Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
  • Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Capability definitions for this module.
  19   *
  20   * @package   tool_dataprivacy
  21   * @copyright 2018 onwards Jun Pataleta
  22   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  $capabilities = [
  28  
  29      // Capability for managing data requests. Usually given to the site's Data Protection Officer.
  30      'tool/dataprivacy:managedatarequests' => [
  31          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_DATALOSS,
  32          'captype' => 'write',
  33          'contextlevel' => CONTEXT_SYSTEM,
  34          'archetypes' => []
  35      ],
  36  
  37      // Capability for create new delete data request. Usually given to the site's Protection Officer.
  38      'tool/dataprivacy:requestdeleteforotheruser' => [
  39          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_DATALOSS,
  40          'captype' => 'write',
  41          'contextlevel' => CONTEXT_SYSTEM,
  42          'archetypes' => [],
  43          'clonepermissionsfrom' => 'tool/dataprivacy:managedatarequests'
  44      ],
  45  
  46      // Capability for managing the data registry. Usually given to the site's Data Protection Officer.
  47      'tool/dataprivacy:managedataregistry' => [
  48          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_DATALOSS,
  49          'captype' => 'write',
  50          'contextlevel' => CONTEXT_SYSTEM,
  51          'archetypes' => []
  52      ],
  53  
  54      // Capability for parents/guardians to make data requests on behalf of their children.
  55      'tool/dataprivacy:makedatarequestsforchildren' => [
  56          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
  57          'captype' => 'write',
  58          'contextlevel' => CONTEXT_USER,
  59          'archetypes' => []
  60      ],
  61  
  62      // Capability for parents/guardians to make delete data requests on behalf of their children.
  63      'tool/dataprivacy:makedatadeletionrequestsforchildren' => [
  64          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
  65          'captype' => 'write',
  66          'contextlevel' => CONTEXT_USER,
  67          'archetypes' => [],
  68          'clonepermissionsfrom' => 'tool/dataprivacy:makedatarequestsforchildren'
  69      ],
  70  
  71      // Capability for users to download the results of their own data request.
  72      'tool/dataprivacy:downloadownrequest' => [
  73          'riskbitmask' => 0,
  74          'captype' => 'read',
  75          'contextlevel' => CONTEXT_USER,
  76          'archetypes' => [
  77              'user' => CAP_ALLOW
  78          ]
  79      ],
  80  
  81      // Capability for administrators to download other people's data requests.
  82      'tool/dataprivacy:downloadallrequests' => [
  83          'riskbitmask' => RISK_PERSONAL,
  84          'captype' => 'read',
  85          'contextlevel' => CONTEXT_USER,
  86          'archetypes' => []
  87      ],
  88  
  89      // Capability for users to create delete data request for their own.
  90      'tool/dataprivacy:requestdelete' => [
  91          'riskbitmask' => RISK_DATALOSS,
  92          'captype' => 'write',
  93          'contextlevel' => CONTEXT_USER,
  94          'archetypes' => [
  95              'user' => CAP_ALLOW
  96          ]
  97      ]
  98  ];