lib-db-access MDL-25672 editingteacher can no longer delete courses by default.
[moodle.git] / lib / db / access.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * Capability definitions for Moodle core.
20  *
21  * The capabilities are loaded into the database table when the module is
22  * installed or updated. Whenever the capability definitions are updated,
23  * the module version number should be bumped up.
24  *
25  * The system has four possible values for a capability:
26  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
27  *
28  *
29  * CAPABILITY NAMING CONVENTION
30  *
31  * It is important that capability names are unique. The naming convention
32  * for capabilities that are specific to modules and blocks is as follows:
33  *   [mod/block]/<plugin_name>:<capabilityname>
34  *
35  * component_name should be the same as the directory name of the mod or block.
36  *
37  * Core moodle capabilities are defined thus:
38  *    moodle/<capabilityclass>:<capabilityname>
39  *
40  * Examples: mod/forum:viewpost
41  *           block/recent_activity:view
42  *           moodle/site:deleteuser
43  *
44  * The variable name for the capability definitions array is $capabilities
45  *
46  * @package    core
47  * @subpackage role
48  * @copyright  2006 onwards Martin Dougiamas  http://dougiamas.com
49  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
50  */
52 defined('MOODLE_INTERNAL') || die();
54 $capabilities = array(
55     'moodle/site:config' => array(
57         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
59         'captype' => 'write',
60         'contextlevel' => CONTEXT_SYSTEM,
61         'archetypes' => array(
62         )
63     ),
65     'moodle/site:readallmessages' => array(
67         'riskbitmask' => RISK_PERSONAL,
69         'captype' => 'read',
70         'contextlevel' => CONTEXT_SYSTEM,
71         'archetypes' => array(
72             'manager' => CAP_ALLOW,
73             'editingteacher' => CAP_ALLOW
74         )
75     ),
77     'moodle/site:sendmessage' => array(
79         'riskbitmask' => RISK_SPAM,
81         'captype' => 'write',
82         'contextlevel' => CONTEXT_SYSTEM,
83         'archetypes' => array(
84             'manager' => CAP_ALLOW,
85             'user' => CAP_ALLOW
86         )
87     ),
89     'moodle/site:approvecourse' => array(
91         'riskbitmask' => RISK_XSS,
93         'captype' => 'write',
94         'contextlevel' => CONTEXT_SYSTEM,
95         'archetypes' => array(
96             'manager' => CAP_ALLOW
97         )
98     ),
100     'moodle/backup:backupcourse' => array(
102         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
104         'captype' => 'write',
105         'contextlevel' => CONTEXT_COURSE,
106         'archetypes' => array(
107             'editingteacher' => CAP_ALLOW,
108             'manager' => CAP_ALLOW
109         ),
111         'clonepermissionsfrom' =>  'moodle/site:backup'
112     ),
114     'moodle/backup:backupsection' => array(
116         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
118         'captype' => 'write',
119         'contextlevel' => CONTEXT_COURSE,
120         'archetypes' => array(
121             'editingteacher' => CAP_ALLOW,
122             'manager' => CAP_ALLOW
123         ),
125         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
126     ),
128     'moodle/backup:backupactivity' => array(
130         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
132         'captype' => 'write',
133         'contextlevel' => CONTEXT_MODULE,
134         'archetypes' => array(
135             'editingteacher' => CAP_ALLOW,
136             'manager' => CAP_ALLOW
137         ),
139         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
140     ),
142     'moodle/backup:backuptargethub' => array(
144         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
146         'captype' => 'write',
147         'contextlevel' => CONTEXT_COURSE,
148         'archetypes' => array(
149             'editingteacher' => CAP_ALLOW,
150             'manager' => CAP_ALLOW
151         ),
153         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
154     ),
156     'moodle/backup:backuptargetimport' => array(
158         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
160         'captype' => 'write',
161         'contextlevel' => CONTEXT_COURSE,
162         'archetypes' => array(
163             'editingteacher' => CAP_ALLOW,
164             'manager' => CAP_ALLOW
165         ),
167         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
168     ),
170     'moodle/backup:downloadfile' => array(
172         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
174         'captype' => 'write',
175         'contextlevel' => CONTEXT_COURSE,
176         'archetypes' => array(
177             'editingteacher' => CAP_ALLOW,
178             'manager' => CAP_ALLOW
179         ),
181         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
182     ),
184     'moodle/backup:configure' => array(
186         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
188         'captype' => 'write',
189         'contextlevel' => CONTEXT_COURSE,
190         'archetypes' => array(
191             'editingteacher' => CAP_ALLOW,
192             'manager' => CAP_ALLOW
193         )
194     ),
196     'moodle/backup:userinfo' => array(
198         'riskbitmask' => RISK_PERSONAL,
200         'captype' => 'read',
201         'contextlevel' => CONTEXT_COURSE,
202         'archetypes' => array(
203             'manager' => CAP_ALLOW
204         )
205     ),
207     'moodle/backup:anonymise' => array(
209         'riskbitmask' => RISK_PERSONAL,
211         'captype' => 'read',
212         'contextlevel' => CONTEXT_COURSE,
213         'archetypes' => array(
214             'manager' => CAP_ALLOW
215         )
216     ),
218     'moodle/restore:restorecourse' => array(
220         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
222         'captype' => 'write',
223         'contextlevel' => CONTEXT_COURSE,
224         'archetypes' => array(
225             'editingteacher' => CAP_ALLOW,
226             'manager' => CAP_ALLOW
227         ),
229         'clonepermissionsfrom' =>  'moodle/site:restore'
230     ),
232     'moodle/restore:restoresection' => array(
234         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
236         'captype' => 'write',
237         'contextlevel' => CONTEXT_COURSE,
238         'archetypes' => array(
239             'editingteacher' => CAP_ALLOW,
240             'manager' => CAP_ALLOW
241         ),
243         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
244     ),
246     'moodle/restore:restoreactivity' => array(
248         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
250         'captype' => 'write',
251         'contextlevel' => CONTEXT_COURSE,
252         'archetypes' => array(
253             'editingteacher' => CAP_ALLOW,
254             'manager' => CAP_ALLOW
255         ),
257         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
258     ),
260     'moodle/restore:viewautomatedfilearea' => array(
262         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
264         'captype' => 'write',
265         'contextlevel' => CONTEXT_COURSE,
266     ),
268     'moodle/restore:restoretargethub' => array(
270         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
272         'captype' => 'write',
