Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
- Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
- PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
/lib/db/ -> access.php (source)
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401] [Versions 401 and 402] [Versions 401 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Capability definitions for Moodle core. 19 * 20 * The capabilities are loaded into the database table when the module is 21 * installed or updated. Whenever the capability definitions are updated, 22 * the module version number should be bumped up. 23 * 24 * The system has four possible values for a capability: 25 * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set). 26 * 27 * 28 * CAPABILITY NAMING CONVENTION 29 * 30 * It is important that capability names are unique. The naming convention 31 * for capabilities that are specific to modules and blocks is as follows: 32 * [mod/block]/<plugin_name>:<capabilityname> 33 * 34 * component_name should be the same as the directory name of the mod or block. 35 * 36 * Core moodle capabilities are defined thus: 37 * moodle/<capabilityclass>:<capabilityname> 38 * 39 * Examples: mod/forum:viewpost 40 * block/recent_activity:view 41 * moodle/site:deleteuser 42 * 43 * The variable name for the capability definitions array is $capabilities 44 * 45 * For more information, take a look to the documentation available: 46 * - Access API: {@link https://moodledev.io/docs/apis/subsystems/access} 47 * - Upgrade API: {@link https://moodledev.io/docs/guides/upgrade} 48 * 49 * @package core_access 50 * @category access 51 * @copyright 2006 onwards Martin Dougiamas http://dougiamas.com 52 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 53 */ 54 55 defined('MOODLE_INTERNAL') || die(); 56 57 $capabilities = array( 58 'moodle/site:config' => array( 59 60 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS, 61 62 'captype' => 'write', 63 'contextlevel' => CONTEXT_SYSTEM, 64 'archetypes' => array( 65 ) 66 ), 67 'moodle/site:configview' => array( 68 'captype' => 'read', 69 'contextlevel' => CONTEXT_SYSTEM, 70 'archetypes' => array( 71 'manager' => CAP_ALLOW, 72 'coursecreator' => CAP_ALLOW, 73 ) 74 ), 75 76 'moodle/site:readallmessages' => array( 77 78 'riskbitmask' => RISK_PERSONAL, 79 80 'captype' => 'read', 81 'contextlevel' => CONTEXT_SYSTEM, 82 'archetypes' => array( 83 'manager' => CAP_ALLOW, 84 'editingteacher' => CAP_ALLOW 85 ) 86 ), 87 88 'moodle/site:manageallmessaging' => array( 89 90 'riskbitmask' => RISK_PERSONAL, 91 92 'captype' => 'write', 93 'contextlevel' => CONTEXT_SYSTEM, 94 'archetypes' => array( 95 'manager' => CAP_ALLOW 96 ) 97 ), 98 99 'moodle/site:deleteanymessage' => array( 100 101 'riskbitmask' => RISK_DATALOSS, 102 103 'captype' => 'write', 104 'contextlevel' => CONTEXT_SYSTEM, 105 'archetypes' => array( 106 'manager' => CAP_ALLOW 107 ) 108 ), 109 110 'moodle/site:sendmessage' => array( 111 112 'riskbitmask' => RISK_SPAM, 113 114 'captype' => 'write', 115 'contextlevel' => CONTEXT_SYSTEM, 116 'archetypes' => array( 117 'manager' => CAP_ALLOW, 118 'user' => CAP_ALLOW 119 ) 120 ), 121 122 'moodle/site:senderrormessage' => [ 123 'riskbitmask' => RISK_SPAM, 124 'captype' => 'write', 125 'contextlevel' => CONTEXT_SYSTEM, 126 'archetypes' => array( 127 'user' => CAP_ALLOW 128 ) 129 ], 130 131 'moodle/site:deleteownmessage' => array( 132 133 'captype' => 'write', 134 'contextlevel' => CONTEXT_SYSTEM, 135 'archetypes' => array( 136 'user' => CAP_ALLOW 137 ) 138 ), 139 140 'moodle/site:approvecourse' => array( 141 142 'riskbitmask' => RISK_XSS, 143 144 'captype' => 'write', 145 'contextlevel' => CONTEXT_COURSECAT, 146 'archetypes' => array( 147 'manager' => CAP_ALLOW 148 ) 149 ), 150 151 'moodle/backup:backupcourse' => array( 152 153 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 