Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.0.x will end 8 May 2023 (12 months).
  • Bug fixes for security issues in 4.0.x will end 13 November 2023 (18 months).
  • PHP version: minimum PHP 7.3.0 Note: the minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is also supported.
/lib/db/ -> access.php (source)

Differences Between: [Versions 310 and 400] [Versions 311 and 400] [Versions 39 and 400] [Versions 400 and 401] [Versions 400 and 402] [Versions 400 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Capability definitions for Moodle core.
  19   *
  20   * The capabilities are loaded into the database table when the module is
  21   * installed or updated. Whenever the capability definitions are updated,
  22   * the module version number should be bumped up.
  23   *
  24   * The system has four possible values for a capability:
  25   * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
  26   *
  27   *
  28   * CAPABILITY NAMING CONVENTION
  29   *
  30   * It is important that capability names are unique. The naming convention
  31   * for capabilities that are specific to modules and blocks is as follows:
  32   *   [mod/block]/<plugin_name>:<capabilityname>
  33   *
  34   * component_name should be the same as the directory name of the mod or block.
  35   *
  36   * Core moodle capabilities are defined thus:
  37   *    moodle/<capabilityclass>:<capabilityname>
  38   *
  39   * Examples: mod/forum:viewpost
  40   *           block/recent_activity:view
  41   *           moodle/site:deleteuser
  42   *
  43   * The variable name for the capability definitions array is $capabilities
  44   *
  45   * For more information, take a look to the documentation available:
  46   *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
  47   *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
  48   *
  49   * @package   core_access
  50   * @category  access
  51   * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
  52   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  53   */
  54  
  55  defined('MOODLE_INTERNAL') || die();
  56  
  57  $capabilities = array(
  58      'moodle/site:config' => array(
  59  
  60          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
  61  
  62          'captype' => 'write',
  63          'contextlevel' => CONTEXT_SYSTEM,
  64          'archetypes' => array(
  65          )
  66      ),
  67      'moodle/site:configview' => array(
  68          'captype' => 'read',
  69          'contextlevel' => CONTEXT_SYSTEM,
  70          'archetypes' => array(
  71              'manager' => CAP_ALLOW,
  72              'coursecreator' => CAP_ALLOW,
  73          )
  74      ),
  75  
  76      'moodle/site:readallmessages' => array(
  77  
  78          'riskbitmask' => RISK_PERSONAL,
  79  
  80          'captype' => 'read',
  81          'contextlevel' => CONTEXT_SYSTEM,
  82          'archetypes' => array(
  83              'manager' => CAP_ALLOW,
  84              'editingteacher' => CAP_ALLOW
  85          )
  86      ),
  87  
  88      'moodle/site:manageallmessaging' => array(
  89  
  90          'riskbitmask' => RISK_PERSONAL,
  91  
  92          'captype' => 'write',
  93          'contextlevel' => CONTEXT_SYSTEM,
  94          'archetypes' => array(
  95              'manager' => CAP_ALLOW
  96          )
  97      ),
  98  
  99      'moodle/site:deleteanymessage' => array(
 100  
 101          'riskbitmask' => RISK_DATALOSS,
 102  
 103          'captype' => 'write',
 104          'contextlevel' => CONTEXT_SYSTEM,
 105          'archetypes' => array(
 106              'manager' => CAP_ALLOW
 107          )
 108      ),
 109  
 110      'moodle/site:sendmessage' => array(
 111  
 112          'riskbitmask' => RISK_SPAM,
 113  
 114          'captype' => 'write',
 115          'contextlevel' => CONTEXT_SYSTEM,
 116          'archetypes' => array(
 117              'manager' => CAP_ALLOW,
 118              'user' => CAP_ALLOW
 119          )
 120      ),
 121  
 122      'moodle/site:senderrormessage' => [
 123          'riskbitmask' => RISK_SPAM,
 124          'captype' => 'write',
 125          'contextlevel' => CONTEXT_SYSTEM,
 126          'archetypes' => array(
 127              'user' => CAP_ALLOW
 128          )
 129      ],
 130  
 131      'moodle/site:deleteownmessage' => array(
 132  
 133          'captype' => 'write',
 134          'contextlevel' => CONTEXT_SYSTEM,
 135          'archetypes' => array(
 136              'user' => CAP_ALLOW
 137          )
 138      ),
 139  
 140      'moodle/site:approvecourse' => array(
 141  
 142          'riskbitmask' => RISK_XSS,
 143  
 144          'captype' => 'write',
 145          'contextlevel' => CONTEXT_COURSECAT,
 146          'archetypes' => array(
 147              'manager' => CAP_ALLOW
 148          )
 149      ),
 150  
 151      'moodle/backup:backupcourse' => array(
 152  
 153          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 154  
 155          'captype' => 'write',
 156          'contextlevel' => CONTEXT_COURSE,
 157          'archetypes' => array(
 158              'editingteacher' => CAP_ALLOW,
 159              'manager' => CAP_ALLOW
 160          ),
 161  
 162          'clonepermissionsfrom' =>  'moodle/site:backup'
 163      ),
 164  
 165      'moodle/backup:backupsection' => array(
 166  
 167          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 168  
 169          'captype' => 'write',
 170          'contextlevel' => CONTEXT_COURSE,
 171          'archetypes' => array(
 172              'editingteacher' => CAP_ALLOW,
 173              'manager' => CAP_ALLOW
 174          ),
 175  
 176          'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
 177      ),
 178  
 179      'moodle/backup:backupactivity' => array(
 180  
 181          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 182  
 183          'captype' => 'write',
 184          'contextlevel' => CONTEXT_MODULE,
 185          'archetypes' => array(
 186              'editingteacher' => CAP_ALLOW,
 187              'manager' => CAP_ALLOW
 188          ),
 189  
 190          'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
 191      ),
 192  
 193      'moodle/backup:backuptargetimport' => array(
 194  
 195          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 196  
 197          'captype' => 'read',
 198          'contextlevel' => CONTEXT_COURSE,
 199          'archetypes' => array(
 200              'editingteacher' => CAP_ALLOW,
 201              'manager' => CAP_ALLOW
 202          ),
 203  
 204          'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
 205      ),
 206  
 207      'moodle/backup:downloadfile' => array(
 208  
 209          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 210  
 211          'captype' => 'write',
 212          'contextlevel' => CONTEXT_COURSE,
 213          'archetypes' => array(
 214              'editingteacher' => CAP_ALLOW,
 215              'manager' => CAP_ALLOW
 216          ),
 217  
 218          'clonepermissionsfrom' =>  'moodle/site:backupdownload'
 219      ),
 220  
 221      'moodle/backup:configure' => array(
 222  
 223          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 224  
 225          'captype' => 'write',
 226          'contextlevel' => CONTEXT_COURSE,
 227          'archetypes' => array(
 228              'editingteacher' => CAP_ALLOW,
 229              'manager' => CAP_ALLOW
 230          )
 231      ),
 232  
 233      'moodle/backup:userinfo' => array(
 234  
 235          'riskbitmask' => RISK_PERSONAL,
 236  
 237          'captype' => 'read',
 238          'contextlevel' => CONTEXT_COURSE,
 239          'archetypes' => array(
 240              'manager' => CAP_ALLOW
 241          )
 242      ),
 243  
 244      'moodle/backup:anonymise' => array(
 245  
 246          'riskbitmask' => RISK_PERSONAL,
 247  
 248          'captype' => 'read',
 249          'contextlevel' => CONTEXT_COURSE,
 250          'archetypes' => array(
 251              'manager' => CAP_ALLOW
 252          )
 253      ),
 254  
 255      'moodle/restore:restorecourse' => array(
 256  
 257          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 258  
 259          'captype' => 'write',
 260          'contextlevel' => CONTEXT_COURSE,
 261          'archetypes' => array(
 262              'editingteacher' => CAP_ALLOW,
 263              'manager' => CAP_ALLOW
 264          ),
 265  
 266          'clonepermissionsfrom' =>  'moodle/site:restore'
 267      ),
 268  
 269      'moodle/restore:restoresection' => array(
 270  
 271          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 272  
 273          'captype' => 'write',
 274          'contextlevel' => CONTEXT_COURSE,
 275          'archetypes' => array(
 276              'editingteacher' => CAP_ALLOW,
 277              'manager' => CAP_ALLOW
 278          ),
 279  
 280          'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
 281      ),
 282  
 283      'moodle/restore:restoreactivity' => array(
 284  
 285          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 286  
 287          'captype' => 'write',
 288          'contextlevel' => CONTEXT_COURSE,
 289          'archetypes' => array(
 290              'editingteacher' => CAP_ALLOW,
 291              'manager' => CAP_ALLOW
 292          ),
 293  
 294          'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
 295      ),
 296  
 297      'moodle/restore:viewautomatedfilearea' => array(
 298  
 299          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 300  
 301          'captype' => 'write',
 302          'contextlevel' => CONTEXT_COURSE,
 303          'archetypes' => array(
 304              'editingteacher' => CAP_ALLOW,
 305              'manager' => CAP_ALLOW
 306          ),
 307      ),
 308  
 309      'moodle/restore:restoretargetimport' => array(
 310  
 311          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 312  
 313          'captype' => 'write',
 314          'contextlevel' => CONTEXT_COURSE,
 315          'archetypes' => array(
 316              'editingteacher' => CAP_ALLOW,
 317              'manager' => CAP_ALLOW
 318          ),
 319  
 320          'clonepermissionsfrom' =>  'moodle/site:import'
 321      ),
 322  
 323      'moodle/restore:uploadfile' => array(
 324  
 325          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 326  
 327          'captype' => 'write',
 328          'contextlevel' => CONTEXT_COURSE,
 329          'archetypes' => array(
 330              'editingteacher' => CAP_ALLOW,
 331              'manager' => CAP_ALLOW
 332          ),
 333  
 334          'clonepermissionsfrom' =>  'moodle/site:backupupload'
 335      ),
 336  
 337      'moodle/restore:configure' => array(
 338  
 339          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 340  
 341          'captype' => 'write',
 342          'contextlevel' => CONTEXT_COURSE,
 343          'archetypes' => array(
 344              'editingteacher' => CAP_ALLOW,
 345              'manager' => CAP_ALLOW
 346          )
 347      ),
 348  
 349      'moodle/restore:rolldates' => array(
 350  
 351          'captype' => 'write',
 352          'contextlevel' => CONTEXT_COURSE,
 353          'archetypes' => array(
 354              'coursecreator' => CAP_ALLOW,
 355              'manager' => CAP_ALLOW
 356          )
 357      ),
 358  
 359      'moodle/restore:userinfo' => array(
 360  
 361          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
 362  
 363          'captype' => 'write',
 364          'contextlevel' => CONTEXT_COURSE,
 365          'archetypes' => array(
 366              'manager' => CAP_ALLOW
 367          )
 368      ),
 369  
 370      'moodle/restore:createuser' => array(
 371  
 372          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
 373  
 374          'captype' => 'write',
 375          'contextlevel' => CONTEXT_SYSTEM,
 376          'archetypes' => array(
 377              'manager' => CAP_ALLOW
 378          )
 379      ),
 380  
 381      'moodle/site:manageblocks' => array(
 382  
 383          'riskbitmask' => RISK_SPAM | RISK_XSS,
 384  
 385          'captype' => 'write',
 386          'contextlevel' => CONTEXT_BLOCK,
 387          'archetypes' => array(
 388              'editingteacher' => CAP_ALLOW,
 389              'manager' => CAP_ALLOW
 390          )
 391      ),
 392  
 393      'moodle/site:accessallgroups' => array(
 394  
 395          'captype' => 'read',
 396          'contextlevel' => CONTEXT_MODULE,
 397          'archetypes' => array(
 398              'editingteacher' => CAP_ALLOW,
 399              'manager' => CAP_ALLOW
 400          )
 401      ),
 402  
 403      'moodle/site:viewanonymousevents' => array(
 404  
 405          'riskbitmask' => RISK_PERSONAL,
 406  
 407          'captype' => 'read',
 408          'contextlevel' => CONTEXT_MODULE,
 409          'archetypes' => array(
 410              'manager' => CAP_ALLOW,
 411          )
 412      ),
 413  
 414      'moodle/site:viewfullnames' => array(
 415  
 416          'captype' => 'read',
 417          'contextlevel' => CONTEXT_MODULE,
 418          'archetypes' => array(
 419              'teacher' => CAP_ALLOW,
 420              'editingteacher' => CAP_ALLOW,
 421              'manager' => CAP_ALLOW
 422          )
 423      ),
 424  
 425      // In reports that give lists of users, extra information about each user's
 426      // identity (the fields configured in site option showuseridentity) will be
 427      // displayed to users who have this capability.