273         'contextlevel' => CONTEXT_COURSE,
274         'archetypes' => array(
275             'editingteacher' => CAP_ALLOW,
276             'manager' => CAP_ALLOW
277         ),
279         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
280     ),
282     'moodle/restore:restoretargetimport' => array(
284         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
286         'captype' => 'write',
287         'contextlevel' => CONTEXT_COURSE,
288         'archetypes' => array(
289             'editingteacher' => CAP_ALLOW,
290             'manager' => CAP_ALLOW
291         ),
293         'clonepermissionsfrom' =>  'moodle/site:import'
294     ),
296     'moodle/restore:uploadfile' => array(
298         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
300         'captype' => 'write',
301         'contextlevel' => CONTEXT_COURSE,
302         'archetypes' => array(
303             'editingteacher' => CAP_ALLOW,
304             'manager' => CAP_ALLOW
305         ),
307         'clonepermissionsfrom' =>  'moodle/site:backupupload'
308     ),
310     'moodle/restore:configure' => array(
312         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
314         'captype' => 'write',
315         'contextlevel' => CONTEXT_COURSE,
316         'archetypes' => array(
317             'editingteacher' => CAP_ALLOW,
318             'manager' => CAP_ALLOW
319         )
320     ),
322     'moodle/restore:rolldates' => array(
324         'captype' => 'write',
325         'contextlevel' => CONTEXT_COURSE,
326         'archetypes' => array(
327             'coursecreator' => CAP_ALLOW,
328             'manager' => CAP_ALLOW
329         )
330     ),
332     'moodle/restore:userinfo' => array(
334         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
336         'captype' => 'write',
337         'contextlevel' => CONTEXT_COURSE,
338         'archetypes' => array(
339             'manager' => CAP_ALLOW
340         )
341     ),
343     'moodle/restore:createuser' => array(
345         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
347         'captype' => 'write',
348         'contextlevel' => CONTEXT_SYSTEM,
349         'archetypes' => array(
350             'manager' => CAP_ALLOW
351         )
352     ),
354     'moodle/site:manageblocks' => array(
356         'riskbitmask' => RISK_SPAM | RISK_XSS,
358         'captype' => 'write',
359         'contextlevel' => CONTEXT_BLOCK,
360         'archetypes' => array(
361             'editingteacher' => CAP_ALLOW,
362             'manager' => CAP_ALLOW
363         )
364     ),
366     'moodle/site:accessallgroups' => array(
368         'captype' => 'read',
369         'contextlevel' => CONTEXT_COURSE,
370         'archetypes' => array(
371             'teacher' => CAP_ALLOW,
372             'editingteacher' => CAP_ALLOW,
373             'manager' => CAP_ALLOW
374         )
375     ),
377     'moodle/site:viewfullnames' => array(
379         'captype' => 'read',
380         'contextlevel' => CONTEXT_COURSE,
381         'archetypes' => array(
382             'teacher' => CAP_ALLOW,
383             'editingteacher' => CAP_ALLOW,
384             'manager' => CAP_ALLOW
385         )
386     ),
388     'moodle/site:viewreports' => array(
390         'riskbitmask' => RISK_PERSONAL,
392         'captype' => 'read',
393         'contextlevel' => CONTEXT_COURSE,
394         'archetypes' => array(
395             'teacher' => CAP_ALLOW,
396             'editingteacher' => CAP_ALLOW,
397             'manager' => CAP_ALLOW
398         )
399     ),
401     'moodle/site:trustcontent' => array(
403         'riskbitmask' => RISK_XSS,
405         'captype' => 'write',
406         'contextlevel' => CONTEXT_COURSE,
407         'archetypes' => array(
408             'editingteacher' => CAP_ALLOW,
409             'manager' => CAP_ALLOW
410         )
411     ),
413     'moodle/site:uploadusers' => array(
415         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
417         'captype' => 'write',
418         'contextlevel' => CONTEXT_SYSTEM,
419         'archetypes' => array(
420             'manager' => CAP_ALLOW
421         )
422     ),
424     // Permission to manage filter setting overrides in subcontexts.
425     'moodle/filter:manage' => array(
427         'captype' => 'write',
428         'contextlevel' => CONTEXT_COURSE,
429         'archetypes' => array(
430             'editingteacher' => CAP_ALLOW,
431             'coursecreator' => CAP_ALLOW,
432             'manager' => CAP_ALLOW,
433         )
434     ),
436     'moodle/user:create' => array(
438         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
440         'captype' => 'write',
441         'contextlevel' => CONTEXT_SYSTEM,
442         'archetypes' => array(
443             'manager' => CAP_ALLOW
444         )
445     ),
447     'moodle/user:delete' => array(
449         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
451         'captype' => 'write',
452         'contextlevel' => CONTEXT_SYSTEM,
453         'archetypes' => array(
454             'manager' => CAP_ALLOW
455         )
456     ),
458     'moodle/user:update' => array(
460         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
462         'captype' => 'write',
463         'contextlevel' => CONTEXT_SYSTEM,
464         'archetypes' => array(
465             'manager' => CAP_ALLOW
466         )
467     ),
469     'moodle/user:viewdetails' => array(
471         'captype' => 'read',
472         'contextlevel' => CONTEXT_COURSE,
473         'archetypes' => array(
474             'guest' => CAP_ALLOW,
475             'student' => CAP_ALLOW,
476             'teacher' => CAP_ALLOW,
477             'editingteacher' => CAP_ALLOW,
478             'manager' => CAP_ALLOW
479         )
480     ),
482     'moodle/user:viewalldetails' => array(
483         'riskbitmask' => RISK_PERSONAL,
484         'captype' => 'read',
485         'contextlevel' => CONTEXT_USER,
486         'archetypes' => array(
487             'manager' => CAP_ALLOW
488         ),
489         'clonepermissionsfrom' => 'moodle/user:update'
490     ),
492     'moodle/user:viewhiddendetails' => array(
494         'riskbitmask' => RISK_PERSONAL,
496         'captype' => 'read',
497         'contextlevel' => CONTEXT_COURSE,
498         'archetypes' => array(
499             'teacher' => CAP_ALLOW,
500             'editingteacher' => CAP_ALLOW,
501             'manager' => CAP_ALLOW
502         )
503     ),
505     'moodle/user:loginas' => array(
507         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
509         'captype' => 'write',
510         'contextlevel' => CONTEXT_COURSE,
511         'archetypes' => array(
512             'manager' => CAP_ALLOW
513         )
514     ),
516     // can the user manage the system default profile page?
517     'moodle/user:managesyspages' => array(
519         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
521         'captype' => 'write',
522         'contextlevel' => CONTEXT_SYSTEM,
523         'archetypes' => array(
524             'manager' => CAP_ALLOW
525         )
526     ),
528     // can the user manage another user's profile page?
529     'moodle/user:manageblocks' => array(
531         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
533         'captype' => 'write',
534         'contextlevel' => CONTEXT_USER
535     ),
537     // can the user manage their own profile page?
