEXT_SYSTEM,
466         'archetypes' => array(
467             'manager' => CAP_ALLOW
468         )
469     ),
471     'moodle/user:update' => array(
473         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
475         'captype' => 'write',
476         'contextlevel' => CONTEXT_SYSTEM,
477         'archetypes' => array(
478             'manager' => CAP_ALLOW
479         )
480     ),
482     'moodle/user:viewdetails' => array(
484         'captype' => 'read',
485         'contextlevel' => CONTEXT_COURSE,
486         'archetypes' => array(
487             'guest' => CAP_ALLOW,
488             'student' => CAP_ALLOW,
489             'teacher' => CAP_ALLOW,
490             'editingteacher' => CAP_ALLOW,
491             'manager' => CAP_ALLOW
492         )
493     ),
495     'moodle/user:viewhiddendetails' => array(
497         'riskbitmask' => RISK_PERSONAL,
499         'captype' => 'read',
500         'contextlevel' => CONTEXT_COURSE,
501         'archetypes' => array(
502             'teacher' => CAP_ALLOW,
503             'editingteacher' => CAP_ALLOW,
504             'manager' => CAP_ALLOW
505         )
506     ),
508     'moodle/user:loginas' => array(
510         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
512         'captype' => 'write',
513         'contextlevel' => CONTEXT_COURSE,
514         'archetypes' => array(
515             'manager' => CAP_ALLOW
516         )
517     ),
519     // can the user manage the system default profile page?
520     'moodle/user:managesyspages' => array(
522         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
524         'captype' => 'write',
525         'contextlevel' => CONTEXT_SYSTEM,
526         'archetypes' => array(
527             'manager' => CAP_ALLOW
528         )
529     ),
531     // can the user manage another user's profile page?
532     'moodle/user:manageblocks' => array(
534         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
536         'captype' => 'write',
537         'contextlevel' => CONTEXT_USER
538     ),
540     // can the user manage their own profile page?
541     'moodle/user:manageownblocks' => array(
543         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
545         'captype' => 'write',
546         'contextlevel' => CONTEXT_SYSTEM,
547         'archetypes' => array(
548             'user' => CAP_ALLOW
549         )
550     ),
552     // can the user manage their own files?
553     'moodle/user:manageownfiles' => array(
555         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
557         'captype' => 'write',
558         'contextlevel' => CONTEXT_SYSTEM,
559         'archetypes' => array(
560             'user' => CAP_ALLOW
561         )
562     ),
564     // can the user manage the system default dashboard page?
565     'moodle/my:configsyspages' => array(
567         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
569         'captype' => 'write',
570         'contextlevel' => CONTEXT_SYSTEM,
571         'archetypes' => array(
572             'manager' => CAP_ALLOW
573         )
574     ),
576     'moodle/role:assign' => array(
578         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
580         'captype' => 'write',
581         'contextlevel' => CONTEXT_COURSE,
582         'archetypes' => array(
583             'editingteacher' => CAP_ALLOW,
584             'manager' => CAP_ALLOW
585         )
586     ),
588     'moodle/role:review' => array(
590         'riskbitmask' => RISK_PERSONAL,
592         'captype' => 'read',
593         'contextlevel' => CONTEXT_COURSE,
594         'archetypes' => array(
595             'teacher' => CAP_ALLOW,
596             'editingteacher' => CAP_ALLOW,
597             'manager' => CAP_ALLOW
598         )
599     ),
601     'moodle/role:override' => array(
603         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
605         'captype' => 'write',
606         'contextlevel' => CONTEXT_COURSE,
607         'archetypes' => array(
608             'manager' => CAP_ALLOW
609         )
610     ),
612     'moodle/role:safeoverride' => array(
614         'riskbitmask' => RISK_SPAM,
616         'captype' => 'write',
617         'contextlevel' => CONTEXT_COURSE,
618         'archetypes' => array(
619             'editingteacher' => CAP_ALLOW
620         )
621     ),
623     'moodle/role:manage' => array(
625         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
627         'captype' => 'write',
628         'contextlevel' => CONTEXT_SYSTEM,
629         'archetypes' => array(
630             'manager' => CAP_ALLOW
631         )
632     ),
634     'moodle/role:switchroles' => array(
636         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
638         'captype' => 'read',
639         'contextlevel' => CONTEXT_COURSE,
640         'archetypes' => array(
641             'editingteacher' => CAP_ALLOW,
642             'manager' => CAP_ALLOW
643         )
644     ),
646     // Create, update and delete course categories. (Deleting a course category
647     // does not let you delete the courses it contains, unless you also have
648     // moodle/course: delete.) Creating and deleting requires this permission in
649     // the parent category.