154 155 'captype' => 'write', 156 'contextlevel' => CONTEXT_COURSE, 157 'archetypes' => array( 158 'editingteacher' => CAP_ALLOW, 159 'manager' => CAP_ALLOW 160 ), 161 162 'clonepermissionsfrom' => 'moodle/site:backup' 163 ), 164 165 'moodle/backup:backupsection' => array( 166 167 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 168 169 'captype' => 'write', 170 'contextlevel' => CONTEXT_COURSE, 171 'archetypes' => array( 172 'editingteacher' => CAP_ALLOW, 173 'manager' => CAP_ALLOW 174 ), 175 176 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 177 ), 178 179 'moodle/backup:backupactivity' => array( 180 181 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 182 183 'captype' => 'write', 184 'contextlevel' => CONTEXT_MODULE, 185 'archetypes' => array( 186 'editingteacher' => CAP_ALLOW, 187 'manager' => CAP_ALLOW 188 ), 189 190 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 191 ), 192 193 'moodle/backup:backuptargetimport' => array( 194 195 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 196 197 'captype' => 'read', 198 'contextlevel' => CONTEXT_COURSE, 199 'archetypes' => array( 200 'editingteacher' => CAP_ALLOW, 201 'manager' => CAP_ALLOW 202 ), 203 204 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 205 ), 206 207 'moodle/backup:downloadfile' => array( 208 209 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 210 211 'captype' => 'write', 212 'contextlevel' => CONTEXT_COURSE, 213 'archetypes' => array( 214 'editingteacher' => CAP_ALLOW, 215 'manager' => CAP_ALLOW 216 ), 217 218 'clonepermissionsfrom' => 'moodle/site:backupdownload' 219 ), 220 221 'moodle/backup:configure' => array( 222 223 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 224 225 'captype' => 'write', 226 'contextlevel' => CONTEXT_COURSE, 227 'archetypes' => array( 228 'editingteacher' => CAP_ALLOW, 229 'manager' => CAP_ALLOW 230 ) 231 ), 232 233 'moodle/backup:userinfo' => array( 234 235 'riskbitmask' => RISK_PERSONAL, 236 237 'captype' => 'read', 238 'contextlevel' => CONTEXT_COURSE, 239 'archetypes' => array( 240 'manager' => CAP_ALLOW 241 ) 242 ), 243 244 'moodle/backup:anonymise' => array( 245 246 'riskbitmask' => RISK_PERSONAL, 247 248 'captype' => 'read', 249 'contextlevel' => CONTEXT_COURSE, 250 'archetypes' => array( 251 'manager' => CAP_ALLOW 252 ) 253 ), 254 255 'moodle/restore:restorecourse' => array( 256 257 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 258 259 'captype' => 'write', 260 'contextlevel' => CONTEXT_COURSE, 261 'archetypes' => array( 262 'editingteacher' => CAP_ALLOW, 263 'manager' => CAP_ALLOW 264 ), 265 266 'clonepermissionsfrom' => 'moodle/site:restore' 267 ), 268 269 'moodle/restore:restoresection' => array( 270 271 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 272 273 'captype' => 'write', 274 'contextlevel' => CONTEXT_COURSE, 275 'archetypes' => array( 276 'editingteacher' => CAP_ALLOW, 277 'manager' => CAP_ALLOW 278 ), 279 280 'clonepermissionsfrom' => 'moodle/restore:restorecourse' 281 ), 282 283 'moodle/restore:restoreactivity' => array( 284 285 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 286 287 'captype' => 'write', 288 'contextlevel' => CONTEXT_COURSE, 289 'archetypes' => array( 290 'editingteacher' => CAP_ALLOW, 291 'manager' => CAP_ALLOW 292 ), 293 294 'clonepermissionsfrom' => 'moodle/restore:restorecourse' 295 ), 296 297 'moodle/restore:viewautomatedfilearea' => array( 298 299 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 300 301 'captype' => 'write', 302 'contextlevel' => CONTEXT_COURSE, 303 'archetypes' => array( 304 'editingteacher' => CAP_ALLOW, 305 'manager' => CAP_ALLOW 306 ), 307 ), 308 309 'moodle/restore:restoretargetimport' => array( 310 311 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 312 313 'captype' => 'write', 314 'contextlevel' => CONTEXT_COURSE, 