538     'moodle/user:manageownblocks' => array(
540         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
542         'captype' => 'write',
543         'contextlevel' => CONTEXT_SYSTEM,
544         'archetypes' => array(
545             'user' => CAP_ALLOW
546         )
547     ),
549     // can the user manage their own files?
550     'moodle/user:manageownfiles' => array(
552         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
554         'captype' => 'write',
555         'contextlevel' => CONTEXT_SYSTEM,
556         'archetypes' => array(
557             'user' => CAP_ALLOW
558         )
559     ),
561     // can the user manage the system default dashboard page?
562     'moodle/my:configsyspages' => array(
564         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
566         'captype' => 'write',
567         'contextlevel' => CONTEXT_SYSTEM,
568         'archetypes' => array(
569             'manager' => CAP_ALLOW
570         )
571     ),
573     'moodle/role:assign' => array(
575         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
577         'captype' => 'write',
578         'contextlevel' => CONTEXT_COURSE,
579         'archetypes' => array(
580             'editingteacher' => CAP_ALLOW,
581             'manager' => CAP_ALLOW
582         )
583     ),
585     'moodle/role:review' => array(
587         'riskbitmask' => RISK_PERSONAL,
589         'captype' => 'read',
590         'contextlevel' => CONTEXT_COURSE,
591         'archetypes' => array(
592             'teacher' => CAP_ALLOW,
593             'editingteacher' => CAP_ALLOW,
594             'manager' => CAP_ALLOW
595         )
596     ),
598     'moodle/role:override' => array(
600         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
602         'captype' => 'write',
603         'contextlevel' => CONTEXT_COURSE,
604         'archetypes' => array(
605             'manager' => CAP_ALLOW
606         )
607     ),
609     'moodle/role:safeoverride' => array(
611         'riskbitmask' => RISK_SPAM,
613         'captype' => 'write',
614         'contextlevel' => CONTEXT_COURSE,
615         'archetypes' => array(
616             'editingteacher' => CAP_ALLOW
617         )
618     ),
620     'moodle/role:manage' => array(
622         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
624         'captype' => 'write',
625         'contextlevel' => CONTEXT_SYSTEM,
626         'archetypes' => array(
627             'manager' => CAP_ALLOW
628         )
629     ),
631     'moodle/role:switchroles' => array(
633         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
635         'captype' => 'read',
636         'contextlevel' => CONTEXT_COURSE,
637         'archetypes' => array(
638             'editingteacher' => CAP_ALLOW,
639             'manager' => CAP_ALLOW
640         )
641     ),
643     // Create, update and delete course categories. (Deleting a course category
644     // does not let you delete the courses it contains, unless you also have
645     // moodle/course: delete.) Creating and deleting requires this permission in
646     // the parent category.
647     'moodle/category:manage' => array(
649         'riskbitmask' => RISK_XSS,
651         'captype' => 'write',
652         'contextlevel' => CONTEXT_COURSECAT,
653         'archetypes' => array(
654             'manager' => CAP_ALLOW
655         ),
656         'clonepermissionsfrom' => 'moodle/category:update'
657     ),
659     'moodle/category:viewhiddencategories' => array(
661         'captype' => 'read',
662         'contextlevel' => CONTEXT_COURSECAT,
663         'archetypes' => array(
664             'coursecreator' => CAP_ALLOW,
665             'manager' => CAP_ALLOW
666         ),
667         'clonepermissionsfrom' => 'moodle/category:visibility'
668     ),
670     // create, delete, move cohorts in system and course categories,
671     // (cohorts with component !== null can be only moved)
672     'moodle/cohort:manage' => array(
674         'captype' => 'write',
675         'contextlevel' => CONTEXT_COURSECAT,
676         'archetypes' => array(
677             'manager' => CAP_ALLOW
678         )
679     ),
681     // add and remove cohort members (only for cohorts where component !== null)
682     'moodle/cohort:assign' => array(
684         'captype' => 'write',
685         'contextlevel' => CONTEXT_COURSECAT,
686         'archetypes' => array(
687             'manager' => CAP_ALLOW
688         )
689     ),
691     // view members of a cohort, this can be used in course context too,
692     // this also controls the ability to actually use cohort
693     'moodle/cohort:view' => array(
695         'captype' => 'read',
696         'contextlevel' => CONTEXT_COURSE,
697         'archetypes' => array(
698             'editingteacher' => CAP_ALLOW,
699             'manager' => CAP_ALLOW
700         )
701     ),
703     'moodle/course:create' => array(
705         'riskbitmask' => RISK_XSS,
707         'captype' => 'write',
708         'contextlevel' => CONTEXT_COURSECAT,
709         'archetypes' => array(
710             'coursecreator' => CAP_ALLOW,
711             'manager' => CAP_ALLOW
712         )
713     ),
715     'moodle/course:request' => array(
716         'captype' => 'write',
717         'contextlevel' => CONTEXT_SYSTEM,
718         'archetypes' => array(
719             'user' => CAP_ALLOW,
720         )
721     ),
723     'moodle/course:delete' => array(
725         'riskbitmask' => RISK_DATALOSS,
727         'captype' => 'write',
728         'contextlevel' => CONTEXT_COURSE,
729         'archetypes' => array(
730             'manager' => CAP_ALLOW
731         )
732     ),
734     'moodle/course:update' => array(
736         'riskbitmask' => RISK_XSS,
738         'captype' => 'write',
739         'contextlevel' => CONTEXT_COURSE,
740         'archetypes' => array(
741             'editingteacher' => CAP_ALLOW,
742             'manager' => CAP_ALLOW
743         )
744     ),
746     'moodle/course:view' => array(
748         'captype' => 'read',
749         'contextlevel' => CONTEXT_COURSE,
750         'archetypes' => array(