 428      'moodle/site:viewuseridentity' => array(
 429  
 430          'captype' => 'read',
 431          'contextlevel' => CONTEXT_MODULE,
 432          'archetypes' => array(
 433              'teacher' => CAP_ALLOW,
 434              'editingteacher' => CAP_ALLOW,
 435              'manager' => CAP_ALLOW
 436          )
 437      ),
 438  
 439      'moodle/site:viewreports' => array(
 440  
 441          'riskbitmask' => RISK_PERSONAL,
 442  
 443          'captype' => 'read',
 444          'contextlevel' => CONTEXT_COURSE,
 445          'archetypes' => array(
 446              'teacher' => CAP_ALLOW,
 447              'editingteacher' => CAP_ALLOW,
 448              'manager' => CAP_ALLOW
 449          )
 450      ),
 451  
 452      'moodle/site:trustcontent' => array(
 453  
 454          'riskbitmask' => RISK_XSS,
 455  
 456          'captype' => 'write',
 457          'contextlevel' => CONTEXT_MODULE,
 458          'archetypes' => array(
 459              'editingteacher' => CAP_ALLOW,
 460              'manager' => CAP_ALLOW
 461          )
 462      ),
 463  
 464      'moodle/site:uploadusers' => array(
 465  
 466          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
 467  
 468          'captype' => 'write',
 469          'contextlevel' => CONTEXT_SYSTEM,
 470          'archetypes' => array(
 471              'manager' => CAP_ALLOW
 472          )
 473      ),
 474  
 475      // Permission to manage filter setting overrides in subcontexts.
 476      'moodle/filter:manage' => array(
 477  
 478          'captype' => 'write',
 479          'contextlevel' => CONTEXT_COURSE,
 480          'archetypes' => array(
 481              'editingteacher' => CAP_ALLOW,
 482              'manager' => CAP_ALLOW,
 483          )
 484      ),
 485  
 486      'moodle/user:create' => array(
 487  
 488          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
 489  
 490          'captype' => 'write',
 491          'contextlevel' => CONTEXT_SYSTEM,
 492          'archetypes' => array(
 493              'manager' => CAP_ALLOW
 494          )
 495      ),
 496  
 497      'moodle/user:delete' => array(
 498  
 499          'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS,
 500  
 501          'captype' => 'write',
 502          'contextlevel' => CONTEXT_SYSTEM,
 503          'archetypes' => array(
 504              'manager' => CAP_ALLOW
 505          )
 506      ),
 507  
 508      'moodle/user:update' => array(
 509  
 510          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
 511  
 512          'captype' => 'write',
 513          'contextlevel' => CONTEXT_SYSTEM,
 514          'archetypes' => array(
 515              'manager' => CAP_ALLOW
 516          )
 517      ),
 518  
 519      'moodle/user:viewdetails' => array(
 520  
 521          'captype' => 'read',
 522          'contextlevel' => CONTEXT_COURSE,
 523          'archetypes' => array(
 524              'guest' => CAP_ALLOW,
 525              'student' => CAP_ALLOW,
 526              'teacher' => CAP_ALLOW,
 527              'editingteacher' => CAP_ALLOW,
 528              'manager' => CAP_ALLOW
 529          )
 530      ),
 531  
 532      'moodle/user:viewalldetails' => array(
 533          'riskbitmask' => RISK_PERSONAL,
 534          'captype' => 'read',
 535          'contextlevel' => CONTEXT_USER,
 536          'archetypes' => array(
 537              'manager' => CAP_ALLOW
 538          ),
 539          'clonepermissionsfrom' => 'moodle/user:update'
 540      ),
 541  
 542      'moodle/user:viewlastip' => array(
 543          'riskbitmask' => RISK_PERSONAL,
 544          'captype' => 'read',
 545          'contextlevel' => CONTEXT_USER,
 546          'archetypes' => array(
 547              'manager' => CAP_ALLOW
 548          ),
 549          'clonepermissionsfrom' => 'moodle/user:update'
 550      ),
 551  
 552      'moodle/user:viewhiddendetails' => array(
 553  
 554          'riskbitmask' => RISK_PERSONAL,
 555  
 556          'captype' => 'read',
 557          'contextlevel' => CONTEXT_COURSE,
 558          'archetypes' => array(
 559              'teacher' => CAP_ALLOW,
 560              'editingteacher' => CAP_ALLOW,
 561              'manager' => CAP_ALLOW
 562          )
 563      ),
 564  
 565      'moodle/user:loginas' => array(
 566  
 567          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
 568  
 569          'captype' => 'write',
 570          'contextlevel' => CONTEXT_COURSE,
 571          'archetypes' => array(
 572              'manager' => CAP_ALLOW
 573          )
 574      ),
 575  
 576      // can the user manage the system default profile page?
 577      'moodle/user:managesyspages' => array(
 578  
 579          'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
 580  
 581          'captype' => 'write',
 582          'contextlevel' => CONTEXT_SYSTEM,
 583          'archetypes' => array(
 584              'manager' => CAP_ALLOW
 585          )
 586      ),
 587  
 588      // can the user manage another user's profile page?
 589      'moodle/user:manageblocks' => array(
 590  
 591          'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
 592  
 593          'captype' => 'write',
 594          'contextlevel' => CONTEXT_USER
 595      ),
 596  
 597      // can the user manage their own profile page?
 598      'moodle/user:manageownblocks' => array(
 599  
 600          'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
 601  
 602          'captype' => 'write',
 603          'contextlevel' => CONTEXT_SYSTEM,
 604          'archetypes' => array(
 605              'user' => CAP_ALLOW
 606          )
 607      ),
 608  
 609      // can the user manage their own files?
 610      'moodle/user:manageownfiles' => array(
 611  
 612          'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
 613  
 614          'captype' => 'write',
 615          'contextlevel' => CONTEXT_SYSTEM,
 616          'archetypes' => array(
 617              'user' => CAP_ALLOW
 618          )
 619      ),
 620  
 621      // Can the user ignore the setting userquota?
 622      // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
 623      'moodle/user:ignoreuserquota' => array(
 624          'riskbitmap' => RISK_SPAM,
 625          'captype' => 'write',
 626          'contextlevel' => CONTEXT_SYSTEM,
 627          'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
 628      ),
 629  
 630      // can the user manage the system default dashboard page?
 631      'moodle/my:configsyspages' => array(
 632  
 633          'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
 634  
 635          'captype' => 'write',
 636          'contextlevel' => CONTEXT_SYSTEM,
 637          'archetypes' => array(
 638              'manager' => CAP_ALLOW
 639          )
 640      ),
 641  
 642      'moodle/role:assign' => array(
 643  
 644          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 645  
 646          'captype' => 'write',
 647          'contextlevel' => CONTEXT_COURSE,
 648          'archetypes' => array(
 649              'editingteacher' => CAP_ALLOW,
 650              'manager' => CAP_ALLOW
 651          )
 652      ),
 653  
 654      'moodle/role:review' => array(
 655  
 656          'riskbitmask' => RISK_PERSONAL,
 657  
 658          'captype' => 'read',
 659          'contextlevel' => CONTEXT_COURSE,
 660          'archetypes' => array(
 661              'teacher' => CAP_ALLOW,
 662              'editingteacher' => CAP_ALLOW,
 663              'manager' => CAP_ALLOW
 664          )
 665      ),
 666  
 667      // The ability to override the permissions for any capability.
 668      'moodle/role:override' => array(
 669  
 670          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 671  
 672          'captype' => 'write',
 673          'contextlevel' => CONTEXT_COURSE,
 674          'archetypes' => array(
 675              'manager' => CAP_ALLOW
 676          )
 677      ),
 678  
 679      // The ability to override the permissions for 'safe' capabilities (those without risks).
 680      // If a user has moodle/role:override then you should not check this capability.
 681      'moodle/role:safeoverride' => array(
 682  
 683          'riskbitmask' => RISK_SPAM,
 684  
 685          'captype' => 'write',
 686          'contextlevel' => CONTEXT_COURSE,
 687          'archetypes' => array(
 688              'editingteacher' => CAP_ALLOW
 689          )
 690      ),
 691  
 692      'moodle/role:manage' => array(
 693  
 694          'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
 695  
 696          'captype' => 'write',
 697          'contextlevel' => CONTEXT_SYSTEM,
 698          'archetypes' => array(
 699              'manager' => CAP_ALLOW
 700          )
 701      ),
 702  
 703      'moodle/role:switchroles' => array(
 704  
 705          'riskbitmask' => RISK_XSS | RISK_PERSONAL,
 706  
 707          'captype' => 'read',
 708          'contextlevel' => CONTEXT_COURSE,
 709          'archetypes' => array(
 710              'editingteacher' => CAP_ALLOW,
 711              'manager' => CAP_ALLOW
 712          )
 713      ),
 714  
 715      // Create, update and delete course categories. (Deleting a course category
 716      // does not let you delete the courses it contains, unless you also have
 717      // moodle/course: delete.) Creating and deleting requires this permission in
 718      // the parent category.
 719      'moodle/category:manage' => array(
 720  
 721          'riskbitmask' => RISK_XSS,
 722  
 723          'captype' => 'write',
 724          'contextlevel' => CONTEXT_COURSECAT,
 725          'archetypes' => array(
 726              'manager' => CAP_ALLOW
 727          ),
 728          'clonepermissionsfrom' => 'moodle/category:update'
 729      ),
 730  
 731      'moodle/category:viewcourselist' => array(
 732  
 733          'captype' => 'read',
 734          'contextlevel' => CONTEXT_COURSECAT,
 735          'archetypes' => array(
 736              'guest' => CAP_ALLOW,
 737              'user' => CAP_ALLOW,
 738          )
 739      ),
 740  
 741      'moodle/category:viewhiddencategories' => array(
 742  
 743          'captype' => 'read',
 744          'contextlevel' => CONTEXT_COURSECAT,
 745          'archetypes' => array(
 746              'coursecreator' => CAP_ALLOW,
 747              'manager' => CAP_ALLOW
 748          ),
 749          'clonepermissionsfrom' => 'moodle/category:visibility'
 750      ),
 751  
 752      // create, delete, move cohorts in system and course categories,
 753      // (cohorts with component !== null can be only moved)
 754      'moodle/cohort:manage' => array(
 755  
 756          'captype' => 'write',
 757          'contextlevel' => CONTEXT_COURSECAT,
 758          'archetypes' => array(
 759              'manager' => CAP_ALLOW
 760          )
 761      ),
 762  
 763      // add and remove cohort members (only for cohorts where component !== null)
 764      'moodle/cohort:assign' => array(
 765  
 766          'captype' => 'write',
 767          'contextlevel' => CONTEXT_COURSECAT,
 768          'archetypes' => array(
 769              'manager' => CAP_ALLOW
 770          )
 771      ),
 772  
 773      // View visible and hidden cohorts defined in the current context.