650     'moodle/category:manage' => array(
652         'riskbitmask' => RISK_XSS,
654         'captype' => 'write',
655         'contextlevel' => CONTEXT_COURSECAT,
656         'archetypes' => array(
657             'manager' => CAP_ALLOW
658         ),
659         'clonepermissionsfrom' => 'moodle/category:update'
660     ),
662     'moodle/category:viewhiddencategories' => array(
664         'captype' => 'read',
665         'contextlevel' => CONTEXT_COURSECAT,
666         'archetypes' => array(
667             'coursecreator' => CAP_ALLOW,
668             'manager' => CAP_ALLOW
669         ),
670         'clonepermissionsfrom' => 'moodle/category:visibility'
671     ),
673     // create, delete, move cohorts in system and course categories,
674     // (cohorts with component !== null can be only moved)
675     'moodle/cohort:manage' => array(
677         'captype' => 'write',
678         'contextlevel' => CONTEXT_COURSECAT,
679         'archetypes' => array(
680             'manager' => CAP_ALLOW
681         )
682     ),
684     // add and remove cohort members (only for cohorts where component !== null)
685     'moodle/cohort:assign' => array(
687         'captype' => 'write',
688         'contextlevel' => CONTEXT_COURSECAT,
689         'archetypes' => array(
690             'manager' => CAP_ALLOW
691         )
692     ),
694     // view members of a cohort, this can be used in course context too,
695     // this also controls the ability to actually use cohort
696     'moodle/cohort:view' => array(
698         'captype' => 'read',
699         'contextlevel' => CONTEXT_COURSE,
700         'archetypes' => array(
701             'editingteacher' => CAP_ALLOW,
702             'manager' => CAP_ALLOW
703         )
704     ),
706     'moodle/course:create' => array(
708         'riskbitmask' => RISK_XSS,
710         'captype' => 'write',
711         'contextlevel' => CONTEXT_COURSECAT,
712         'archetypes' => array(
713             'coursecreator' => CAP_ALLOW,
714             'manager' => CAP_ALLOW
715         )
716     ),
718     'moodle/course:request' => array(
719         'captype' => 'write',
720         'contextlevel' => CONTEXT_SYSTEM,
721         'archetypes' => array(
722             'user' => CAP_ALLOW,
723         )
724     ),
726     'moodle/course:delete' => array(
728         'riskbitmask' => RISK_DATALOSS,
730         'captype' => 'write',
731         'contextlevel' => CONTEXT_COURSE,
732         'archetypes' => array(
733             'editingteacher' => CAP_ALLOW,
734             'manager' => CAP_ALLOW
735         )
736     ),
738     'moodle/course:update' => array(
740         'riskbitmask' => RISK_XSS,
742         'captype' => 'write',
743         'contextlevel' => CONTEXT_COURSE,
744         'archetypes' => array(
745             'editingteacher' => CAP_ALLOW,
746             'manager' => CAP_ALLOW
747         )
748     ),
750     'moodle/course:view' => array(
752         'captype' => 'read',
753         'contextlevel' => CONTEXT_COURSE,
754         'archetypes' => array(
755             'manager' => CAP_ALLOW,
756         )
757     ),
759     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
760     'moodle/course:enrolreview' => array(
762         'riskbitmask' => RISK_PERSONAL,
764         'captype' => 'read',
765         'contextlevel' => CONTEXT_COURSE,
766         'archetypes' => array(
767             'editingteacher' => CAP_ALLOW,
768             'manager' => CAP_ALLOW,
769         )
770     ),
772     /* add, remove, hide enrol instances in courses */
773     'moodle/course:enrolconfig' => array(
775         'riskbitmask' => RISK_PERSONAL,
777         'captype' => 'write',
778         'contextlevel' => CONTEXT_COURSE,
779         'archetypes' => array(
780             'editingteacher' => CAP_ALLOW,
781             'manager' => CAP_ALLOW,
782         )
783     ),
785     'moodle/course:bulkmessaging' => array(
787         'riskbitmask' => RISK_SPAM,
789         'captype' => 'write',
790         'contextlevel' => CONTEXT_COURSE,
791         'archetypes' => array(
792             'teacher' => CAP_ALLOW,
793             'editingteacher' => CAP_ALLOW,
794             'manager' => CAP_ALLOW
795         )
796     ),
798     'moodle/course:viewhiddenuserfields' => array(
800         'riskbitmask' => RISK_PERSONAL,
802         'captype' => 'read',
803         'contextlevel' => CONTEXT_COURSE,
804         'archetypes' => array(
805             'teacher' => CAP_ALLOW,
806             'editingteacher' => CAP_ALLOW,
807             'manager' => CAP_ALLOW
808         )
809     ),
811     'moodle/course:viewhiddencourses' => array(
813         'captype' => 'read',
814         'contextlevel' => CONTEXT_COURSE,
815         'archetypes' => array(
816             'coursecreator' => CAP_ALLOW,
817             'teacher' => CAP_ALLOW,
818             'editingteacher' => CAP_ALLOW,
819             'manager' => CAP_ALLOW
820         )
821     ),
823     'moodle/course:visibility' => array(
825         'captype' => 'write',
826         'contextlevel' => CONTEXT_COURSE,
827         'archetypes' => array(