751             'manager' => CAP_ALLOW,
752         )
753     ),
755     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
756     'moodle/course:enrolreview' => array(
758         'riskbitmask' => RISK_PERSONAL,
760         'captype' => 'read',
761         'contextlevel' => CONTEXT_COURSE,
762         'archetypes' => array(
763             'editingteacher' => CAP_ALLOW,
764             'manager' => CAP_ALLOW,
765         )
766     ),
768     /* add, remove, hide enrol instances in courses */
769     'moodle/course:enrolconfig' => array(
771         'riskbitmask' => RISK_PERSONAL,
773         'captype' => 'write',
774         'contextlevel' => CONTEXT_COURSE,
775         'archetypes' => array(
776             'editingteacher' => CAP_ALLOW,
777             'manager' => CAP_ALLOW,
778         )
779     ),
781     'moodle/course:bulkmessaging' => array(
783         'riskbitmask' => RISK_SPAM,
785         'captype' => 'write',
786         'contextlevel' => CONTEXT_COURSE,
787         'archetypes' => array(
788             'teacher' => CAP_ALLOW,
789             'editingteacher' => CAP_ALLOW,
790             'manager' => CAP_ALLOW
791         )
792     ),
794     'moodle/course:viewhiddenuserfields' => array(
796         'riskbitmask' => RISK_PERSONAL,
798         'captype' => 'read',
799         'contextlevel' => CONTEXT_COURSE,
800         'archetypes' => array(
801             'teacher' => CAP_ALLOW,
802             'editingteacher' => CAP_ALLOW,
803             'manager' => CAP_ALLOW
804         )
805     ),
807     'moodle/course:viewhiddencourses' => array(
809         'captype' => 'read',
810         'contextlevel' => CONTEXT_COURSE,
811         'archetypes' => array(
812             'coursecreator' => CAP_ALLOW,
813             'teacher' => CAP_ALLOW,
814             'editingteacher' => CAP_ALLOW,
815             'manager' => CAP_ALLOW
816         )
817     ),
819     'moodle/course:visibility' => array(
821         'captype' => 'write',
822         'contextlevel' => CONTEXT_COURSE,
823         'archetypes' => array(
824             'editingteacher' => CAP_ALLOW,
825             'manager' => CAP_ALLOW
826         )
827     ),
829     'moodle/course:managefiles' => array(
831         'riskbitmask' => RISK_XSS,
833         'captype' => 'write',
834         'contextlevel' => CONTEXT_COURSE,
835         'archetypes' => array(
836             'editingteacher' => CAP_ALLOW,
837             'manager' => CAP_ALLOW
838         )
839     ),
841     'moodle/course:manageactivities' => array(
843         'riskbitmask' => RISK_XSS,
845         'captype' => 'write',
846         'contextlevel' => CONTEXT_COURSE,
847         'archetypes' => array(
848             'editingteacher' => CAP_ALLOW,
849             'manager' => CAP_ALLOW
850         )
851     ),
853     'moodle/course:activityvisibility' => array(
855         'captype' => 'write',
856         'contextlevel' => CONTEXT_COURSE,
857         'archetypes' => array(
858             'editingteacher' => CAP_ALLOW,
859             'manager' => CAP_ALLOW
860         )
861     ),
863     'moodle/course:viewhiddenactivities' => array(
865         'captype' => 'write',
866         'contextlevel' => CONTEXT_COURSE,
867         'archetypes' => array(
868             'teacher' => CAP_ALLOW,
869             'editingteacher' => CAP_ALLOW,
870             'manager' => CAP_ALLOW
871         )
872     ),
874     'moodle/course:viewparticipants' => array(
876         'captype' => 'read',
877         'contextlevel' => CONTEXT_COURSE,
878         'archetypes' => array(
879             'student' => CAP_ALLOW,
880             'teacher' => CAP_ALLOW,
881             'editingteacher' => CAP_ALLOW,
882             'manager' => CAP_ALLOW
883         )
884     ),
886     'moodle/course:changefullname' => array(
888         'riskbitmask' => RISK_XSS,
890         'captype' => 'write',
891         'contextlevel' => CONTEXT_COURSE,
892         'archetypes' => array(
893             'editingteacher' => CAP_ALLOW,
894             'manager' => CAP_ALLOW
895         ),
896         'clonepermissionsfrom' => 'moodle/course:update'
897     ),
899     'moodle/course:changeshortname' => array(
901         'riskbitmask' => RISK_XSS,
903         'captype' => 'write',
904         'contextlevel' => CONTEXT_COURSE,
905         'archetypes' => array(
906             'editingteacher' => CAP_ALLOW,
907             'manager' => CAP_ALLOW
908         ),
909         'clonepermissionsfrom' => 'moodle/course:update'
910     ),
912     'moodle/course:changeidnumber' => array(
914         'riskbitmask' => RISK_XSS,
916         'captype' => 'write',
917         'contextlevel' => CONTEXT_COURSE,
918         'archetypes' => array(
919             'editingteacher' => CAP_ALLOW,
920             'manager' => CAP_ALLOW
921         ),
922         'clonepermissionsfrom' => 'moodle/course:update'
923     ),
924     'moodle/course:changecategory' => array(
925         'riskbitmask' => RISK_XSS,
927         'captype' => 'write',
928         'contextlevel' => CONTEXT_COURSE,
929         'archetypes' => array(
930             'editingteacher' => CAP_ALLOW,
931             'manager' => CAP_ALLOW
932         ),
933         'clonepermissionsfrom' => 'moodle/course:update'
934     ),
936     'moodle/course:changesummary' => array(
937         'riskbitmask' => RISK_XSS,
939         'captype' => 'write',
940         'contextlevel' => CONTEXT_COURSE,
941         'archetypes' => array(
942             'editingteacher' => CAP_ALLOW,
943             'manager' => CAP_ALLOW
944         ),
945         'clonepermissionsfrom' => 'moodle/course:update'
946     ),
949     'moodle/site:viewparticipants' => array(
951         'captype' => 'read',
952         'contextlevel' => CONTEXT_SYSTEM,
953         'archetypes' => array(
954             'manager' => CAP_ALLOW
955         )
956     ),
958     'moodle/course:viewscales' => array(
960         'captype' => 'read',
961         'contextlevel' => CONTEXT_COURSE,
962         'archetypes' => array(
963             'student' => CAP_ALLOW,
964             'teacher' => CAP_ALLOW,