 774      'moodle/cohort:view' => array(
 775  
 776          'captype' => 'read',
 777          'contextlevel' => CONTEXT_COURSE,
 778          'archetypes' => array(
 779              'editingteacher' => CAP_ALLOW,
 780              'manager' => CAP_ALLOW
 781          )
 782      ),
 783  
 784      'moodle/course:create' => array(
 785  
 786          'riskbitmask' => RISK_XSS,
 787  
 788          'captype' => 'write',
 789          'contextlevel' => CONTEXT_COURSECAT,
 790          'archetypes' => array(
 791              'coursecreator' => CAP_ALLOW,
 792              'manager' => CAP_ALLOW
 793          )
 794      ),
 795  
 796      'moodle/course:creategroupconversations' => array(
 797          'riskbitmask' => RISK_XSS,
 798          'captype' => 'write',
 799          'contextlevel' => CONTEXT_COURSE,
 800          'archetypes' => array(
 801              'editingteacher' => CAP_ALLOW,
 802              'manager' => CAP_ALLOW
 803          )
 804      ),
 805  
 806      'moodle/course:request' => array(
 807          'captype' => 'write',
 808          'contextlevel' => CONTEXT_COURSECAT,
 809      ),
 810  
 811      'moodle/course:delete' => array(
 812  
 813          'riskbitmask' => RISK_DATALOSS,
 814  
 815          'captype' => 'write',
 816          'contextlevel' => CONTEXT_COURSE,
 817          'archetypes' => array(
 818              'manager' => CAP_ALLOW
 819          )
 820      ),
 821  
 822      'moodle/course:update' => array(
 823  
 824          'riskbitmask' => RISK_XSS,
 825  
 826          'captype' => 'write',
 827          'contextlevel' => CONTEXT_COURSE,
 828          'archetypes' => array(
 829              'editingteacher' => CAP_ALLOW,
 830              'manager' => CAP_ALLOW
 831          )
 832      ),
 833  
 834      'moodle/course:view' => array(
 835  
 836          'captype' => 'read',
 837          'contextlevel' => CONTEXT_COURSE,
 838          'archetypes' => array(
 839              'manager' => CAP_ALLOW,
 840          )
 841      ),
 842  
 843      /* review course enrolments - no group restrictions, it is really full access to all participants info*/
 844      'moodle/course:enrolreview' => array(
 845  
 846          'riskbitmask' => RISK_PERSONAL,
 847  
 848          'captype' => 'read',
 849          'contextlevel' => CONTEXT_COURSE,
 850          'archetypes' => array(
 851              'editingteacher' => CAP_ALLOW,
 852              'manager' => CAP_ALLOW,
 853          )
 854      ),
 855  
 856      /* add, remove, hide enrol instances in courses */
 857      'moodle/course:enrolconfig' => array(
 858  
 859          'riskbitmask' => RISK_PERSONAL,
 860  
 861          'captype' => 'write',
 862          'contextlevel' => CONTEXT_COURSE,
 863          'archetypes' => array(
 864              'editingteacher' => CAP_ALLOW,
 865              'manager' => CAP_ALLOW,
 866          )
 867      ),
 868  
 869      'moodle/course:reviewotherusers' => array(
 870  
 871          'captype' => 'read',
 872          'contextlevel' => CONTEXT_COURSE,
 873          'archetypes' => array(
 874              'editingteacher' => CAP_ALLOW,
 875              'manager' => CAP_ALLOW,
 876          ),
 877          'clonepermissionsfrom' => 'moodle/role:assign'
 878      ),
 879  
 880      'moodle/course:bulkmessaging' => array(
 881  
 882          'riskbitmask' => RISK_SPAM,
 883  
 884          'captype' => 'write',
 885          'contextlevel' => CONTEXT_COURSE,
 886          'archetypes' => array(
 887              'teacher' => CAP_ALLOW,
 888              'editingteacher' => CAP_ALLOW,
 889              'manager' => CAP_ALLOW
 890          )
 891      ),
 892  
 893      'moodle/course:viewhiddenuserfields' => array(
 894  
 895          'riskbitmask' => RISK_PERSONAL,
 896  
 897          'captype' => 'read',
 898          'contextlevel' => CONTEXT_COURSE,
 899          'archetypes' => array(
 900              'teacher' => CAP_ALLOW,
 901              'editingteacher' => CAP_ALLOW,
 902              'manager' => CAP_ALLOW
 903          )
 904      ),
 905  
 906      'moodle/course:viewhiddencourses' => array(
 907  
 908          'captype' => 'read',
 909          'contextlevel' => CONTEXT_COURSE,
 910          'archetypes' => array(
 911              'coursecreator' => CAP_ALLOW,
 912              'teacher' => CAP_ALLOW,
 913              'editingteacher' => CAP_ALLOW,
 914              'manager' => CAP_ALLOW
 915          )
 916      ),
 917  
 918      'moodle/course:visibility' => array(
 919  
 920          'captype' => 'write',
 921          'contextlevel' => CONTEXT_COURSE,
 922          'archetypes' => array(
 923              'editingteacher' => CAP_ALLOW,
 924              'manager' => CAP_ALLOW
 925          )
 926      ),
 927  
 928      'moodle/course:managefiles' => array(
 929  
 930          'riskbitmask' => RISK_XSS,
 931  
 932          'captype' => 'write',
 933          'contextlevel' => CONTEXT_COURSE,
 934          'archetypes' => array(
 935              'editingteacher' => CAP_ALLOW,
 936              'manager' => CAP_ALLOW
 937          )
 938      ),
 939  
 940      'moodle/course:ignoreavailabilityrestrictions' => array(
 941          'captype' => 'read',
 942          'contextlevel' => CONTEXT_MODULE,
 943          'archetypes' => array(
 944              'manager' => CAP_ALLOW,
 945              'coursecreator' => CAP_ALLOW,
 946              'editingteacher' => CAP_ALLOW,
 947              'teacher' => CAP_ALLOW,
 948          ),
 949          'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities'
 950      ),
 951  
 952      'moodle/course:ignorefilesizelimits' => array(
 953  
 954          'captype' => 'write',
 955          'contextlevel' => CONTEXT_COURSE,
 956          'archetypes' => array(
 957          )
 958      ),
 959  
 960      'moodle/course:manageactivities' => array(
 961  
 962          'riskbitmask' => RISK_XSS,
 963  
 964          'captype' => 'write',
 965          'contextlevel' => CONTEXT_MODULE,
 966          'archetypes' => array(
 967              'editingteacher' => CAP_ALLOW,
 968              'manager' => CAP_ALLOW
 969          )
 970      ),
 971  
 972      'moodle/course:activityvisibility' => array(
 973  
 974          'captype' => 'write',
 975          'contextlevel' => CONTEXT_MODULE,
 976          'archetypes' => array(
 977              'editingteacher' => CAP_ALLOW,
 978              'manager' => CAP_ALLOW
 979          )
 980      ),
 981  
 982      'moodle/course:viewhiddenactivities' => array(
 983  
 984          'captype' => 'read',
 985          'contextlevel' => CONTEXT_MODULE,
 986          'archetypes' => array(
 987              'teacher' => CAP_ALLOW,
 988              'editingteacher' => CAP_ALLOW,
 989              'manager' => CAP_ALLOW
 990          )
 991      ),
 992  
 993      'moodle/course:viewparticipants' => array(
 994  
 995          'captype' => 'read',
 996          'contextlevel' => CONTEXT_COURSE,
 997          'archetypes' => array(
 998              'student' => CAP_ALLOW,
 999              'teacher' => CAP_ALLOW,
1000              'editingteacher' => CAP_ALLOW,
1001              'manager' => CAP_ALLOW
1002          )
1003      ),
1004  
1005      'moodle/course:changefullname' => array(
1006  
1007          'riskbitmask' => RISK_XSS,
1008  
1009          'captype' => 'write',
1010          'contextlevel' => CONTEXT_COURSE,
1011          'archetypes' => array(
1012              'editingteacher' => CAP_ALLOW,
1013              'manager' => CAP_ALLOW
1014          ),
1015          'clonepermissionsfrom' => 'moodle/course:update'
1016      ),
1017  
1018      'moodle/course:changeshortname' => array(
1019  
1020          'riskbitmask' => RISK_XSS,
1021  
1022          'captype' => 'write',
1023          'contextlevel' => CONTEXT_COURSE,
1024          'archetypes' => array(
1025              'editingteacher' => CAP_ALLOW,
1026              'manager' => CAP_ALLOW
1027          ),
1028          'clonepermissionsfrom' => 'moodle/course:update'
1029      ),
1030  
1031      'moodle/course:changelockedcustomfields' => array(
1032  
1033          'riskbitmask' => RISK_SPAM,
1034  
1035          'captype' => 'write',
1036          'contextlevel' => CONTEXT_COURSE,
1037          'archetypes' => array(
1038              'manager' => CAP_ALLOW
1039          ),
1040      ),
1041  
1042      'moodle/course:configurecustomfields' => array(
1043  
1044          'riskbitmask' => RISK_SPAM,
1045  
1046          'captype' => 'write',
1047          'contextlevel' => CONTEXT_SYSTEM,
1048          'clonepermissionsfrom' => 'moodle/site:config'
1049      ),
1050  
1051      'moodle/course:renameroles' => array(
1052          'captype' => 'write',
1053          'contextlevel' => CONTEXT_COURSE,
1054          'archetypes' => array(
1055              'editingteacher' => CAP_ALLOW,
1056              'manager' => CAP_ALLOW
1057          ),