828             'editingteacher' => CAP_ALLOW,
829             'manager' => CAP_ALLOW
830         )
831     ),
833     'moodle/course:managefiles' => array(
835         'riskbitmask' => RISK_XSS,
837         'captype' => 'write',
838         'contextlevel' => CONTEXT_COURSE,
839         'archetypes' => array(
840             'editingteacher' => CAP_ALLOW,
841             'manager' => CAP_ALLOW
842         )
843     ),
845     'moodle/course:manageactivities' => array(
847         'riskbitmask' => RISK_XSS,
849         'captype' => 'write',
850         'contextlevel' => CONTEXT_COURSE,
851         'archetypes' => array(
852             'editingteacher' => CAP_ALLOW,
853             'manager' => CAP_ALLOW
854         )
855     ),
857     'moodle/course:activityvisibility' => array(
859         'captype' => 'write',
860         'contextlevel' => CONTEXT_COURSE,
861         'archetypes' => array(
862             'editingteacher' => CAP_ALLOW,
863             'manager' => CAP_ALLOW
864         )
865     ),
867     'moodle/course:viewhiddenactivities' => array(
869         'captype' => 'write',
870         'contextlevel' => CONTEXT_COURSE,
871         'archetypes' => array(
872             'teacher' => CAP_ALLOW,
873             'editingteacher' => CAP_ALLOW,
874             'manager' => CAP_ALLOW
875         )
876     ),
878     'moodle/course:viewparticipants' => array(
880         'captype' => 'read',
881         'contextlevel' => CONTEXT_COURSE,
882         'archetypes' => array(
883             'student' => CAP_ALLOW,
884             'teacher' => CAP_ALLOW,
885             'editingteacher' => CAP_ALLOW,
886             'manager' => CAP_ALLOW
887         )
888     ),
890     'moodle/course:changefullname' => array(
892         'riskbitmask' => RISK_XSS,
894         'captype' => 'write',
895         'contextlevel' => CONTEXT_COURSE,
896         'archetypes' => array(
897             'editingteacher' => CAP_ALLOW,
898             'manager' => CAP_ALLOW
899         ),
900         'clonepermissionsfrom' => 'moodle/course:update'
901     ),
903     'moodle/course:changeshortname' => array(
905         'riskbitmask' => RISK_XSS,
907         'captype' => 'write',
908         'contextlevel' => CONTEXT_COURSE,
909         'archetypes' => array(
910             'editingteacher' => CAP_ALLOW,
911             'manager' => CAP_ALLOW
912         ),
913         'clonepermissionsfrom' => 'moodle/course:update'
914     ),
916     'moodle/course:changeidnumber' => array(
918         'riskbitmask' => RISK_XSS,
920         'captype' => 'write',
921         'contextlevel' => CONTEXT_COURSE,
922         'archetypes' => array(
923             'editingteacher' => CAP_ALLOW,
924             'manager' => CAP_ALLOW
925         ),
926         'clonepermissionsfrom' => 'moodle/course:update'
927     ),
928     'moodle/course:changecategory' => array(
929         'riskbitmask' => RISK_XSS,
931         'captype' => 'write',
932         'contextlevel' => CONTEXT_COURSE,
933         'archetypes' => array(
934             'editingteacher' => CAP_ALLOW,
935             'manager' => CAP_ALLOW
936         ),
937         'clonepermissionsfrom' => 'moodle/course:update'
938     ),
940     'moodle/course:changesummary' => array(
941         'riskbitmask' => RISK_XSS,
943         'captype' => 'write',
944         'contextlevel' => CONTEXT_COURSE,
945         'archetypes' => array(
946             'editingteacher' => CAP_ALLOW,
947             'manager' => CAP_ALLOW
948         ),
949         'clonepermissionsfrom' => 'moodle/course:update'
950     ),
953     'moodle/site:viewparticipants' => array(
955         'captype' => 'read',
956         'contextlevel' => CONTEXT_SYSTEM,
957         'archetypes' => array(
958             'manager' => CAP_ALLOW
959         )
960     ),
962     'moodle/course:viewscales' => array(
964         'captype' => 'read',
965         'contextlevel' => CONTEXT_COURSE,
966         'archetypes' => array(
967             'student' => CAP_ALLOW,
968             'teacher' => CAP_ALLOW,
969             'editingteacher' => CAP_ALLOW,
970             'manager' => CAP_ALLOW
971         )
972     ),
974     'moodle/course:managescales' => array(
976         'captype' => 'write',
977         'contextlevel' => CONTEXT_COURSE,
978         'archetypes' => array(
979             'editingteacher' => CAP_ALLOW,
980             'manager' => CAP_ALLOW
981         )
982     ),
984     'moodle/course:managegroups' => array(
986         'captype' => 'write',
987         'contextlevel' => CONTEXT_COURSE,
988         'archetypes' => array(
989             'editingteacher' => CAP_ALLOW,
990             'manager' => CAP_ALLOW
991         )
992     ),
994     'moodle/course:reset' => array(
996         'riskbitmask' => RISK_DATALOSS,
998         'captype' => 'write',
999         'contextlevel' => CONTEXT_COURSE,
1000         'archetypes' => array(
1001             'editingteacher' => CAP_ALLOW,
1002             'manager' => CAP_ALLOW
1003         )
1004     ),
1006     'moodle/blog:view' => array(
1008         'captype' => 'read',