965             'editingteacher' => CAP_ALLOW,
966             'manager' => CAP_ALLOW
967         )
968     ),
970     'moodle/course:managescales' => array(
972         'captype' => 'write',
973         'contextlevel' => CONTEXT_COURSE,
974         'archetypes' => array(
975             'editingteacher' => CAP_ALLOW,
976             'manager' => CAP_ALLOW
977         )
978     ),
980     'moodle/course:managegroups' => array(
982         'captype' => 'write',
983         'contextlevel' => CONTEXT_COURSE,
984         'archetypes' => array(
985             'editingteacher' => CAP_ALLOW,
986             'manager' => CAP_ALLOW
987         )
988     ),
990     'moodle/course:reset' => array(
992         'riskbitmask' => RISK_DATALOSS,
994         'captype' => 'write',
995         'contextlevel' => CONTEXT_COURSE,
996         'archetypes' => array(
997             'editingteacher' => CAP_ALLOW,
998             'manager' => CAP_ALLOW
999         )
1000     ),
1002     'moodle/blog:view' => array(
1004         'captype' => 'read',
1005         'contextlevel' => CONTEXT_SYSTEM,
1006         'archetypes' => array(
1007             'guest' => CAP_ALLOW,
1008             'user' => CAP_ALLOW,
1009             'student' => CAP_ALLOW,
1010             'teacher' => CAP_ALLOW,
1011             'editingteacher' => CAP_ALLOW,
1012             'manager' => CAP_ALLOW
1013         )
1014     ),
1016     'moodle/blog:search' => array(
1017         'captype' => 'read',
1018         'contextlevel' => CONTEXT_SYSTEM,
1019         'archetypes' => array(
1020             'guest' => CAP_ALLOW,
1021             'user' => CAP_ALLOW,
1022             'student' => CAP_ALLOW,
1023             'teacher' => CAP_ALLOW,
1024             'editingteacher' => CAP_ALLOW,
1025             'manager' => CAP_ALLOW
1026         )
1027     ),
1029     'moodle/blog:viewdrafts' => array(
1031         'riskbitmask' => RISK_PERSONAL,
1032         'captype' => 'read',
1033         'contextlevel' => CONTEXT_SYSTEM,
1034         'archetypes' => array(
1035             'manager' => CAP_ALLOW
1036         )
1037     ),
1039     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1041         'riskbitmask' => RISK_SPAM,
1043         'captype' => 'write',
1044         'contextlevel' => CONTEXT_SYSTEM,
1045         'archetypes' => array(
1046             'user' => CAP_ALLOW,
1047             'manager' => CAP_ALLOW
1048         )
1049     ),
1051     'moodle/blog:manageentries' => array(
1053         'riskbitmask' => RISK_SPAM,
1055         'captype' => 'write',
1056         'contextlevel' => CONTEXT_SYSTEM,
1057         'archetypes' => array(
1058             'teacher' => CAP_ALLOW,
1059             'editingteacher' => CAP_ALLOW,
1060             'manager' => CAP_ALLOW
1061         )
1062     ),
1064     'moodle/blog:manageexternal' => array(
1066         'riskbitmask' => RISK_SPAM,
1068         'captype' => 'write',
1069         'contextlevel' => CONTEXT_SYSTEM,
1070         'archetypes' => array(
1071             'student' => CAP_ALLOW,
1072             'user' => CAP_ALLOW,
1073             'teacher' => CAP_ALLOW,
1074             'editingteacher' => CAP_ALLOW,
1075             'manager' => CAP_ALLOW
1076         )
1077     ),
1079     'moodle/blog:associatecourse' => array(
1081         'captype' => 'write',
1082         'contextlevel' => CONTEXT_COURSE,
1083         'archetypes' => array(
1084             'student' => CAP_ALLOW,
1085             'user' => CAP_ALLOW,
1086             'teacher' => CAP_ALLOW,
1087             'editingteacher' => CAP_ALLOW,
1088             'manager' => CAP_ALLOW
1089         )
1090     ),
1092     'moodle/blog:associatemodule' => array(
1094         'captype' => 'write',
1095         'contextlevel' => CONTEXT_MODULE,
1096         'archetypes' => array(
1097             'student' => CAP_ALLOW,
1098             'user' => CAP_ALLOW,
1099             'teacher' => CAP_ALLOW,
1100             'editingteacher' => CAP_ALLOW,
1101             'manager' => CAP_ALLOW
1102         )
1103     ),
1105     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1107         'riskbitmask' => RISK_SPAM,
1109         'captype' => 'write',
1110         'contextlevel' => CONTEXT_COURSE,
1111         'archetypes' => array(
1112             'user' => CAP_ALLOW,
1113             'manager' => CAP_ALLOW
1114         )
1115     ),
1117     'moodle/calendar:managegroupentries' => array(
1119         'riskbitmask' => RISK_SPAM,
1121         'captype' => 'write',
1122         'contextlevel' => CONTEXT_COURSE,
1123         'archetypes' => array(
1124             'teacher' => CAP_ALLOW,
1125             'editingteacher' => CAP_ALLOW,
1126             'manager' => CAP_ALLOW
1127         )
1128     ),
1130     'moodle/calendar:manageentries' => array(
1132         'riskbitmask' => RISK_SPAM,
1134         'captype' => 'write',
1135         'contextlevel' => CONTEXT_COURSE,
1136         'archetypes' => array(
1137             'teacher' => CAP_ALLOW,
1138             'editingteacher' => CAP_ALLOW,
1139             'manager' => CAP_ALLOW
1140         )
1141     ),
1143     'moodle/user:editprofile' => array(
1145         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1147         'captype' => 'write',
1148         'contextlevel' => CONTEXT_USER,
1149         'archetypes' => array(
1150             'manager' => CAP_ALLOW
1151         )
1152     ),
1154     'moodle/user:editownprofile' => array(
1156         'riskbitmask' => RISK_SPAM,
1158         'captype' => 'write',
1159         'contextlevel' => CONTEXT_SYSTEM,
1160         'archetypes' => array(
1161             'guest' => CAP_PROHIBIT,
1162             'user' => CAP_ALLOW,
1163             'manager' => CAP_ALLOW
1164         )
1165     ),
1167     'moodle/user:changeownpassword' => array(
1169         'captype' => 'write',
1170         'contextlevel' => CONTEXT_SYSTEM,
1171         'archetypes' => array(
1172             'guest' => CAP_PROHIBIT,
1173             'user' => CAP_ALLOW,
1174             'manager' => CAP_ALLOW
1175         )
1176     ),
1178     // The next 3 might make no sense for some roles, e.g teacher, etc.