1058          'clonepermissionsfrom' => 'moodle/course:update'
1059      ),
1060  
1061      'moodle/course:changeidnumber' => array(
1062  
1063          'riskbitmask' => RISK_XSS,
1064  
1065          'captype' => 'write',
1066          'contextlevel' => CONTEXT_COURSE,
1067          'archetypes' => array(
1068              'editingteacher' => CAP_ALLOW,
1069              'manager' => CAP_ALLOW
1070          ),
1071          'clonepermissionsfrom' => 'moodle/course:update'
1072      ),
1073      'moodle/course:changecategory' => array(
1074          'riskbitmask' => RISK_XSS,
1075  
1076          'captype' => 'write',
1077          'contextlevel' => CONTEXT_COURSE,
1078          'archetypes' => array(
1079              'editingteacher' => CAP_ALLOW,
1080              'manager' => CAP_ALLOW
1081          ),
1082          'clonepermissionsfrom' => 'moodle/course:update'
1083      ),
1084  
1085      'moodle/course:changesummary' => array(
1086          'riskbitmask' => RISK_XSS,
1087  
1088          'captype' => 'write',
1089          'contextlevel' => CONTEXT_COURSE,
1090          'archetypes' => array(
1091              'editingteacher' => CAP_ALLOW,
1092              'manager' => CAP_ALLOW
1093          ),
1094          'clonepermissionsfrom' => 'moodle/course:update'
1095      ),
1096  
1097      'moodle/course:setforcedlanguage' => array(
1098          'captype' => 'write',
1099          'contextlevel' => CONTEXT_COURSE,
1100          'archetypes' => array(
1101              'editingteacher' => CAP_ALLOW,
1102              'manager' => CAP_ALLOW
1103          ),
1104          'clonepermissionsfrom' => 'moodle/course:update'
1105      ),
1106  
1107  
1108      'moodle/site:viewparticipants' => array(
1109  
1110          'captype' => 'read',
1111          'contextlevel' => CONTEXT_SYSTEM,
1112          'archetypes' => array(
1113              'manager' => CAP_ALLOW
1114          )
1115      ),
1116  
1117      'moodle/course:isincompletionreports' => array(
1118          'captype' => 'read',
1119          'contextlevel' => CONTEXT_COURSE,
1120          'archetypes' => array(
1121              'student' => CAP_ALLOW,
1122          ),
1123      ),
1124  
1125      'moodle/course:viewscales' => array(
1126  
1127          'captype' => 'read',
1128          'contextlevel' => CONTEXT_COURSE,
1129          'archetypes' => array(
1130              'student' => CAP_ALLOW,
1131              'teacher' => CAP_ALLOW,
1132              'editingteacher' => CAP_ALLOW,
1133              'manager' => CAP_ALLOW
1134          )
1135      ),
1136  
1137      'moodle/course:managescales' => array(
1138  
1139          'captype' => 'write',
1140          'contextlevel' => CONTEXT_COURSE,
1141          'archetypes' => array(
1142              'editingteacher' => CAP_ALLOW,
1143              'manager' => CAP_ALLOW
1144          )
1145      ),
1146  
1147      'moodle/course:managegroups' => array(
1148          'riskbitmask' => RISK_XSS,
1149  
1150          'captype' => 'write',
1151          'contextlevel' => CONTEXT_COURSE,
1152          'archetypes' => array(
1153              'editingteacher' => CAP_ALLOW,
1154              'manager' => CAP_ALLOW
1155          )
1156      ),
1157  
1158      'moodle/course:reset' => array(
1159  
1160          'riskbitmask' => RISK_DATALOSS,
1161  
1162          'captype' => 'write',
1163          'contextlevel' => CONTEXT_COURSE,
1164          'archetypes' => array(
1165              'editingteacher' => CAP_ALLOW,
1166              'manager' => CAP_ALLOW
1167          )
1168      ),
1169  
1170      'moodle/course:viewsuspendedusers' => array(
1171  
1172          'captype' => 'read',
1173          'contextlevel' => CONTEXT_COURSE,
1174          'archetypes' => array(
1175              'editingteacher' => CAP_ALLOW,
1176              'manager' => CAP_ALLOW
1177          )
1178      ),
1179  
1180      'moodle/course:tag' => array(
1181          'riskbitmask' => RISK_SPAM,
1182          'captype' => 'write',
1183          'contextlevel' => CONTEXT_COURSE,
1184          'archetypes' => array(
1185              'manager' => CAP_ALLOW,
1186              'editingteacher' => CAP_ALLOW,
1187          ),
1188          'clonepermissionsfrom' => 'moodle/course:update'
1189      ),
1190  
1191      'moodle/blog:view' => array(
1192  
1193          'captype' => 'read',
1194          'contextlevel' => CONTEXT_SYSTEM,
1195          'archetypes' => array(
1196              'guest' => CAP_ALLOW,
1197              'user' => CAP_ALLOW,
1198              'student' => CAP_ALLOW,
1199              'teacher' => CAP_ALLOW,
1200              'editingteacher' => CAP_ALLOW,
1201              'manager' => CAP_ALLOW
1202          )
1203      ),
1204  
1205      'moodle/blog:search' => array(
1206          'captype' => 'read',
1207          'contextlevel' => CONTEXT_SYSTEM,
1208          'archetypes' => array(
1209              'guest' => CAP_ALLOW,
1210              'user' => CAP_ALLOW,
1211              'student' => CAP_ALLOW,
1212              'teacher' => CAP_ALLOW,
1213              'editingteacher' => CAP_ALLOW,
1214              'manager' => CAP_ALLOW
1215          )
1216      ),
1217  
1218      'moodle/blog:viewdrafts' => array(
1219  
1220          'riskbitmask' => RISK_PERSONAL,
1221          'captype' => 'read',
1222          'contextlevel' => CONTEXT_SYSTEM,
1223          'archetypes' => array(
1224              'manager' => CAP_ALLOW
1225          )
1226      ),
1227  
1228      'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1229  
1230          'riskbitmask' => RISK_SPAM,
1231  
1232          'captype' => 'write',
1233          'contextlevel' => CONTEXT_SYSTEM,
1234          'archetypes' => array(
1235              'user' => CAP_ALLOW,
1236              'manager' => CAP_ALLOW
1237          )
1238      ),
1239  
1240      'moodle/blog:manageentries' => array(
1241  
1242          'riskbitmask' => RISK_SPAM,
1243  
1244          'captype' => 'write',
1245          'contextlevel' => CONTEXT_SYSTEM,
1246          'archetypes' => array(
1247              'teacher' => CAP_ALLOW,
1248              'editingteacher' => CAP_ALLOW,
1249              'manager' => CAP_ALLOW
1250          )
1251      ),
1252  
1253      'moodle/blog:manageexternal' => array(
1254  
1255          'riskbitmask' => RISK_SPAM,
1256  
1257          'captype' => 'write',
1258          'contextlevel' => CONTEXT_SYSTEM,
1259          'archetypes' => array(
1260              'student' => CAP_ALLOW,
1261              'user' => CAP_ALLOW,
1262              'teacher' => CAP_ALLOW,
1263              'editingteacher' => CAP_ALLOW,
1264              'manager' => CAP_ALLOW
1265          )
1266      ),
1267  
1268      'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1269  
1270          'riskbitmask' => RISK_SPAM,
1271  
1272          'captype' => 'write',
1273          'contextlevel' => CONTEXT_COURSE,
1274          'archetypes' => array(
1275              'user' => CAP_ALLOW,
1276              'manager' => CAP_ALLOW
1277          )
1278      ),
1279  
1280      'moodle/calendar:managegroupentries' => array(
1281  
1282          'riskbitmask' => RISK_SPAM,
1283  
1284          'captype' => 'write',
1285          'contextlevel' => CONTEXT_COURSE,
1286          'archetypes' => array(
1287              'teacher' => CAP_ALLOW,
1288              'editingteacher' => CAP_ALLOW,
1289              'manager' => CAP_ALLOW
1290          )
1291      ),
1292  
1293      'moodle/calendar:manageentries' => array(
1294  
1295          'riskbitmask' => RISK_SPAM,
1296  
1297          'captype' => 'write',
1298          'contextlevel' => CONTEXT_COURSE,
1299          'archetypes' => array(
1300              'teacher' => CAP_ALLOW,
1301              'editingteacher' => CAP_ALLOW,
1302              'manager' => CAP_ALLOW
1303          )
1304      ),
1305  
1306      'moodle/user:editprofile' => array(
1307  
1308          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1309  
1310          'captype' => 'write',
1311          'contextlevel' => CONTEXT_USER,
1312          'archetypes' => array(
1313              'manager' => CAP_ALLOW
1314          )
1315      ),
1316  
1317      'moodle/user:editownprofile' => array(
1318  
1319          'riskbitmask' => RISK_SPAM,
1320  
1321          'captype' => 'write',
1322          'contextlevel' => CONTEXT_SYSTEM,
1323          'archetypes' => array(
1324              'guest' => CAP_PROHIBIT,
1325              'user' => CAP_ALLOW,
1326              'manager' => CAP_ALLOW
1327          )
1328      ),
1329  
1330      'moodle/user:changeownpassword' => array(
1331  
1332          'captype' => 'write',
1333          'contextlevel' => CONTEXT_SYSTEM,
1334          'archetypes' => array(
1335              'guest' => CAP_PROHIBIT,
1336              'user' => CAP_ALLOW,
1337              'manager' => CAP_ALLOW
1338          )
1339      ),
1340  
1341      // The next 3 might make no sense for some roles, e.g teacher, etc.