1009         'contextlevel' => CONTEXT_SYSTEM,
1010         'archetypes' => array(
1011             'guest' => CAP_ALLOW,
1012             'user' => CAP_ALLOW,
1013             'student' => CAP_ALLOW,
1014             'teacher' => CAP_ALLOW,
1015             'editingteacher' => CAP_ALLOW,
1016             'manager' => CAP_ALLOW
1017         )
1018     ),
1020     'moodle/blog:search' => array(
1021         'captype' => 'read',
1022         'contextlevel' => CONTEXT_SYSTEM,
1023         'archetypes' => array(
1024             'guest' => CAP_ALLOW,
1025             'user' => CAP_ALLOW,
1026             'student' => CAP_ALLOW,
1027             'teacher' => CAP_ALLOW,
1028             'editingteacher' => CAP_ALLOW,
1029             'manager' => CAP_ALLOW
1030         )
1031     ),
1033     'moodle/blog:viewdrafts' => array(
1035         'riskbitmask' => RISK_PERSONAL,
1036         'captype' => 'read',
1037         'contextlevel' => CONTEXT_SYSTEM,
1038         'archetypes' => array(
1039             'manager' => CAP_ALLOW
1040         )
1041     ),
1043     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1045         'riskbitmask' => RISK_SPAM,
1047         'captype' => 'write',
1048         'contextlevel' => CONTEXT_SYSTEM,
1049         'archetypes' => array(
1050             'user' => CAP_ALLOW,
1051             'manager' => CAP_ALLOW
1052         )
1053     ),
1055     'moodle/blog:manageentries' => array(
1057         'riskbitmask' => RISK_SPAM,
1059         'captype' => 'write',
1060         'contextlevel' => CONTEXT_SYSTEM,
1061         'archetypes' => array(
1062             'teacher' => CAP_ALLOW,
1063             'editingteacher' => CAP_ALLOW,
1064             'manager' => CAP_ALLOW
1065         )
1066     ),
1068     'moodle/blog:manageexternal' => array(
1070         'riskbitmask' => RISK_SPAM,
1072         'captype' => 'write',
1073         'contextlevel' => CONTEXT_USER,
1074         'archetypes' => array(
1075             'student' => CAP_ALLOW,
1076             'user' => CAP_ALLOW,
1077             'teacher' => CAP_ALLOW,
1078             'editingteacher' => CAP_ALLOW,
1079             'manager' => CAP_ALLOW
1080         )
1081     ),
1083     'moodle/blog:associatecourse' => array(
1085         'captype' => 'write',
1086         'contextlevel' => CONTEXT_COURSE,
1087         'archetypes' => array(
1088             'student' => CAP_ALLOW,
1089             'user' => CAP_ALLOW,
1090             'teacher' => CAP_ALLOW,
1091             'editingteacher' => CAP_ALLOW,
1092             'manager' => CAP_ALLOW
1093         )
1094     ),
1096     'moodle/blog:associatemodule' => array(
1098         'captype' => 'write',
1099         'contextlevel' => CONTEXT_MODULE,
1100         'archetypes' => array(
1101             'student' => CAP_ALLOW,
1102             'user' => CAP_ALLOW,
1103             'teacher' => CAP_ALLOW,
1104             'editingteacher' => CAP_ALLOW,
1105             'manager' => CAP_ALLOW
1106         )
1107     ),
1109     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1111         'riskbitmask' => RISK_SPAM,
1113         'captype' => 'write',
1114         'contextlevel' => CONTEXT_COURSE,
1115         'archetypes' => array(
1116             'user' => CAP_ALLOW,
1117             'manager' => CAP_ALLOW
1118         )
1119     ),
1121     'moodle/calendar:managegroupentries' => array(
1123         'riskbitmask' => RISK_SPAM,
1125         'captype' => 'write',
1126         'contextlevel' => CONTEXT_COURSE,
1127         'archetypes' => array(
1128             'teacher' => CAP_ALLOW,
1129             'editingteacher' => CAP_ALLOW,
1130             'manager' => CAP_ALLOW
1131         )
1132     ),
1134     'moodle/calendar:manageentries' => array(
1136         'riskbitmask' => RISK_SPAM,
1138         'captype' => 'write',
1139         'contextlevel' => CONTEXT_COURSE,
1140         'archetypes' => array(
1141             'teacher' => CAP_ALLOW,
1142             'editingteacher' => CAP_ALLOW,
1143             'manager' => CAP_ALLOW
1144         )
1145     ),
1147     'moodle/user:editprofile' => array(
1149         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1151         'captype' => 'write',
1152         'contextlevel' => CONTEXT_USER,
1153         'archetypes' => array(
1154             'manager' => CAP_ALLOW
1155         )
1156     ),
1158     'moodle/user:editownprofile' => array(
1160         'riskbitmask' => RISK_SPAM,
1162         'captype' => 'write',
1163         'contextlevel' => CONTEXT_SYSTEM,
1164         'archetypes' => array(
1165             'guest' => CAP_PROHIBIT,
1166             'user' => CAP_ALLOW,
1167             'manager' => CAP_ALLOW
1168         )
1169     ),
1171     'moodle/user:changeownpassword' => array(
1173         'captype' => 'write',
1174         'contextlevel' => CONTEXT_SYSTEM,
1175         'archetypes' => array(
1176             'guest' => CAP_PROHIBIT,
1177             'user' => CAP_ALLOW,
1178             'manager' => CAP_ALLOW
1179         )
1180     ),
1182     // The next 3 might make no sense for some roles, e.g teacher, etc.