1179     // since the next level up is site. These are more for the parent role
1180     'moodle/user:readuserposts' => array(
1182         'captype' => 'read',
1183         'contextlevel' => CONTEXT_USER,
1184         'archetypes' => array(
1185             'student' => CAP_ALLOW,
1186             'teacher' => CAP_ALLOW,
1187             'editingteacher' => CAP_ALLOW,
1188             'manager' => CAP_ALLOW
1189         )
1190     ),
1192     'moodle/user:readuserblogs' => array(
1194         'captype' => 'read',
1195         'contextlevel' => CONTEXT_USER,
1196         'archetypes' => array(
1197             'student' => CAP_ALLOW,
1198             'teacher' => CAP_ALLOW,
1199             'editingteacher' => CAP_ALLOW,
1200             'manager' => CAP_ALLOW
1201         )
1202     ),
1204     // designed for parent role - not used in legacy roles
1205     'moodle/user:viewuseractivitiesreport' => array(
1206         'riskbitmask' => RISK_PERSONAL,
1208         'captype' => 'read',
1209         'contextlevel' => CONTEXT_USER,
1210         'archetypes' => array(
1211         )
1212     ),
1214     //capabilities designed for the new message system configuration
1215     'moodle/user:editmessageprofile' => array(
1217          'riskbitmask' => RISK_SPAM,
1219          'captype' => 'write',
1220          'contextlevel' => CONTEXT_USER,
1221          'archetypes' => array(
1222              'manager' => CAP_ALLOW
1223          )
1224      ),
1226      'moodle/user:editownmessageprofile' => array(
1228          'captype' => 'write',
1229          'contextlevel' => CONTEXT_SYSTEM,
1230          'archetypes' => array(
1231              'guest' => CAP_PROHIBIT,
1232              'user' => CAP_ALLOW,
1233              'manager' => CAP_ALLOW
1234          )
1235      ),
1237     'moodle/question:managecategory' => array(
1238         'riskbitmask' => RISK_SPAM | RISK_XSS,
1239         'captype' => 'write',
1240         'contextlevel' => CONTEXT_COURSE,
1241         'archetypes' => array(
1242             'editingteacher' => CAP_ALLOW,
1243             'manager' => CAP_ALLOW
1244         )
1245     ),
1247     //new in moodle 1.9
1248     'moodle/question:add' => array(
1249         'riskbitmask' => RISK_SPAM | RISK_XSS,
1250         'captype' => 'write',
1251         'contextlevel' => CONTEXT_COURSE,
1252         'archetypes' => array(
1253             'editingteacher' => CAP_ALLOW,
1254             'manager' => CAP_ALLOW
1255         ),
1256         'clonepermissionsfrom' =>  'moodle/question:manage'
1257     ),
1258     'moodle/question:editmine' => array(
1259         'riskbitmask' => RISK_SPAM | RISK_XSS,
1260         'captype' => 'write',
1261         'contextlevel' => CONTEXT_COURSE,
1262         'archetypes' => array(
1263             'editingteacher' => CAP_ALLOW,
1264             'manager' => CAP_ALLOW
1265         ),
1266         'clonepermissionsfrom' =>  'moodle/question:manage'
1267     ),
1268     'moodle/question:editall' => array(
1269         'riskbitmask' => RISK_SPAM | RISK_XSS,
1270         'captype' => 'write',
1271         'contextlevel' => CONTEXT_COURSE,
1272         'archetypes' => array(
1273             'editingteacher' => CAP_ALLOW,
1274             'manager' => CAP_ALLOW
1275         ),
1276         'clonepermissionsfrom' =>  'moodle/question:manage'
1277     ),
1278     'moodle/question:viewmine' => array(
1279         'captype' => 'read',
1280         'contextlevel' => CONTEXT_COURSE,
1281         'archetypes' => array(
1282             'editingteacher' => CAP_ALLOW,
1283             'manager' => CAP_ALLOW
1284         ),
1285         'clonepermissionsfrom' =>  'moodle/question:manage'
1286     ),
1287     'moodle/question:viewall' => array(
1288         'captype' => 'read',
1289         'contextlevel' => CONTEXT_COURSE,
1290         'archetypes' => array(
1291             'editingteacher' => CAP_ALLOW,
1292             'manager' => CAP_ALLOW
1293         ),
1294         'clonepermissionsfrom' =>  'moodle/question:manage'
1295     ),
1296     'moodle/question:usemine' => array(
1297         'captype' => 'read',
1298         'contextlevel' => CONTEXT_COURSE,
1299         'archetypes' => array(
1300             'editingteacher' => CAP_ALLOW,
1301             'manager' => CAP_ALLOW
1302         ),
1303         'clonepermissionsfrom' =>  'moodle/question:manage'
1304     ),
1305     'moodle/question:useall' => array(
1306         'captype' => 'read',
1307         'contextlevel' => CONTEXT_COURSE,
1308         'archetypes' => array(
1309             'editingteacher' => CAP_ALLOW,
1310             'manager' => CAP_ALLOW
1311         ),
1312         'clonepermissionsfrom' =>  'moodle/question:manage'
1313     ),
1314     'moodle/question:movemine' => array(
1315         'captype' => 'write',
1316         'contextlevel' => CONTEXT_COURSE,
1317         'archetypes' => array(
1318             'editingteacher' => CAP_ALLOW,
1319             'manager' => CAP_ALLOW
1320         ),
1321         'clonepermissionsfrom' =>  'moodle/question:manage'
1322     ),
1323     'moodle/question:moveall' => array(
1324         'captype' => 'write',
1325         'contextlevel' => CONTEXT_COURSE,
1326         'archetypes' => array(
1327             'editingteacher' => CAP_ALLOW,
1328             'manager' => CAP_ALLOW
1329         ),
1330         'clonepermissionsfrom' =>  'moodle/question:manage'
1331     ),
1332     //END new in moodle 1.9
1334     // Configure the installed question types.
1335     'moodle/question:config' => array(
1336         'riskbitmask' => RISK_CONFIG,
1337         'captype' => 'write',
1338         'contextlevel' => CONTEXT_SYSTEM,
1339         'archetypes' => array(
1340             'manager' => CAP_ALLOW
1341         )
1342     ),
1344     // While attempting questions, the ability to flag particular questions for later reference.