1342      // since the next level up is site. These are more for the parent role
1343      'moodle/user:readuserposts' => array(
1344  
1345          'captype' => 'read',
1346          'contextlevel' => CONTEXT_USER,
1347          'archetypes' => array(
1348              'student' => CAP_ALLOW,
1349              'teacher' => CAP_ALLOW,
1350              'editingteacher' => CAP_ALLOW,
1351              'manager' => CAP_ALLOW
1352          )
1353      ),
1354  
1355      'moodle/user:readuserblogs' => array(
1356  
1357          'captype' => 'read',
1358          'contextlevel' => CONTEXT_USER,
1359          'archetypes' => array(
1360              'student' => CAP_ALLOW,
1361              'teacher' => CAP_ALLOW,
1362              'editingteacher' => CAP_ALLOW,
1363              'manager' => CAP_ALLOW
1364          )
1365      ),
1366  
1367      // designed for parent role - not used in legacy roles
1368      'moodle/user:viewuseractivitiesreport' => array(
1369          'riskbitmask' => RISK_PERSONAL,
1370  
1371          'captype' => 'read',
1372          'contextlevel' => CONTEXT_USER,
1373          'archetypes' => array(
1374          )
1375      ),
1376  
1377      //capabilities designed for the new message system configuration
1378      'moodle/user:editmessageprofile' => array(
1379  
1380           'riskbitmask' => RISK_SPAM,
1381  
1382           'captype' => 'write',
1383           'contextlevel' => CONTEXT_USER,
1384           'archetypes' => array(
1385               'manager' => CAP_ALLOW
1386           )
1387       ),
1388  
1389       'moodle/user:editownmessageprofile' => array(
1390  
1391           'captype' => 'write',
1392           'contextlevel' => CONTEXT_SYSTEM,
1393           'archetypes' => array(
1394               'guest' => CAP_PROHIBIT,
1395               'user' => CAP_ALLOW,
1396               'manager' => CAP_ALLOW
1397           )
1398       ),
1399  
1400      'moodle/question:managecategory' => array(
1401          'riskbitmask' => RISK_SPAM | RISK_XSS,
1402          'captype' => 'write',
1403          'contextlevel' => CONTEXT_COURSE,
1404          'archetypes' => array(
1405              'editingteacher' => CAP_ALLOW,
1406              'manager' => CAP_ALLOW
1407          )
1408      ),
1409  
1410      //new in moodle 1.9
1411      'moodle/question:add' => array(
1412          'riskbitmask' => RISK_SPAM | RISK_XSS,
1413          'captype' => 'write',
1414          'contextlevel' => CONTEXT_COURSE,
1415          'archetypes' => array(
1416              'editingteacher' => CAP_ALLOW,
1417              'manager' => CAP_ALLOW
1418          ),
1419          'clonepermissionsfrom' =>  'moodle/question:manage'
1420      ),
1421      'moodle/question:editmine' => array(
1422          'riskbitmask' => RISK_SPAM | RISK_XSS,
1423          'captype' => 'write',
1424          'contextlevel' => CONTEXT_COURSE,
1425          'archetypes' => array(
1426              'editingteacher' => CAP_ALLOW,
1427              'manager' => CAP_ALLOW
1428          ),
1429          'clonepermissionsfrom' =>  'moodle/question:manage'
1430      ),
1431      'moodle/question:editall' => array(
1432          'riskbitmask' => RISK_SPAM | RISK_XSS,
1433          'captype' => 'write',
1434          'contextlevel' => CONTEXT_COURSE,
1435          'archetypes' => array(
1436              'editingteacher' => CAP_ALLOW,
1437              'manager' => CAP_ALLOW
1438          ),
1439          'clonepermissionsfrom' =>  'moodle/question:manage'
1440      ),
1441      'moodle/question:viewmine' => array(
1442          'captype' => 'read',
1443          'contextlevel' => CONTEXT_COURSE,
1444          'archetypes' => array(
1445              'editingteacher' => CAP_ALLOW,
1446              'manager' => CAP_ALLOW
1447          ),
1448          'clonepermissionsfrom' =>  'moodle/question:manage'
1449      ),
1450      'moodle/question:viewall' => array(
1451          'captype' => 'read',
1452          'contextlevel' => CONTEXT_COURSE,
1453          'archetypes' => array(
1454              'editingteacher' => CAP_ALLOW,
1455              'manager' => CAP_ALLOW
1456          ),
1457          'clonepermissionsfrom' =>  'moodle/question:manage'
1458      ),
1459      'moodle/question:usemine' => array(
1460          'captype' => 'read',
1461          'contextlevel' => CONTEXT_COURSE,
1462          'archetypes' => array(
1463              'editingteacher' => CAP_ALLOW,
1464              'manager' => CAP_ALLOW
1465          ),
1466          'clonepermissionsfrom' =>  'moodle/question:manage'
1467      ),
1468      'moodle/question:useall' => array(
1469          'captype' => 'read',
1470          'contextlevel' => CONTEXT_COURSE,
1471          'archetypes' => array(
1472              'editingteacher' => CAP_ALLOW,
1473              'manager' => CAP_ALLOW
1474          ),
1475          'clonepermissionsfrom' =>  'moodle/question:manage'
1476      ),
1477      'moodle/question:movemine' => array(
1478          'captype' => 'write',
1479          'contextlevel' => CONTEXT_COURSE,
1480          'archetypes' => array(
1481              'editingteacher' => CAP_ALLOW,
1482              'manager' => CAP_ALLOW
1483          ),
1484          'clonepermissionsfrom' =>  'moodle/question:manage'
1485      ),
1486      'moodle/question:moveall' => array(
1487          'captype' => 'write',
1488          'contextlevel' => CONTEXT_COURSE,
1489          'archetypes' => array(
1490              'editingteacher' => CAP_ALLOW,
1491              'manager' => CAP_ALLOW
1492          ),
1493          'clonepermissionsfrom' =>  'moodle/question:manage'
1494      ),
1495      //END new in moodle 1.9
1496  
1497      // Configure the installed question types.
1498      'moodle/question:config' => array(
1499          'riskbitmask' => RISK_CONFIG,
1500          'captype' => 'write',
1501          'contextlevel' => CONTEXT_SYSTEM,
1502          'archetypes' => array(
1503              'manager' => CAP_ALLOW
1504          )
1505      ),
1506  
1507      // While attempting questions, the ability to flag particular questions for later reference.
1508      'moodle/question:flag' => array(
1509          'captype' => 'write',
1510          'contextlevel' => CONTEXT_COURSE,
1511          'archetypes' => array(
1512              'student' => CAP_ALLOW,
1513              'teacher' => CAP_ALLOW,
1514              'editingteacher' => CAP_ALLOW,
1515              'manager' => CAP_ALLOW
1516          )
1517      ),
1518  
1519      // Controls whether the user can tag his own questions.
1520      'moodle/question:tagmine' => array(
1521          'captype' => 'write',
1522          'contextlevel' => CONTEXT_COURSE,
1523          'archetypes' => array(
1524              'editingteacher' => CAP_ALLOW,
1525              'manager' => CAP_ALLOW
1526          ),
1527          'clonepermissionsfrom' => 'moodle/question:editmine'
1528      ),
1529  
1530      // Controls whether the user can tag all questions.
1531      'moodle/question:tagall' => array(
1532          'captype' => 'write',
1533          'contextlevel' => CONTEXT_COURSE,
1534          'archetypes' => array(
1535              'editingteacher' => CAP_ALLOW,
1536              'manager' => CAP_ALLOW
1537          ),
1538          'clonepermissionsfrom' => 'moodle/question:editall'
1539      ),
1540  
1541      'moodle/site:doclinks' => array(
1542          'captype' => 'read',
1543          'contextlevel' => CONTEXT_SYSTEM,
1544          'archetypes' => array(
1545              'teacher' => CAP_ALLOW,
1546              'editingteacher' => CAP_ALLOW,
1547              'manager' => CAP_ALLOW
1548          )
1549      ),
1550  
1551      'moodle/course:sectionvisibility' => array(
1552  
1553          'captype' => 'write',
1554          'contextlevel' => CONTEXT_COURSE,
1555          'archetypes' => array(
1556              'editingteacher' => CAP_ALLOW,
1557              'manager' => CAP_ALLOW
1558          )
1559      ),
1560  
1561      'moodle/course:useremail' => array(
1562  
1563          'captype' => 'write',
1564          'contextlevel' => CONTEXT_COURSE,
1565          'archetypes' => array(
1566              'editingteacher' => CAP_ALLOW,
1567              'manager' => CAP_ALLOW
1568          )
1569      ),
1570  
1571      'moodle/course:viewhiddensections' => array(
1572  
1573          'captype' => 'read',
1574          'contextlevel' => CONTEXT_COURSE,
1575          'archetypes' => array(
1576              'editingteacher' => CAP_ALLOW,
1577              'manager' => CAP_ALLOW
1578          )
1579      ),
1580  
1581      'moodle/course:setcurrentsection' => array(
1582  
1583          'captype' => 'write',
1584          'contextlevel' => CONTEXT_COURSE,
1585          'archetypes' => array(
1586              'editingteacher' => CAP_ALLOW,
1587              'manager' => CAP_ALLOW
1588          )
1589      ),
1590  
1591      'moodle/course:movesections' => array(
1592  
1593          'captype' => 'write',
1594          'contextlevel' => CONTEXT_COURSE,
1595          'archetypes' => array(
1596              'editingteacher' => CAP_ALLOW,
1597              'manager' => CAP_ALLOW
1598          ),
1599          'clonepermissionsfrom' => 'moodle/course:update'
1600      ),
1601  
1602      'moodle/site:mnetlogintoremote' => array(
1603  
1604          'captype' => 'read',
1605          'contextlevel' => CONTEXT_SYSTEM,
1606          'archetypes' => array(
1607          )
1608      ),
1609  
1610      'moodle/grade:viewall' => array(
1611          'riskbitmask' => RISK_PERSONAL,
1612          'captype' => 'read',
1613          'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1614          'archetypes' => array(
1615              'teacher' => CAP_ALLOW,
1616              'editingteacher' => CAP_ALLOW,
1617              'manager' => CAP_ALLOW
1618          ),
1619          'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1620      ),
1621  
1622      'moodle/grade:view' => array(
1623          'captype' => 'read',
1624          'contextlevel' => CONTEXT_COURSE,
1625          'archetypes' => array(
1626              'student' => CAP_ALLOW
1627          )
1628      ),
1629  
1630      'moodle/grade:viewhidden' => array(
1631          'riskbitmask' => RISK_PERSONAL,
1632          'captype' => 'read',
1633          'contextlevel' => CONTEXT_COURSE,
1634          'archetypes' => array(
1635              'teacher' => CAP_ALLOW,
1636              'editingteacher' => CAP_ALLOW,
1637              'manager' => CAP_ALLOW
1638          ),
1639          'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1640      ),
1641  
1642      'moodle/grade:import' => array(
1643          'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1644          'captype' => 'write',
1645          'contextlevel' => CONTEXT_COURSE,
1646          'archetypes' => array(
1647              'editingteacher' => CAP_ALLOW,
1648              'manager' => CAP_ALLOW
1649          ),
1650          'clonepermissionsfrom' => 'moodle/course:managegrades'
1651      ),
1652  
1653      'moodle/grade:export' => array(
1654          'riskbitmask' => RISK_PERSONAL,
1655          'captype' => 'read',
1656          'contextlevel' => CONTEXT_COURSE,
1657          'archetypes' => array(
1658              'teacher' => CAP_ALLOW,
1659              'editingteacher' => CAP_ALLOW,
1660              'manager' => CAP_ALLOW
1661          ),
1662          'clonepermissionsfrom' => 'moodle/course:managegrades'
1663      ),
1664  
1665      'moodle/grade:manage' => array(
1666          'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1667          'captype' => 'write',
1668          'contextlevel' => CONTEXT_COURSE,
1669          'archetypes' => array(
1670              'editingteacher' => CAP_ALLOW,
1671              'manager' => CAP_ALLOW
1672          ),
1673          'clonepermissionsfrom' => 'moodle/course:managegrades'
1674      ),
1675  
1676      'moodle/grade:edit' => array(
1677          'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1678          'captype' => 'write',
1679          'contextlevel' => CONTEXT_COURSE,
1680          'archetypes' => array(
1681              'editingteacher' => CAP_ALLOW,
1682              'manager' => CAP_ALLOW
1683          ),
1684          'clonepermissionsfrom' => 'moodle/course:managegrades'
1685      ),
1686  
1687      // ability to define advanced grading forms in activities either from scratch
1688      // or from a shared template