1183     // since the next level up is site. These are more for the parent role
1184     'moodle/user:readuserposts' => array(
1186         'captype' => 'read',
1187         'contextlevel' => CONTEXT_USER,
1188         'archetypes' => array(
1189             'student' => CAP_ALLOW,
1190             'teacher' => CAP_ALLOW,
1191             'editingteacher' => CAP_ALLOW,
1192             'manager' => CAP_ALLOW
1193         )
1194     ),
1196     'moodle/user:readuserblogs' => array(
1198         'captype' => 'read',
1199         'contextlevel' => CONTEXT_USER,
1200         'archetypes' => array(
1201             'student' => CAP_ALLOW,
1202             'teacher' => CAP_ALLOW,
1203             'editingteacher' => CAP_ALLOW,
1204             'manager' => CAP_ALLOW
1205         )
1206     ),
1208     // designed for parent role - not used in legacy roles
1209     'moodle/user:viewuseractivitiesreport' => array(
1210         'riskbitmask' => RISK_PERSONAL,
1212         'captype' => 'read',
1213         'contextlevel' => CONTEXT_USER,
1214         'archetypes' => array(
1215         )
1216     ),
1218     //capabilities designed for the new message system configuration
1219     'moodle/user:editmessageprofile' => array(
1221          'riskbitmask' => RISK_SPAM,
1223          'captype' => 'write',
1224          'contextlevel' => CONTEXT_USER,
1225          'archetypes' => array(
1226              'manager' => CAP_ALLOW
1227          )
1228      ),
1230      'moodle/user:editownmessageprofile' => array(
1232          'captype' => 'write',
1233          'contextlevel' => CONTEXT_SYSTEM,
1234          'archetypes' => array(
1235              'guest' => CAP_PROHIBIT,
1236              'user' => CAP_ALLOW,
1237              'manager' => CAP_ALLOW
1238          )
1239      ),
1241     'moodle/question:managecategory' => array(
1242         'riskbitmask' => RISK_SPAM | RISK_XSS,
1243         'captype' => 'write',
1244         'contextlevel' => CONTEXT_COURSE,
1245         'archetypes' => array(
1246             'editingteacher' => CAP_ALLOW,
1247             'manager' => CAP_ALLOW
1248         )
1249     ),
1251     //new in moodle 1.9
1252     'moodle/question:add' => array(
1253         'riskbitmask' => RISK_SPAM | RISK_XSS,
1254         'captype' => 'write',
1255         'contextlevel' => CONTEXT_COURSE,
1256         'archetypes' => array(
1257             'editingteacher' => CAP_ALLOW,
1258             'manager' => CAP_ALLOW
1259         ),
1260         'clonepermissionsfrom' =>  'moodle/question:manage'
1261     ),
1262     'moodle/question:editmine' => array(
1263         'riskbitmask' => RISK_SPAM | RISK_XSS,
1264         'captype' => 'write',
1265         'contextlevel' => CONTEXT_COURSE,
1266         'archetypes' => array(
1267             'editingteacher' => CAP_ALLOW,
1268             'manager' => CAP_ALLOW
1269         ),
1270         'clonepermissionsfrom' =>  'moodle/question:manage'
1271     ),
1272     'moodle/question:editall' => array(
1273         'riskbitmask' => RISK_SPAM | RISK_XSS,
1274         'captype' => 'write',
1275         'contextlevel' => CONTEXT_COURSE,
1276         'archetypes' => array(
1277             'editingteacher' => CAP_ALLOW,
1278             'manager' => CAP_ALLOW
1279         ),
1280         'clonepermissionsfrom' =>  'moodle/question:manage'
1281     ),
1282     'moodle/question:viewmine' => array(
1283         'captype' => 'read',
1284         'contextlevel' => CONTEXT_COURSE,
1285         'archetypes' => array(
1286             'editingteacher' => CAP_ALLOW,
1287             'manager' => CAP_ALLOW
1288         ),
1289         'clonepermissionsfrom' =>  'moodle/question:manage'
1290     ),
1291     'moodle/question:viewall' => array(
1292         'captype' => 'read',
1293         'contextlevel' => CONTEXT_COURSE,
1294         'archetypes' => array(
1295             'editingteacher' => CAP_ALLOW,
1296             'manager' => CAP_ALLOW
1297         ),
1298         'clonepermissionsfrom' =>  'moodle/question:manage'
1299     ),
1300     'moodle/question:usemine' => array(
1301         'captype' => 'read',
1302         'contextlevel' => CONTEXT_COURSE,
1303         'archetypes' => array(
1304             'editingteacher' => CAP_ALLOW,
1305             'manager' => CAP_ALLOW
1306         ),
1307         'clonepermissionsfrom' =>  'moodle/question:manage'
1308     ),
1309     'moodle/question:useall' => array(
1310         'captype' => 'read',
1311         'contextlevel' => CONTEXT_COURSE,
1312         'archetypes' => array(
1313             'editingteacher' => CAP_ALLOW,
1314             'manager' => CAP_ALLOW
1315         ),
1316         'clonepermissionsfrom' =>  'moodle/question:manage'
1317     ),
1318     'moodle/question:movemine' => array(
1319         'captype' => 'write',
1320         'contextlevel' => CONTEXT_COURSE,
1321         'archetypes' => array(
1322             'editingteacher' => CAP_ALLOW,
1323             'manager' => CAP_ALLOW
1324         ),
1325         'clonepermissionsfrom' =>  'moodle/question:manage'
1326     ),
1327     'moodle/question:moveall' => array(
1328         'captype' => 'write',
1329         'contextlevel' => CONTEXT_COURSE,
1330         'archetypes' => array(
1331             'editingteacher' => CAP_ALLOW,
1332             'manager' => CAP_ALLOW
1333         ),
1334         'clonepermissionsfrom' =>  'moodle/question:manage'
1335     ),
1336     //END new in moodle 1.9
1338     // Configure the installed question types.