1345     'moodle/question:flag' => array(
1346         'captype' => 'write',
1347         'contextlevel' => CONTEXT_COURSE,
1348         'archetypes' => array(
1349             'student' => CAP_ALLOW,
1350             'teacher' => CAP_ALLOW,
1351             'editingteacher' => CAP_ALLOW,
1352             'coursecreator' => CAP_ALLOW,
1353             'manager' => CAP_ALLOW
1354         )
1355     ),
1357     'moodle/site:doclinks' => array(
1358         'captype' => 'read',
1359         'contextlevel' => CONTEXT_SYSTEM,
1360         'archetypes' => array(
1361             'teacher' => CAP_ALLOW,
1362             'editingteacher' => CAP_ALLOW,
1363             'manager' => CAP_ALLOW
1364         )
1365     ),
1367     'moodle/course:sectionvisibility' => array(
1369         'captype' => 'write',
1370         'contextlevel' => CONTEXT_COURSE,
1371         'archetypes' => array(
1372             'editingteacher' => CAP_ALLOW,
1373             'manager' => CAP_ALLOW
1374         )
1375     ),
1377     'moodle/course:useremail' => array(
1379         'captype' => 'write',
1380         'contextlevel' => CONTEXT_COURSE,
1381         'archetypes' => array(
1382             'editingteacher' => CAP_ALLOW,
1383             'manager' => CAP_ALLOW
1384         )
1385     ),
1387     'moodle/course:viewhiddensections' => array(
1389         'captype' => 'write',
1390         'contextlevel' => CONTEXT_COURSE,
1391         'archetypes' => array(
1392             'editingteacher' => CAP_ALLOW,
1393             'manager' => CAP_ALLOW
1394         )
1395     ),
1397     'moodle/course:setcurrentsection' => array(
1399         'captype' => 'write',
1400         'contextlevel' => CONTEXT_COURSE,
1401         'archetypes' => array(
1402             'editingteacher' => CAP_ALLOW,
1403             'manager' => CAP_ALLOW
1404         )
1405     ),
1407     'moodle/site:mnetlogintoremote' => array(
1409         'captype' => 'read',
1410         'contextlevel' => CONTEXT_SYSTEM,
1411         'archetypes' => array(
1412         )
1413     ),
1415     'moodle/grade:viewall' => array(
1416         'riskbitmask' => RISK_PERSONAL,
1417         'captype' => 'read',
1418         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1419         'archetypes' => array(
1420             'teacher' => CAP_ALLOW,
1421             'editingteacher' => CAP_ALLOW,
1422             'manager' => CAP_ALLOW
1423         ),
1424         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1425     ),
1427     'moodle/grade:view' => array(
1428         'captype' => 'read',
1429         'contextlevel' => CONTEXT_COURSE,
1430         'archetypes' => array(
1431             'student' => CAP_ALLOW
1432         )
1433     ),
1435     'moodle/grade:viewhidden' => array(
1436         'riskbitmask' => RISK_PERSONAL,
1437         'captype' => 'read',
1438         'contextlevel' => CONTEXT_COURSE,
1439         'archetypes' => array(
1440             'teacher' => CAP_ALLOW,
1441             'editingteacher' => CAP_ALLOW,
1442             'manager' => CAP_ALLOW
1443         ),
1444         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1445     ),
1447     'moodle/grade:import' => array(
1448         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1449         'captype' => 'write',
1450         'contextlevel' => CONTEXT_COURSE,
1451         'archetypes' => array(
1452             'editingteacher' => CAP_ALLOW,
1453             'manager' => CAP_ALLOW
1454         ),
1455         'clonepermissionsfrom' => 'moodle/course:managegrades'
1456     ),
1458     'moodle/grade:export' => array(
1459         'riskbitmask' => RISK_PERSONAL,
1460         'captype' => 'read',
1461         'contextlevel' => CONTEXT_COURSE,
1462         'archetypes' => array(
1463             'teacher' => CAP_ALLOW,
1464             'editingteacher' => CAP_ALLOW,
1465             'manager' => CAP_ALLOW
1466         ),
1467         'clonepermissionsfrom' => 'moodle/course:managegrades'
1468     ),
1470     'moodle/grade:manage' => array(
1471         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1472         'captype' => 'write',
1473         'contextlevel' => CONTEXT_COURSE,
1474         'archetypes' => array(
1475             'editingteacher' => CAP_ALLOW,
1476             'manager' => CAP_ALLOW
1477         ),
1478         'clonepermissionsfrom' => 'moodle/course:managegrades'
1479     ),
1481     'moodle/grade:edit' => array(
1482         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1483         'captype' => 'write',
1484         'contextlevel' => CONTEXT_COURSE,
1485         'archetypes' => array(
1486             'editingteacher' => CAP_ALLOW,
1487             'manager' => CAP_ALLOW
1488         ),
1489         'clonepermissionsfrom' => 'moodle/course:managegrades'
1490     ),
1492     'moodle/grade:manageoutcomes' => array(
1493         'captype' => 'write',
1494         'contextlevel' => CONTEXT_COURSE,
1495         'archetypes' => array(
1496             'editingteacher' => CAP_ALLOW,
1497             'manager' => CAP_ALLOW
1498         ),
1499         'clonepermissionsfrom' => 'moodle/course:managegrades'
1500     ),
1502     'moodle/grade:manageletters' => array(
1503         'captype' => 'write',
1504         'contextlevel' => CONTEXT_COURSE,
1505         'archetypes' => array(
1506             'editingteacher' => CAP_ALLOW,
1507             'manager' => CAP_ALLOW
1508         ),
1509         'clonepermissionsfrom' => 'moodle/course:managegrades'
1510     ),
1512     'moodle/grade:hide' => array(
1513         'captype' => 'write',
1514         'contextlevel' => CONTEXT_COURSE,
1515         'archetypes' => array(
1516             'editingteacher' => CAP_ALLOW,
1517             'manager' => CAP_ALLOW
1518         )
1519     ),
1521     'moodle/grade:lock' => array(
1522         'captype' => 'write',
1523         'contextlevel' => CONTEXT_COURSE,
1524         'archetypes' => array(
1525             'editingteacher' => CAP_ALLOW,
1526             'manager' => CAP_ALLOW
1527         )
1528     ),
1530     'moodle/grade:unlock' => array(
1531         'captype' => 'write',
1532         'contextlevel' => CONTEXT_COURSE,
1533         'archetypes' => array(
1534             'editingteacher' => CAP_ALLOW,
1535             'manager' => CAP_ALLOW
1536         )
1537     ),
1539     'moodle/my:manageblocks' => array(
1540         'captype' => 'write',
1541         'contextlevel' => CONTEXT_SYSTEM,
1542         'archetypes' => array(
1543             'user' => CAP_ALLOW
1544         )
1545     ),
1547     'moodle/notes:view' => array(
1548         'captype' => 'read',
1549         'contextlevel' => CONTEXT_COURSE,
1550         'archetypes' => array(
1551             'teacher' => CAP_ALLOW,
1552             'editingteacher' => CAP_ALLOW,
1553             'manager' => CAP_ALLOW
1554         )
1555     ),
1557     'moodle/notes:manage' => array(
1558         'riskbitmask' => RISK_SPAM,
1560         'captype' => 'write',
1561         'contextlevel' => CONTEXT_COURSE,
1562         'archetypes' => array(
1563             'teacher' => CAP_ALLOW,
1564             'editingteacher' => CAP_ALLOW,