1689      'moodle/grade:managegradingforms' => array(
1690          'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1691          'captype' => 'write',
1692          'contextlevel' => CONTEXT_COURSE,
1693          'archetypes' => array(
1694              'editingteacher' => CAP_ALLOW,
1695              'manager' => CAP_ALLOW
1696          ),
1697          'clonepermissionsfrom' => 'moodle/course:managegrades'
1698      ),
1699  
1700      // ability to save a grading form as a new shared template and eventually edit
1701      // and remove own templates (templates originally shared by that user)
1702      'moodle/grade:sharegradingforms' => array(
1703          'riskbitmask' => RISK_XSS,
1704          'captype' => 'write',
1705          'contextlevel' => CONTEXT_SYSTEM,
1706          'archetypes' => array(
1707              'manager' => CAP_ALLOW
1708          ),
1709      ),
1710  
1711      // ability to edit and remove any shared template, even those originally shared
1712      // by other users
1713      'moodle/grade:managesharedforms' => array(
1714          'riskbitmask' => RISK_XSS,
1715          'captype' => 'write',
1716          'contextlevel' => CONTEXT_SYSTEM,
1717          'archetypes' => array(
1718              'manager' => CAP_ALLOW
1719          ),
1720      ),
1721  
1722      'moodle/grade:manageoutcomes' => array(
1723          'captype' => 'write',
1724          'contextlevel' => CONTEXT_COURSE,
1725          'archetypes' => array(
1726              'editingteacher' => CAP_ALLOW,
1727              'manager' => CAP_ALLOW
1728          ),
1729          'clonepermissionsfrom' => 'moodle/course:managegrades'
1730      ),
1731  
1732      'moodle/grade:manageletters' => array(
1733          'captype' => 'write',
1734          'contextlevel' => CONTEXT_COURSE,
1735          'archetypes' => array(
1736              'editingteacher' => CAP_ALLOW,
1737              'manager' => CAP_ALLOW
1738          ),
1739          'clonepermissionsfrom' => 'moodle/course:managegrades'
1740      ),
1741  
1742      'moodle/grade:hide' => array(
1743          'captype' => 'write',
1744          'contextlevel' => CONTEXT_COURSE,
1745          'archetypes' => array(
1746              'editingteacher' => CAP_ALLOW,
1747              'manager' => CAP_ALLOW
1748          )
1749      ),
1750  
1751      'moodle/grade:lock' => array(
1752          'captype' => 'write',
1753          'contextlevel' => CONTEXT_COURSE,
1754          'archetypes' => array(
1755              'editingteacher' => CAP_ALLOW,
1756              'manager' => CAP_ALLOW
1757          )
1758      ),
1759  
1760      'moodle/grade:unlock' => array(
1761          'captype' => 'write',
1762          'contextlevel' => CONTEXT_COURSE,
1763          'archetypes' => array(
1764              'editingteacher' => CAP_ALLOW,
1765              'manager' => CAP_ALLOW
1766          )
1767      ),
1768  
1769      'moodle/my:manageblocks' => array(
1770          'captype' => 'write',
1771          'contextlevel' => CONTEXT_SYSTEM,
1772          'archetypes' => array(
1773              'user' => CAP_ALLOW
1774          )
1775      ),
1776  
1777      'moodle/notes:view' => array(
1778          'captype' => 'read',
1779          'contextlevel' => CONTEXT_COURSE,
1780          'archetypes' => array(
1781              'teacher' => CAP_ALLOW,
1782              'editingteacher' => CAP_ALLOW,
1783              'manager' => CAP_ALLOW
1784          )
1785      ),
1786  
1787      'moodle/notes:manage' => array(
1788          'riskbitmask' => RISK_SPAM,
1789  
1790          'captype' => 'write',
1791          'contextlevel' => CONTEXT_COURSE,
1792          'archetypes' => array(
1793              'teacher' => CAP_ALLOW,
1794              'editingteacher' => CAP_ALLOW,
1795              'manager' => CAP_ALLOW
1796          )
1797      ),
1798  
1799      'moodle/tag:manage' => array(
1800          'riskbitmask' => RISK_SPAM,
1801  
1802          'captype' => 'write',
1803          'contextlevel' => CONTEXT_SYSTEM,
1804          'archetypes' => array(
1805              'manager' => CAP_ALLOW
1806          )
1807      ),
1808  
1809      'moodle/tag:edit' => array(
1810          'riskbitmask' => RISK_SPAM,
1811  
1812          'captype' => 'write',
1813          'contextlevel' => CONTEXT_SYSTEM,
1814          'archetypes' => array(
1815              'manager' => CAP_ALLOW
1816          )
1817      ),
1818  
1819      'moodle/tag:flag' => array(
1820          'riskbitmask' => RISK_SPAM,
1821  
1822          'captype' => 'write',
1823          'contextlevel' => CONTEXT_SYSTEM,
1824          'archetypes' => array(
1825              'user' => CAP_ALLOW
1826          )
1827      ),
1828  
1829      'moodle/tag:editblocks' => array(
1830          'captype' => 'write',
1831          'contextlevel' => CONTEXT_SYSTEM,
1832          'archetypes' => array(
1833              'teacher' => CAP_ALLOW,
1834              'editingteacher' => CAP_ALLOW,
1835              'manager' => CAP_ALLOW
1836          )
1837      ),
1838  
1839      'moodle/block:view' => array(
1840          'captype' => 'read',
1841          'contextlevel' => CONTEXT_BLOCK,
1842          'archetypes' => array(
1843              'guest' => CAP_ALLOW,
1844              'user' => CAP_ALLOW,
1845              'student' => CAP_ALLOW,
1846              'teacher' => CAP_ALLOW,
1847              'editingteacher' => CAP_ALLOW,
1848          )
1849      ),
1850  
1851      'moodle/block:edit' => array(
1852          'riskbitmask' => RISK_SPAM | RISK_XSS,
1853  
1854          'captype' => 'write',
1855          'contextlevel' => CONTEXT_BLOCK,
1856          'archetypes' => array(
1857              'editingteacher' => CAP_ALLOW,
1858              'manager' => CAP_ALLOW
1859          )
1860      ),
1861  
1862      'moodle/portfolio:export' => array(
1863          'captype' => 'read',
1864          'contextlevel' => CONTEXT_SYSTEM,
1865          'archetypes' => array(
1866              'user' => CAP_ALLOW,
1867              'student' => CAP_ALLOW,
1868              'teacher' => CAP_ALLOW,
1869              'editingteacher' => CAP_ALLOW,
1870          )
1871      ),
1872      'moodle/comment:view' => array(
1873          'captype' => 'read',
1874          'contextlevel' => CONTEXT_COURSE,
1875          'archetypes' => array(
1876              'frontpage' => CAP_ALLOW,
1877              'guest' => CAP_ALLOW,
1878              'user' => CAP_ALLOW,
1879              'student' => CAP_ALLOW,
1880              'teacher' => CAP_ALLOW,
1881              'editingteacher' => CAP_ALLOW,
1882              'manager' => CAP_ALLOW
1883          )
1884      ),
1885      'moodle/comment:post' => array(
1886  
1887          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1888          'captype' => 'write',
1889          'contextlevel' => CONTEXT_COURSE,
1890          'archetypes' => array(
1891              'user' => CAP_ALLOW,
1892              'student' => CAP_ALLOW,
1893              'teacher' => CAP_ALLOW,
1894              'editingteacher' => CAP_ALLOW,
1895              'manager' => CAP_ALLOW
1896          )
1897      ),
1898      'moodle/comment:delete' => array(
1899  
1900          'riskbitmask' => RISK_DATALOSS,
1901          'captype' => 'write',
1902          'contextlevel' => CONTEXT_COURSE,
1903          'archetypes' => array(
1904              'editingteacher' => CAP_ALLOW,
1905              'manager' => CAP_ALLOW
1906          )
1907      ),
1908      'moodle/webservice:createtoken' => array(
1909  
1910          'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1911          'captype' => 'write',
1912          'contextlevel' => CONTEXT_SYSTEM,
1913          'archetypes' => array(
1914              'manager' => CAP_ALLOW
1915          )
1916      ),
1917      'moodle/webservice:managealltokens' => array(
1918  
1919          'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL,
1920          'captype' => 'write',
1921          'contextlevel' => CONTEXT_SYSTEM,
1922          'archetypes' => array()
1923      ),
1924      'moodle/webservice:createmobiletoken' => array(
1925  
1926          'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1927          'captype' => 'write',
1928          'contextlevel' => CONTEXT_SYSTEM,
1929          'archetypes' => array(
1930              'user' => CAP_ALLOW
1931          )
1932      ),
1933      'moodle/rating:view' => array(
1934  
1935          'captype' => 'read',
1936          'contextlevel' => CONTEXT_COURSE,
1937          'archetypes' => array(
1938              'user' => CAP_ALLOW,
1939              'student' => CAP_ALLOW,
1940              'teacher' => CAP_ALLOW,
1941              'editingteacher' => CAP_ALLOW,
1942              'manager' => CAP_ALLOW
1943          )
1944      ),
1945      'moodle/rating:viewany' => array(
1946  
1947          'riskbitmask' => RISK_PERSONAL,
1948          'captype' => 'read',
1949          'contextlevel' => CONTEXT_COURSE,
1950          'archetypes' => array(
1951              'user' => CAP_ALLOW,
1952              'student' => CAP_ALLOW,
1953              'teacher' => CAP_ALLOW,
1954              'editingteacher' => CAP_ALLOW,
1955              'manager' => CAP_ALLOW
1956          )
1957      ),
1958      'moodle/rating:viewall' => array(
1959  
1960          'riskbitmask' => RISK_PERSONAL,
1961          'captype' => 'read',
1962          'contextlevel' => CONTEXT_COURSE,
1963          'archetypes' => array(
1964              'user' => CAP_ALLOW,
1965              'student' => CAP_ALLOW,
1966              'teacher' => CAP_ALLOW,
1967              'editingteacher' => CAP_ALLOW,
1968              'manager' => CAP_ALLOW
1969          )
1970      ),
1971      'moodle/rating:rate' => array(
1972  
1973          'captype' => 'write',
1974          'contextlevel' => CONTEXT_COURSE,
1975          'archetypes' => array(
1976              'user' => CAP_ALLOW,
1977              'student' => CAP_ALLOW,
1978              'teacher' => CAP_ALLOW,
1979              'editingteacher' => CAP_ALLOW,
1980              'manager' => CAP_ALLOW
1981          )
1982      ),
1983      'moodle/course:markcomplete' => array(
1984          'captype' => 'write',
1985          'contextlevel' => CONTEXT_COURSE,
1986          'archetypes' => array(
1987              'teacher' => CAP_ALLOW,
1988              'editingteacher' => CAP_ALLOW,
1989              'manager' => CAP_ALLOW
1990          )
1991      ),
1992      'moodle/course:overridecompletion' => array(
1993          'captype' => 'write',
1994          'contextlevel' => CONTEXT_COURSE,
1995          'archetypes' => array(
1996              'teacher' => CAP_ALLOW,
1997              'editingteacher' => CAP_ALLOW,
1998              'manager' => CAP_ALLOW
1999          )
2000      ),
2001  
2002      // Badges.
2003      'moodle/badges:manageglobalsettings' => array(
2004          'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
2005          'captype'      => 'write',
2006          'contextlevel' => CONTEXT_SYSTEM,
2007          'archetypes'   => array(
2008              'manager'       => CAP_ALLOW,
2009          )
2010      ),
2011  
2012      // View available badges without earning them.
2013      'moodle/badges:viewbadges' => array(
2014          'captype'       => 'read',
2015          'contextlevel'  => CONTEXT_COURSE,
2016          'archetypes'    => array(
2017              'user'          => CAP_ALLOW,
2018          )
2019      ),
2020  
2021      // Manage badges on own private badges page.
2022      'moodle/badges:manageownbadges' => array(
2023          'riskbitmap'    => RISK_SPAM,
2024          'captype'       => 'write',
2025          'contextlevel'  => CONTEXT_USER,
2026          'archetypes'    => array(
2027              'user'    => CAP_ALLOW
2028          )
2029      ),
2030  
2031      // View public badges in other users' profiles.
2032      'moodle/badges:viewotherbadges' => array(
2033          'riskbitmap'    => RISK_PERSONAL,
2034          'captype'       => 'read',
2035          'contextlevel'  => CONTEXT_USER,
2036          'archetypes'    => array(
2037              'user'    => CAP_ALLOW
2038          )
2039      ),
2040  
2041      // Earn badge.
2042      'moodle/badges:earnbadge' => array(
2043          'captype'       => 'write',
2044          'contextlevel'  => CONTEXT_COURSE,
2045          'archetypes'    => array(
2046              'user'           => CAP_ALLOW,
2047          )
2048      ),
2049  
2050      // Create/duplicate badges.