1339     'moodle/question:config' => array(
1340         'riskbitmask' => RISK_CONFIG,
1341         'captype' => 'write',
1342         'contextlevel' => CONTEXT_SYSTEM,
1343         'archetypes' => array(
1344             'manager' => CAP_ALLOW
1345         )
1346     ),
1348     // While attempting questions, the ability to flag particular questions for later reference.
1349     'moodle/question:flag' => array(
1350         'captype' => 'write',
1351         'contextlevel' => CONTEXT_COURSE,
1352         'archetypes' => array(
1353             'student' => CAP_ALLOW,
1354             'teacher' => CAP_ALLOW,
1355             'editingteacher' => CAP_ALLOW,
1356             'coursecreator' => CAP_ALLOW,
1357             'manager' => CAP_ALLOW
1358         )
1359     ),
1361     'moodle/site:doclinks' => array(
1362         'captype' => 'read',
1363         'contextlevel' => CONTEXT_SYSTEM,
1364         'archetypes' => array(
1365             'teacher' => CAP_ALLOW,
1366             'editingteacher' => CAP_ALLOW,
1367             'manager' => CAP_ALLOW
1368         )
1369     ),
1371     'moodle/course:sectionvisibility' => array(
1373         'captype' => 'write',
1374         'contextlevel' => CONTEXT_COURSE,
1375         'archetypes' => array(
1376             'editingteacher' => CAP_ALLOW,
1377             'manager' => CAP_ALLOW
1378         )
1379     ),
1381     'moodle/course:useremail' => array(
1383         'captype' => 'write',
1384         'contextlevel' => CONTEXT_COURSE,
1385         'archetypes' => array(
1386             'editingteacher' => CAP_ALLOW,
1387             'manager' => CAP_ALLOW
1388         )
1389     ),
1391     'moodle/course:viewhiddensections' => array(
1393         'captype' => 'write',
1394         'contextlevel' => CONTEXT_COURSE,
1395         'archetypes' => array(
1396             'editingteacher' => CAP_ALLOW,
1397             'manager' => CAP_ALLOW
1398         )
1399     ),
1401     'moodle/course:setcurrentsection' => array(
1403         'captype' => 'write',
1404         'contextlevel' => CONTEXT_COURSE,
1405         'archetypes' => array(
1406             'editingteacher' => CAP_ALLOW,
1407             'manager' => CAP_ALLOW
1408         )
1409     ),
1411     'moodle/site:mnetlogintoremote' => array(
1413         'captype' => 'read',
1414         'contextlevel' => CONTEXT_SYSTEM,
1415         'archetypes' => array(
1416         )
1417     ),
1419     'moodle/grade:viewall' => array(
1420         'riskbitmask' => RISK_PERSONAL,
1421         'captype' => 'read',
1422         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1423         'archetypes' => array(
1424             'teacher' => CAP_ALLOW,
1425             'editingteacher' => CAP_ALLOW,
1426             'manager' => CAP_ALLOW
1427         ),
1428         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1429     ),
1431     'moodle/grade:view' => array(
1432         'captype' => 'read',
1433         'contextlevel' => CONTEXT_COURSE,
1434         'archetypes' => array(
1435             'student' => CAP_ALLOW
1436         )
1437     ),
1439     'moodle/grade:viewhidden' => array(
1440         'riskbitmask' => RISK_PERSONAL,
1441         'captype' => 'read',
1442         'contextlevel' => CONTEXT_COURSE,
1443         'archetypes' => array(
1444             'teacher' => CAP_ALLOW,
1445             'editingteacher' => CAP_ALLOW,
1446             'manager' => CAP_ALLOW
1447         ),
1448         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1449     ),
1451     'moodle/grade:import' => array(
1452         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1453         'captype' => 'write',
1454         'contextlevel' => CONTEXT_COURSE,
1455         'archetypes' => array(
1456             'editingteacher' => CAP_ALLOW,
1457             'manager' => CAP_ALLOW
1458         ),
1459         'clonepermissionsfrom' => 'moodle/course:managegrades'
1460     ),
1462     'moodle/grade:export' => array(
1463         'riskbitmask' => RISK_PERSONAL,
1464         'captype' => 'read',
1465         'contextlevel' => CONTEXT_COURSE,
1466         'archetypes' => array(
1467             'teacher' => CAP_ALLOW,
1468             'editingteacher' => CAP_ALLOW,
1469             'manager' => CAP_ALLOW
1470         ),
1471         'clonepermissionsfrom' => 'moodle/course:managegrades'
1472     ),
1474     'moodle/grade:manage' => array(
1475         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1476         'captype' => 'write',
1477         'contextlevel' => CONTEXT_COURSE,
1478         'archetypes' => array(
1479             'editingteacher' => CAP_ALLOW,
1480             'manager' => CAP_ALLOW
1481         ),
1482         'clonepermissionsfrom' => 'moodle/course:managegrades'
1483     ),
1485     'moodle/grade:edit' => array(
1486         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1487         'captype' => 'write',