1565             'manager' => CAP_ALLOW
1566         )
1567     ),
1569     'moodle/tag:manage' => array(
1570         'riskbitmask' => RISK_SPAM,
1572         'captype' => 'write',
1573         'contextlevel' => CONTEXT_SYSTEM,
1574         'archetypes' => array(
1575             'teacher' => CAP_ALLOW,
1576             'editingteacher' => CAP_ALLOW,
1577             'manager' => CAP_ALLOW
1578         )
1579     ),
1581     'moodle/tag:create' => array(
1582         'riskbitmask' => RISK_SPAM,
1584         'captype' => 'write',
1585         'contextlevel' => CONTEXT_SYSTEM,
1586         'archetypes' => array(
1587             'manager' => CAP_ALLOW,
1588             'user' => CAP_ALLOW
1589         )
1590     ),
1592     'moodle/tag:edit' => array(
1593         'riskbitmask' => RISK_SPAM,
1595         'captype' => 'write',
1596         'contextlevel' => CONTEXT_SYSTEM,
1597         'archetypes' => array(
1598             'manager' => CAP_ALLOW,
1599             'user' => CAP_ALLOW
1600         )
1601     ),
1603     'moodle/tag:editblocks' => array(
1604         'captype' => 'write',
1605         'contextlevel' => CONTEXT_SYSTEM,
1606         'archetypes' => array(
1607             'teacher' => CAP_ALLOW,
1608             'editingteacher' => CAP_ALLOW,
1609             'manager' => CAP_ALLOW
1610         )
1611     ),
1613     'moodle/block:view' => array(
1614         'captype' => 'read',
1615         'contextlevel' => CONTEXT_BLOCK,
1616         'archetypes' => array(
1617             'guest' => CAP_ALLOW,
1618             'user' => CAP_ALLOW,
1619             'student' => CAP_ALLOW,
1620             'teacher' => CAP_ALLOW,
1621             'editingteacher' => CAP_ALLOW,
1622             'coursecreator' => CAP_ALLOW
1623         )
1624     ),
1626     'moodle/block:edit' => array(
1627         'riskbitmask' => RISK_SPAM | RISK_XSS,
1629         'captype' => 'write',
1630         'contextlevel' => CONTEXT_BLOCK,
1631         'archetypes' => array(
1632             'editingteacher' => CAP_ALLOW,
1633             'coursecreator' => CAP_ALLOW
1634         )
1635     ),
1637     'moodle/portfolio:export' => array(
1638         'captype' => 'read',
1639         'contextlevel' => CONTEXT_SYSTEM,
1640         'archetypes' => array(
1641             'user' => CAP_ALLOW,
1642             'student' => CAP_ALLOW,
1643             'teacher' => CAP_ALLOW,
1644             'editingteacher' => CAP_ALLOW,
1645             'coursecreator' => CAP_ALLOW
1646         )
1647     ),
1648     'moodle/comment:view' => array(
1650         'captype' => 'read',
1651         'contextlevel' => CONTEXT_COURSE,
1652         'archetypes' => array(
1653             'user' => CAP_ALLOW,
1654             'student' => CAP_ALLOW,
1655             'teacher' => CAP_ALLOW,
1656             'editingteacher' => CAP_ALLOW,
1657             'coursecreator' => CAP_ALLOW,
1658             'manager' => CAP_ALLOW
1659         )
1660     ),
1661     'moodle/comment:post' => array(
1663         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1664         'captype' => 'write',
1665         'contextlevel' => CONTEXT_COURSE,
1666         'archetypes' => array(
1667             'user' => CAP_ALLOW,
1668             'student' => CAP_ALLOW,
1669             'teacher' => CAP_ALLOW,
1670             'editingteacher' => CAP_ALLOW,
1671             'coursecreator' => CAP_ALLOW,
1672             'manager' => CAP_ALLOW
1673         )
1674     ),
1675     'moodle/comment:delete' => array(
1677         'riskbitmask' => RISK_DATALOSS,
1678         'captype' => 'write',
1679         'contextlevel' => CONTEXT_COURSE,
1680         'archetypes' => array(
1681             'editingteacher' => CAP_ALLOW,
1682             'coursecreator' => CAP_ALLOW,
1683             'manager' => CAP_ALLOW
1684         )
1685     ),
1686     'moodle/webservice:createtoken' => array(
1688         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1689         'captype' => 'write',
1690         'contextlevel' => CONTEXT_SYSTEM,
1691         'archetypes' => array(
1692             'manager' => CAP_ALLOW
1693         )
1694     ),
1695     'moodle/rating:view' => array(
1697         'captype' => 'read',
1698         'contextlevel' => CONTEXT_COURSE,
1699         'archetypes' => array(
1700             'user' => CAP_ALLOW,
1701             'student' => CAP_ALLOW,
1702             'teacher' => CAP_ALLOW,
1703             'editingteacher' => CAP_ALLOW,
1704             'manager' => CAP_ALLOW
1705         )
1706     ),
1707     'moodle/rating:viewany' => array(
1709         'riskbitmask' => RISK_PERSONAL,
1710         'captype' => 'read',
1711         'contextlevel' => CONTEXT_COURSE,
1712         'archetypes' => array(
1713             'user' => CAP_ALLOW,
1714             'student' => CAP_ALLOW,
1715             'teacher' => CAP_ALLOW,
1716             'editingteacher' => CAP_ALLOW,
1717             'manager' => CAP_ALLOW
1718         )
1719     ),
1720     'moodle/rating:viewall' => array(
1722         'riskbitmask' => RISK_PERSONAL,
1723         'captype' => 'read',
1724         'contextlevel' => CONTEXT_COURSE,
1725         'archetypes' => array(
1726             'user' => CAP_ALLOW,
1727             'student' => CAP_ALLOW,
1728             'teacher' => CAP_ALLOW,
1729             'editingteacher' => CAP_ALLOW,
1730             'manager' => CAP_ALLOW
1731         )
1732     ),
1733     'moodle/rating:rate' => array(
1735         'captype' => 'write',
1736         'contextlevel' => CONTEXT_COURSE,
1737         'archetypes' => array(
1738             'user' => CAP_ALLOW,
1739             'student' => CAP_ALLOW,
1740             'teacher' => CAP_ALLOW,
1741             'editingteacher' => CAP_ALLOW,
1742             'manager' => CAP_ALLOW
1743         )
1744     ),
1745      'moodle/course:publish' => array(
1747         'captype' => 'write',
1748         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1749         'contextlevel' => CONTEXT_SYSTEM,
1750         'archetypes' => array(
1751             'manager' => CAP_ALLOW
1752         )
1753     ),
1754     'moodle/course:markcomplete' => array(
1755         'captype' => 'write',
1756         'contextlevel' => CONTEXT_COURSE,
1757         'archetypes' => array(
1758             'teacher' => CAP_ALLOW,
1759             'editingteacher' => CAP_ALLOW,
1760             'coursecreator' => CAP_ALLOW,
1761             'manager' => CAP_ALLOW
1762         )
1763     ),
1764     'moodle/community:add' => array(
1765         'captype' => 'write',
1766         'contextlevel' => CONTEXT_SYSTEM,
1767         'archetypes' => array(
1768             'manager' => CAP_ALLOW,
1769             'teacher' => CAP_ALLOW,
1770             'editingteacher' => CAP_ALLOW,
1771             'coursecreator' => CAP_ALLOW
1772         )
1773     ),
1774     'moodle/community:download' => array(
1775         'captype' => 'write',
1776         'contextlevel' => CONTEXT_SYSTEM,
1777         'archetypes' => array(
1778             'manager' => CAP_ALLOW,
1779             'editingteacher' => CAP_ALLOW,
1780             'coursecreator' => CAP_ALLOW
1781         )
1782     )
1783 );