2051      'moodle/badges:createbadge' => array(
2052          'riskbitmask'  => RISK_SPAM,
2053          'captype'      => 'write',
2054          'contextlevel' => CONTEXT_COURSE,
2055          'archetypes'   => array(
2056              'manager'        => CAP_ALLOW,
2057              'editingteacher' => CAP_ALLOW,
2058          )
2059      ),
2060  
2061      // Delete badges.
2062      'moodle/badges:deletebadge' => array(
2063          'riskbitmask'  => RISK_DATALOSS,
2064          'captype'      => 'write',
2065          'contextlevel' => CONTEXT_COURSE,
2066          'archetypes'   => array(
2067              'manager'        => CAP_ALLOW,
2068              'editingteacher' => CAP_ALLOW,
2069          )
2070      ),
2071  
2072      // Set up/edit badge details.
2073      'moodle/badges:configuredetails' => array(
2074          'riskbitmask'  => RISK_SPAM,
2075          'captype'      => 'write',
2076          'contextlevel' => CONTEXT_COURSE,
2077          'archetypes'   => array(
2078              'manager'        => CAP_ALLOW,
2079              'editingteacher' => CAP_ALLOW,
2080          )
2081      ),
2082  
2083      // Set up/edit criteria of earning a badge.
2084      'moodle/badges:configurecriteria' => array(
2085          'riskbitmask'  => RISK_XSS,
2086          'captype'      => 'write',
2087          'contextlevel' => CONTEXT_COURSE,
2088          'archetypes'   => array(
2089              'manager'        => CAP_ALLOW,
2090              'editingteacher' => CAP_ALLOW,
2091          )
2092      ),
2093  
2094      // Configure badge messages.
2095      'moodle/badges:configuremessages' => array(
2096          'riskbitmask'  => RISK_SPAM,
2097          'captype'      => 'write',
2098          'contextlevel' => CONTEXT_COURSE,
2099          'archetypes'   => array(
2100              'manager'        => CAP_ALLOW,
2101              'editingteacher' => CAP_ALLOW,
2102          )
2103      ),
2104  
2105      // Award badge to a user.
2106      'moodle/badges:awardbadge' => array(
2107          'riskbitmask'  => RISK_SPAM,
2108          'captype'      => 'write',
2109          'contextlevel' => CONTEXT_COURSE,
2110          'archetypes'   => array(
2111              'manager'        => CAP_ALLOW,
2112              'teacher'        => CAP_ALLOW,
2113              'editingteacher' => CAP_ALLOW,
2114          )
2115      ),
2116  
2117      // Revoke badge from a user.
2118      'moodle/badges:revokebadge' => array(
2119          'riskbitmask'  => RISK_SPAM,
2120          'captype'      => 'write',
2121          'contextlevel' => CONTEXT_COURSE,
2122          'archetypes'   => array(
2123              'manager'        => CAP_ALLOW,
2124              'teacher'        => CAP_ALLOW,
2125              'editingteacher' => CAP_ALLOW,
2126          )
2127      ),
2128  
2129      // View users who earned a specific badge without being able to award a badge.
2130      'moodle/badges:viewawarded' => array(
2131          'riskbitmask'  => RISK_PERSONAL,
2132          'captype'      => 'read',
2133          'contextlevel' => CONTEXT_COURSE,
2134          'archetypes'   => array(
2135                  'manager'        => CAP_ALLOW,
2136                  'teacher'        => CAP_ALLOW,
2137                  'editingteacher' => CAP_ALLOW,
2138          )
2139      ),
2140  
2141      'moodle/site:forcelanguage' => array(
2142          'captype' => 'read',
2143          'contextlevel' => CONTEXT_SYSTEM,
2144          'archetypes' => array(
2145          )
2146      ),
2147  
2148      // Perform site-wide search queries through the search API.
2149      'moodle/search:query' => array(
2150          'captype' => 'read',
2151          'contextlevel' => CONTEXT_SYSTEM,
2152          'archetypes' => array(
2153              'guest' => CAP_ALLOW,
2154              'user' => CAP_ALLOW,
2155              'student' => CAP_ALLOW,
2156              'teacher' => CAP_ALLOW,
2157              'editingteacher' => CAP_ALLOW,
2158              'manager' => CAP_ALLOW
2159          )
2160      ),
2161  
2162      // Competencies.
2163      'moodle/competency:competencymanage' => array(
2164          'captype' => 'write',
2165          'contextlevel' => CONTEXT_COURSECAT,
2166          'archetypes' => array(
2167              'manager' => CAP_ALLOW
2168          )
2169      ),
2170      'moodle/competency:competencyview' => array(
2171          'captype' => 'read',
2172          'contextlevel' => CONTEXT_COURSECAT,
2173          'archetypes' => array(
2174              'user' => CAP_ALLOW
2175          ),
2176      ),
2177      'moodle/competency:competencygrade' => array(
2178          'captype' => 'write',
2179          'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER.
2180          'archetypes' => array(
2181              'editingteacher' => CAP_ALLOW,
2182              'teacher' => CAP_ALLOW,
2183              'manager' => CAP_ALLOW
2184          ),
2185      ),
2186      // Course competencies.
2187      'moodle/competency:coursecompetencymanage' => array(
2188          'captype' => 'write',
2189          'contextlevel' => CONTEXT_COURSE,
2190          'archetypes' => array(
2191              'editingteacher' => CAP_ALLOW,
2192              'manager' => CAP_ALLOW
2193          ),
2194      ),
2195      'moodle/competency:coursecompetencyconfigure' => array(
2196          'captype' => 'write',
2197          'contextlevel' => CONTEXT_MODULE,
2198          'archetypes' => array(
2199              'manager' => CAP_ALLOW
2200          ),
2201      ),
2202      'moodle/competency:coursecompetencygradable' => array(
2203          'captype' => 'read',
2204          'contextlevel' => CONTEXT_COURSE,
2205          'archetypes' => array(
2206              'student' => CAP_ALLOW
2207          ),
2208          'clonepermissionsfrom' => 'moodle/course:isincompletionreports'
2209      ),
2210      'moodle/competency:coursecompetencyview' => array(
2211          'captype' => 'read',
2212          'contextlevel' => CONTEXT_COURSE,
2213          'archetypes' => array(
2214              'user' => CAP_ALLOW
2215          ),
2216      ),
2217      // Evidence.
2218      'moodle/competency:evidencedelete' => array(
2219          'captype' => 'write',
2220          'contextlevel' => CONTEXT_USER,
2221          'archetypes' => array(
2222          ),
2223          'clonepermissionsfrom' => 'moodle/site:config'
2224      ),
2225      // User plans.
2226      'moodle/competency:planmanage' => array(
2227          'captype' => 'write',
2228          'contextlevel' => CONTEXT_USER,
2229          'archetypes' => array(
2230              'manager' => CAP_ALLOW
2231          ),
2232      ),
2233      'moodle/competency:planmanagedraft' => array(
2234          'captype' => 'write',
2235          'contextlevel' => CONTEXT_USER,
2236          'archetypes' => array(
2237              'manager' => CAP_ALLOW
2238          ),
2239      ),
2240      'moodle/competency:planmanageown' => array(
2241          'captype' => 'write',
2242          'contextlevel' => CONTEXT_USER,
2243          'archetypes' => array(
2244          ),
2245      ),
2246      'moodle/competency:planmanageowndraft' => array(
2247          'captype' => 'write',
2248          'contextlevel' => CONTEXT_USER,
2249          'archetypes' => array(
2250          ),
2251      ),
2252      'moodle/competency:planview' => array(
2253          'captype' => 'read',
2254          'contextlevel' => CONTEXT_USER,
2255          'archetypes' => array(
2256              'manager' => CAP_ALLOW
2257          ),
2258      ),
2259      'moodle/competency:planviewdraft' => array(
2260          'captype' => 'read',
2261          'contextlevel' => CONTEXT_USER,
2262          'archetypes' => array(
2263              'manager' => CAP_ALLOW
2264          ),
2265      ),
2266      'moodle/competency:planviewown' => array(
2267          'captype' => 'read',
2268          'contextlevel' => CONTEXT_USER,
2269          'archetypes' => array(
2270              'user' => CAP_ALLOW
2271          ),
2272      ),
2273      'moodle/competency:planviewowndraft' => array(
2274          'captype' => 'read',
2275          'contextlevel' => CONTEXT_USER,
2276          'archetypes' => array(
2277          ),
2278      ),
2279      'moodle/competency:planrequestreview' => array(
2280          'captype' => 'write',
2281          'contextlevel' => CONTEXT_USER,
2282          'archetypes' => array(
2283              'manager' => CAP_ALLOW
2284          )
2285      ),
2286      'moodle/competency:planrequestreviewown' => array(
2287          'captype' => 'write',
2288          'contextlevel' => CONTEXT_USER,
2289          'archetypes' => array(
2290              'user' => CAP_ALLOW
2291          )
2292      ),
2293      'moodle/competency:planreview' => array(
2294          'captype' => 'write',
2295          'contextlevel' => CONTEXT_USER,
2296          'archetypes' => array(
2297              'manager' => CAP_ALLOW
2298          ),
2299      ),
2300      'moodle/competency:plancomment' => array(
2301          'captype' => 'write',
2302          'contextlevel' => CONTEXT_USER,
2303          'archetypes' => array(
2304              'manager' => CAP_ALLOW
2305          ),
2306      ),
2307      'moodle/competency:plancommentown' => array(
2308          'captype' => 'write',
2309          'contextlevel' => CONTEXT_USER,
2310          'archetypes' => array(
2311              'user' => CAP_ALLOW
2312          ),
2313      ),
2314      // User competencies.
2315      'moodle/competency:usercompetencyview' => array(
2316          'captype' => 'read',
2317          'contextlevel' => CONTEXT_USER,     // And CONTEXT_COURSE.
2318          'archetypes' => array(
2319              'manager' => CAP_ALLOW,
2320              'editingteacher' => CAP_ALLOW,
2321              'teacher' => CAP_ALLOW
2322          )
2323      ),
2324      'moodle/competency:usercompetencyrequestreview' => array(
2325          'captype' => 'write',
2326          'contextlevel' => CONTEXT_USER,
2327          'archetypes' => array(
2328              'manager' => CAP_ALLOW
2329          )
2330      ),
2331      'moodle/competency:usercompetencyrequestreviewown' => array(
2332          'captype' => 'write',
2333          'contextlevel' => CONTEXT_USER,
2334          'archetypes' => array(
2335              'user' => CAP_ALLOW
2336          )
2337      ),
2338      'moodle/competency:usercompetencyreview' => array(
2339          'captype' => 'write',
2340          'contextlevel' => CONTEXT_USER,
2341          'archetypes' => array(
2342              'manager' => CAP_ALLOW
2343          ),
2344      ),
2345      'moodle/competency:usercompetencycomment' => array(
2346          'captype' => 'write',
2347          'contextlevel' => CONTEXT_USER,
2348          'archetypes' => array(
2349              'manager' => CAP_ALLOW
2350          ),
2351      ),
2352      'moodle/competency:usercompetencycommentown' => array(
2353          'captype' => 'write',
2354          'contextlevel' => CONTEXT_USER,
2355          'archetypes' => array(
2356              'user' => CAP_ALLOW
2357          ),
2358      ),
2359      // Template.