1488         'contextlevel' => CONTEXT_COURSE,
1489         'archetypes' => array(
1490             'editingteacher' => CAP_ALLOW,
1491             'manager' => CAP_ALLOW
1492         ),
1493         'clonepermissionsfrom' => 'moodle/course:managegrades'
1494     ),
1496     'moodle/grade:manageoutcomes' => array(
1497         'captype' => 'write',
1498         'contextlevel' => CONTEXT_COURSE,
1499         'archetypes' => array(
1500             'editingteacher' => CAP_ALLOW,
1501             'manager' => CAP_ALLOW
1502         ),
1503         'clonepermissionsfrom' => 'moodle/course:managegrades'
1504     ),
1506     'moodle/grade:manageletters' => array(
1507         'captype' => 'write',
1508         'contextlevel' => CONTEXT_COURSE,
1509         'archetypes' => array(
1510             'editingteacher' => CAP_ALLOW,
1511             'manager' => CAP_ALLOW
1512         ),
1513         'clonepermissionsfrom' => 'moodle/course:managegrades'
1514     ),
1516     'moodle/grade:hide' => array(
1517         'captype' => 'write',
1518         'contextlevel' => CONTEXT_COURSE,
1519         'archetypes' => array(
1520             'editingteacher' => CAP_ALLOW,
1521             'manager' => CAP_ALLOW
1522         )
1523     ),
1525     'moodle/grade:lock' => array(
1526         'captype' => 'write',
1527         'contextlevel' => CONTEXT_COURSE,
1528         'archetypes' => array(
1529             'editingteacher' => CAP_ALLOW,
1530             'manager' => CAP_ALLOW
1531         )
1532     ),
1534     'moodle/grade:unlock' => array(
1535         'captype' => 'write',
1536         'contextlevel' => CONTEXT_COURSE,
1537         'archetypes' => array(
1538             'editingteacher' => CAP_ALLOW,
1539             'manager' => CAP_ALLOW
1540         )
1541     ),
1543     'moodle/my:manageblocks' => array(
1544         'captype' => 'write',
1545         'contextlevel' => CONTEXT_SYSTEM,
1546         'archetypes' => array(
1547             'user' => CAP_ALLOW
1548         )
1549     ),
1551     'moodle/notes:view' => array(
1552         'captype' => 'read',
1553         'contextlevel' => CONTEXT_COURSE,
1554         'archetypes' => array(
1555             'teacher' => CAP_ALLOW,
1556             'editingteacher' => CAP_ALLOW,
1557             'manager' => CAP_ALLOW
1558         )
1559     ),
1561     'moodle/notes:manage' => array(
1562         'riskbitmask' => RISK_SPAM,
1564         'captype' => 'write',
1565         'contextlevel' => CONTEXT_COURSE,
1566         'archetypes' => array(
1567             'teacher' => CAP_ALLOW,
1568             'editingteacher' => CAP_ALLOW,
1569             'manager' => CAP_ALLOW
1570         )
1571     ),
1573     'moodle/tag:manage' => array(
1574         'riskbitmask' => RISK_SPAM,
1576         'captype' => 'write',
1577         'contextlevel' => CONTEXT_SYSTEM,
1578         'archetypes' => array(
1579             'teacher' => CAP_ALLOW,
1580             'editingteacher' => CAP_ALLOW,
1581             'manager' => CAP_ALLOW
1582         )
1583     ),
1585     'moodle/tag:create' => array(
1586         'riskbitmask' => RISK_SPAM,
1588         'captype' => 'write',
1589         'contextlevel' => CONTEXT_SYSTEM,
1590         'archetypes' => array(
1591             'manager' => CAP_ALLOW,
1592             'user' => CAP_ALLOW
1593         )
1594     ),
1596     'moodle/tag:edit' => array(
1597         'riskbitmask' => RISK_SPAM,
1599         'captype' => 'write',
1600         'contextlevel' => CONTEXT_SYSTEM,
1601         'archetypes' => array(
1602             'manager' => CAP_ALLOW,
1603             'user' => CAP_ALLOW
1604         )
1605     ),
1607     'moodle/tag:editblocks' => array(
1608         'captype' => 'write',
1609         'contextlevel' => CONTEXT_SYSTEM,
1610         'archetypes' => array(
1611             'teacher' => CAP_ALLOW,
1612             'editingteacher' => CAP_ALLOW,
1613             'manager' => CAP_ALLOW
1614         )
1615     ),
1617     'moodle/block:view' => array(
1618         'captype' => 'read',
1619         'contextlevel' => CONTEXT_BLOCK,
1620         'archetypes' => array(
1621             'guest' => CAP_ALLOW,
1622             'user' => CAP_ALLOW,
1623             'student' => CAP_ALLOW,
1624             'teacher' => CAP_ALLOW,
1625             'editingteacher' => CAP_ALLOW,
1626             'coursecreator' => CAP_ALLOW
1627         )
1628     ),
1630     'moodle/block:edit' => array(
1631         'riskbitmask' => RISK_SPAM | RISK_XSS,
1633         'captype' => 'write',
1634         'contextlevel' => CONTEXT_BLOCK,
1635         'archetypes' => array(
1636             'editingteacher' => CAP_ALLOW,
1637             'coursecreator' => CAP_ALLOW
1638         )
1639     ),
1641     'moodle/portfolio:export' => array(
1642         'captype' => 'read',
1643         'contextlevel' => CONTEXT_SYSTEM,
1644         'archetypes' => array(
1645             'user' => CAP_ALLOW,
1646             'student' => CAP_ALLOW,
1647             'teacher' => CAP_ALLOW,
1648             'editingteacher' => CAP_ALLOW,
1649             'coursecreator' => CAP_ALLOW
1650         )
1651     ),
1652     'moodle/comment:view' => array(
1654         'captype' => 'read',
1655         'contextlevel' => CONTEXT_COURSE,
1656         'archetypes' => array(
1657             'user' => CAP_ALLOW,
1658             'student' => CAP_ALLOW,
1659             'teacher' => CAP_ALLOW,
1660             'editingteacher' => CAP_ALLOW,
1661             'coursecreator' => CAP_ALLOW,
1662             'manager' => CAP_ALLOW
1663         )
1664     ),
1665     'moodle/comment:post' => array(
1667         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1668         'captype' => 'write',
1669         'contextlevel' => CONTEXT_COURSE,
1670         'archetypes' => array(
1671             'user' => CAP_ALLOW,
1672             'student' => CAP_ALLOW,
1673             'teacher' => CAP_ALLOW,
1674             'editingteacher' => CAP_ALLOW,
1675             'coursecreator' => CAP_ALLOW,
1676             'manager' => CAP_ALLOW
1677         )
1678     ),
1679     'moodle/comment:delete' => array(
1681         'riskbitmask' => RISK_DATALOSS,
1682         'captype' => 'write',
1683         'contextlevel' => CONTEXT_COURSE,
1684         'archetypes' => array(
1685             'editingteacher' => CAP_ALLOW,
1686             'coursecreator' => CAP_ALLOW,
1687             'manager' => CAP_ALLOW
1688         )
1689     ),
1690     'moodle/webservice:createtoken' => array(
1692         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1693         'captype' => 'write',
1694         'contextlevel' => CONTEXT_SYSTEM,
1695         'archetypes' => array(
1696             'manager' => CAP_ALLOW
1697         )
1698     ),
1699     'moodle/rating:view' => array(
1701         'captype' => 'read',
1702         'contextlevel' => CONTEXT_COURSE,
1703         'archetypes' => array(
1704             'user' => CAP_ALLOW,
1705             'student' => CAP_ALLOW,
1706             'teacher' => CAP_ALLOW,
1707             'editingteacher' => CAP_ALLOW,
1708             'manager' => CAP_ALLOW
1709         )
1710     ),
1711     'moodle/rating:viewany' => array(
1713         'riskbitmask' => RISK_PERSONAL,
1714         'captype' => 'read',
1715         'contextlevel' => CONTEXT_COURSE,
1716         'archetypes' => array(
1717             'user' => CAP_ALLOW,
1718             'student' => CAP_ALLOW,
1719             'teacher' => CAP_ALLOW,
1720             'editingteacher' => CAP_ALLOW,
1721             'manager' => CAP_ALLOW
1722         )
1723     ),
1724     'moodle/rating:viewall' => array(
1726         'riskbitmask' => RISK_PERSONAL,
1727         'captype' => 'read',
1728         'contextlevel' => CONTEXT_COURSE,
1729         'archetypes' => array(
1730             'user' => CAP_ALLOW,
1731             'student' => CAP_ALLOW,
1732             'teacher' => CAP_ALLOW,
1733             'editingteacher' => CAP_ALLOW,
1734             'manager' => CAP_ALLOW
1735         )
1736     ),
1737     'moodle/rating:rate' => array(
1739         'captype' => 'write',
1740         'contextlevel' => CONTEXT_COURSE,
1741         'archetypes' => array(
1742             'user' => CAP_ALLOW,
1743             'student' => CAP_ALLOW,
1744             'teacher' => CAP_ALLOW,
1745             'editingteacher' => CAP_ALLOW,
1746             'manager' => CAP_ALLOW
1747         )
1748     ),
1749      'moodle/course:publish' => array(
1751         'captype' => 'write',
1752         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1753         'contextlevel' => CONTEXT_SYSTEM,
1754         'archetypes' => array(
1755             'manager' => CAP_ALLOW
1756         )
1757     ),
1758     'moodle/course:markcomplete' => array(
1759         'captype' => 'write',
1760         'contextlevel' => CONTEXT_COURSE,
1761         'archetypes' => array(
1762             'teacher' => CAP_ALLOW,
1763             'editingteacher' => CAP_ALLOW,
1764             'coursecreator' => CAP_ALLOW,
1765             'manager' => CAP_ALLOW
1766         )
1767     ),
1768     'moodle/community:add' => array(
1769         'captype' => 'write',
1770         'contextlevel' => CONTEXT_SYSTEM,
1771         'archetypes' => array(
1772             'manager' => CAP_ALLOW,
1773             'teacher' => CAP_ALLOW,
1774             'editingteacher' => CAP_ALLOW,
1775             'coursecreator' => CAP_ALLOW
1776         )
1777     ),
1778     'moodle/community:download' => array(
1779         'captype' => 'write',
1780         'contextlevel' => CONTEXT_SYSTEM,
1781         'archetypes' => array(
1782             'manager' => CAP_ALLOW,
1783             'editingteacher' => CAP_ALLOW,
1784             'coursecreator' => CAP_ALLOW
1785         )
1786     )
1787 );