2360      'moodle/competency:templatemanage' => array(
2361          'captype' => 'write',
2362          'contextlevel' => CONTEXT_COURSECAT,
2363          'archetypes' => array(
2364              'manager' => CAP_ALLOW
2365          ),
2366      ),
2367      'moodle/analytics:listinsights' => array(
2368          'riskbitmask' => RISK_PERSONAL,
2369          'captype' => 'read',
2370          'contextlevel' => CONTEXT_COURSE,
2371          'archetypes' => array(
2372              'teacher' => CAP_ALLOW,
2373              'editingteacher' => CAP_ALLOW,
2374              'manager' => CAP_ALLOW
2375          )
2376      ),
2377      'moodle/analytics:managemodels' => array(
2378          'riskbitmask' => RISK_CONFIG,
2379          'captype' => 'write',
2380          'contextlevel' => CONTEXT_SYSTEM,
2381          'archetypes' => array(
2382              'manager' => CAP_ALLOW
2383          ),
2384      ),
2385      'moodle/competency:templateview' => array(
2386          'captype' => 'read',
2387          'contextlevel' => CONTEXT_COURSECAT,
2388          'archetypes' => array(
2389              'manager' => CAP_ALLOW
2390          ),
2391      ),
2392      // User evidence.
2393      'moodle/competency:userevidencemanage' => array(
2394          'captype' => 'write',
2395          'contextlevel' => CONTEXT_USER,
2396          'archetypes' => array(
2397              'manager' => CAP_ALLOW
2398          ),
2399      ),
2400      'moodle/competency:userevidencemanageown' => array(
2401          'captype' => 'write',
2402          'contextlevel' => CONTEXT_USER,
2403          'archetypes' => array(
2404              'user' => CAP_ALLOW
2405          ),
2406      ),
2407      'moodle/competency:userevidenceview' => array(
2408          'captype' => 'read',
2409          'contextlevel' => CONTEXT_USER,
2410          'archetypes' => array(
2411              'manager' => CAP_ALLOW
2412          ),
2413      ),
2414      'moodle/site:maintenanceaccess' => array(
2415          'captype' => 'write',
2416          'contextlevel' => CONTEXT_SYSTEM,
2417          'archetypes' => array(
2418          )
2419      ),
2420      // Allow message any user, regardlesss of the privacy preferences for messaging.
2421      'moodle/site:messageanyuser' => array(
2422          'riskbitmask' => RISK_SPAM,
2423          'captype' => 'write',
2424          'contextlevel' => CONTEXT_SYSTEM,
2425          'archetypes' => array(
2426              'teacher' => CAP_ALLOW,
2427              'editingteacher' => CAP_ALLOW,
2428              'manager' => CAP_ALLOW
2429          )
2430      ),
2431  
2432      // Context locking/unlocking.
2433      'moodle/site:managecontextlocks' => [
2434          'captype' => 'write',
2435          'contextlevel' => CONTEXT_MODULE,
2436          'archetypes' => [
2437          ],
2438      ],
2439  
2440      // Manual completion toggling.
2441      'moodle/course:togglecompletion' => [
2442          'captype' => 'write',
2443          'contextlevel' => CONTEXT_MODULE,
2444          'archetypes' => [
2445              'user' => CAP_ALLOW,
2446          ],
2447      ],
2448  
2449      'moodle/analytics:listowninsights' => array(
2450          'captype' => 'read',
2451          'contextlevel' => CONTEXT_SYSTEM,
2452          'archetypes' => array(
2453              'user' => CAP_ALLOW
2454          )
2455      ),
2456  
2457      // Set display option buttons to an H5P content.
2458      'moodle/h5p:setdisplayoptions' => array(
2459          'captype' => 'write',
2460          'contextlevel' => CONTEXT_MODULE,
2461          'archetypes' => array(
2462              'editingteacher' => CAP_ALLOW,
2463          )
2464      ),
2465  
2466      // Allow to deploy H5P content.
2467      'moodle/h5p:deploy' => array(
2468          'riskbitmask' => RISK_XSS,
2469          'captype' => 'write',
2470          'contextlevel' => CONTEXT_MODULE,
2471          'archetypes' => array(
2472              'manager'        => CAP_ALLOW,
2473              'editingteacher' => CAP_ALLOW,
2474          )
2475      ),
2476  
2477      // Allow to update H5P content-type libraries.
2478      'moodle/h5p:updatelibraries' => [
2479          'riskbitmask' => RISK_XSS,
2480          'captype' => 'write',
2481          'contextlevel' => CONTEXT_MODULE,
2482          'archetypes' => [
2483              'manager' => CAP_ALLOW,
2484          ]
2485      ],
2486  
2487      // Allow users to recommend activities in the activity chooser.
2488      'moodle/course:recommendactivity' => [
2489          'captype' => 'write',
2490          'contextlevel' => CONTEXT_SYSTEM,
2491          'archetypes' => [
2492              'manager' => CAP_ALLOW,
2493          ]
2494      ],
2495  
2496      // Content bank capabilities.
2497      'moodle/contentbank:access' => array(
2498          'captype' => 'read',
2499          'contextlevel' => CONTEXT_COURSE,
2500          'archetypes' => array(
2501              'manager' => CAP_ALLOW,
2502              'coursecreator' => CAP_ALLOW,
2503              'editingteacher' => CAP_ALLOW,
2504          )
2505      ),
2506  
2507      'moodle/contentbank:upload' => array(
2508          'riskbitmask' => RISK_SPAM,
2509          'captype' => 'write',
2510          'contextlevel' => CONTEXT_COURSE,
2511          'archetypes' => array(
2512              'manager' => CAP_ALLOW,
2513              'coursecreator' => CAP_ALLOW,
2514              'editingteacher' => CAP_ALLOW,
2515          )
2516      ),
2517  
2518      // Delete any content from the content bank.
2519      'moodle/contentbank:deleteanycontent' => [
2520          'riskbitmask' => RISK_DATALOSS,
2521          'captype' => 'write',
2522          'contextlevel' => CONTEXT_COURSE,
2523          'archetypes' => [
2524              'manager' => CAP_ALLOW,
2525              'coursecreator' => CAP_ALLOW,
2526          ]
2527      ],
2528  
2529      // Delete content created by yourself.
2530      'moodle/contentbank:deleteowncontent' => [
2531          'captype' => 'write',
2532          'contextlevel' => CONTEXT_COURSE,
2533          'archetypes' => [
2534              'user' => CAP_ALLOW,
2535          ]
2536      ],
2537  
2538      // Manage (rename, move, publish, share, etc.) any content from the content bank.
2539      'moodle/contentbank:manageanycontent' => [
2540          'riskbitmask' => RISK_DATALOSS,
2541          'captype' => 'write',
2542          'contextlevel' => CONTEXT_COURSE,
2543          'archetypes' => array(
2544              'manager' => CAP_ALLOW,
2545              'coursecreator' => CAP_ALLOW,
2546          )
2547      ],
2548  
2549      // Manage (rename, move, publish, share, etc.) content created by yourself.
2550      'moodle/contentbank:manageowncontent' => [
2551          'captype' => 'write',
2552          'contextlevel' => CONTEXT_COURSE,
2553          'archetypes' => array(
2554              'manager' => CAP_ALLOW,
2555              'coursecreator' => CAP_ALLOW,
2556              'editingteacher' => CAP_ALLOW,
2557          )
2558      ],
2559  
2560      // Allow users to create/edit content within the content bank.
2561      'moodle/contentbank:useeditor' => [
2562          'riskbitmask' => RISK_SPAM,
2563          'captype' => 'write',
2564          'contextlevel' => CONTEXT_COURSE,
2565          'archetypes' => array(
2566              'manager' => CAP_ALLOW,
2567              'coursecreator' => CAP_ALLOW,
2568              'editingteacher' => CAP_ALLOW,
2569          )
2570      ],
2571  
2572      // Allow users to download content.
2573      'moodle/contentbank:downloadcontent' => [
2574          'captype' => 'read',
2575          'contextlevel' => CONTEXT_COURSE,
2576          'archetypes' => [
2577              'manager' => CAP_ALLOW,
2578              'coursecreator' => CAP_ALLOW,
2579              'editingteacher' => CAP_ALLOW,
2580          ]
2581      ],
2582  
2583      // Allow users to download course content.
2584      'moodle/course:downloadcoursecontent' => [
2585          'captype' => 'read',
2586          'contextlevel' => CONTEXT_COURSE,
2587          'archetypes' => array(
2588              'student' => CAP_ALLOW,
2589              'teacher' => CAP_ALLOW,
2590              'editingteacher' => CAP_ALLOW,
2591              'manager' => CAP_ALLOW
2592          )
2593      ],
2594  
2595      // Allow users to configure download course content functionality within a course, if the feature is available.
2596      'moodle/course:configuredownloadcontent' => [
2597          'captype' => 'write',
2598          'contextlevel' => CONTEXT_COURSE,
2599          'archetypes' => array(
2600              'editingteacher' => CAP_ALLOW,
2601              'manager' => CAP_ALLOW
2602          ),
2603      ],
2604  
2605      // Allow to manage payment accounts.
2606      'moodle/payment:manageaccounts' => [
2607          'captype' => 'write',
2608          'riskbitmask' => RISK_PERSONAL | RISK_CONFIG | RISK_DATALOSS,
2609          'contextlevel' => CONTEXT_COURSE,
2610          'archetypes' => [],
2611      ],
2612  
2613      // Allow to view payments.
2614      'moodle/payment:viewpayments' => [
2615          'captype' => 'read',
2616          'riskbitmask' => RISK_PERSONAL,
2617          'contextlevel' => CONTEXT_COURSE,
2618          'archetypes' => [],
2619      ],
2620  
2621      // Allow users to view hidden content.
2622      'moodle/contentbank:viewunlistedcontent' => [
2623          'captype' => 'read',
2624          'contextlevel' => CONTEXT_COURSE,
2625          'archetypes' => [
2626              'manager' => CAP_ALLOW,
2627              'coursecreator' => CAP_ALLOW,
2628          ]
2629      ],
2630  
2631      // Allow users to view custom reports.
2632      'moodle/reportbuilder:view' => [
2633          'captype' => 'read',
2634          'contextlevel' => CONTEXT_SYSTEM,
2635          'archetypes' => [
2636              'user' => CAP_ALLOW,
2637          ],
2638      ],
2639  
2640      // Allow users to create/edit their own custom reports.
2641      'moodle/reportbuilder:edit' => [
2642          'captype' => 'write',
2643          'riskbitmap' => RISK_PERSONAL,
2644          'contextlevel' => CONTEXT_SYSTEM,
2645          'archetypes' => [
2646              'manager' => CAP_ALLOW,
2647          ],
2648      ],
2649  
2650      // Allow users to create/edit all custom reports.
2651      'moodle/reportbuilder:editall' => [
2652          'captype' => 'write',
2653          'riskbitmap' => RISK_PERSONAL,
2654          'contextlevel' => CONTEXT_SYSTEM,
2655          'archetypes' => [],
2656      ],
2657  
2658      // Allow users to schedule reports as other users.
2659      'moodle/reportbuilder:scheduleviewas' => [
2660          'captype' => 'read',
2661          'riskbitmap' => RISK_PERSONAL,
2662          'contextlevel' => CONTEXT_SYSTEM,
2663          'archetypes' => [],
2664      ],
2665  );