315 'archetypes' => array( 316 'editingteacher' => CAP_ALLOW, 317 'manager' => CAP_ALLOW 318 ), 319 320 'clonepermissionsfrom' => 'moodle/site:import' 321 ), 322 323 'moodle/restore:uploadfile' => array( 324 325 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 326 327 'captype' => 'write', 328 'contextlevel' => CONTEXT_COURSE, 329 'archetypes' => array( 330 'editingteacher' => CAP_ALLOW, 331 'manager' => CAP_ALLOW 332 ), 333 334 'clonepermissionsfrom' => 'moodle/site:backupupload' 335 ), 336 337 'moodle/restore:configure' => array( 338 339 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 340 341 'captype' => 'write', 342 'contextlevel' => CONTEXT_COURSE, 343 'archetypes' => array( 344 'editingteacher' => CAP_ALLOW, 345 'manager' => CAP_ALLOW 346 ) 347 ), 348 349 'moodle/restore:rolldates' => array( 350 351 'captype' => 'write', 352 'contextlevel' => CONTEXT_COURSE, 353 'archetypes' => array( 354 'coursecreator' => CAP_ALLOW, 355 'manager' => CAP_ALLOW 356 ) 357 ), 358 359 'moodle/restore:userinfo' => array( 360 361 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG, 362 363 'captype' => 'write', 364 'contextlevel' => CONTEXT_COURSE, 365 'archetypes' => array( 366 'manager' => CAP_ALLOW 367 ) 368 ), 369 370 'moodle/restore:createuser' => array( 371 372 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 373 374 'captype' => 'write', 375 'contextlevel' => CONTEXT_SYSTEM, 376 'archetypes' => array( 377 'manager' => CAP_ALLOW 378 ) 379 ), 380 381 'moodle/site:manageblocks' => array( 382 383 'riskbitmask' => RISK_SPAM | RISK_XSS, 384 385 'captype' => 'write', 386 'contextlevel' => CONTEXT_BLOCK, 387 'archetypes' => array( 388 'editingteacher' => CAP_ALLOW, 389 'manager' => CAP_ALLOW 390 ) 391 ), 392 393 'moodle/site:accessallgroups' => array( 394 395 'captype' => 'read', 396 'contextlevel' => CONTEXT_MODULE, 397 'archetypes' => array( 398 'editingteacher' => CAP_ALLOW, 399 'manager' => CAP_ALLOW 400 ) 401 ), 402 403 'moodle/site:viewanonymousevents' => array( 404 405 'riskbitmask' => RISK_PERSONAL, 406 407 'captype' => 'read', 408 'contextlevel' => CONTEXT_MODULE, 409 'archetypes' => array( 410 'manager' => CAP_ALLOW, 411 ) 412 ), 413 414 'moodle/site:viewfullnames' => array( 415 416 'captype' => 'read', 417 'contextlevel' => CONTEXT_MODULE, 418 'archetypes' => array( 419 'teacher' => CAP_ALLOW, 420 'editingteacher' => CAP_ALLOW, 421 'manager' => CAP_ALLOW 422 ) 423 ), 424 425 // In reports that give lists of users, extra information about each user's 426 // identity (the fields configured in site option showuseridentity) will be 427 // displayed to users who have this capability. 428 'moodle/site:viewuseridentity' => array( 429 430 'captype' => 'read', 431 'contextlevel' => CONTEXT_MODULE, 432 'archetypes' => array( 433 'teacher' => CAP_ALLOW, 434 'editingteacher' => CAP_ALLOW, 435 'manager' => CAP_ALLOW 436 ) 437 ), 438 439 'moodle/site:viewreports' => array( 440 441 'riskbitmask' => RISK_PERSONAL, 442 443 'captype' => 'read', 444 'contextlevel' => CONTEXT_COURSE, 445 'archetypes' => array( 446 'teacher' => CAP_ALLOW, 447 'editingteacher' => CAP_ALLOW, 448 'manager' => CAP_ALLOW 449 ) 450 ), 451 452 'moodle/site:trustcontent' => array( 453 454 'riskbitmask' => RISK_XSS, 455 456 'captype' => 'write', 457 'contextlevel' => CONTEXT_MODULE, 458 'archetypes' => array( 459 'editingteacher' => CAP_ALLOW, 460 'manager' => CAP_ALLOW 461 ) 462 ), 463 464 'moodle/site:uploadusers' => array( 465 466 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 467 468 'captype' => 'write', 469 'contextlevel' => CONTEXT_SYSTEM, 470 'archetypes' => array( 471 'manager' => CAP_ALLOW 472 ) 473 ), 474 475 // Permission to manage filter setting overrides in subcontexts. 476 'moodle/filter:manage' => array( 477 478 'captype' => 'write', 479 'contextlevel' => CONTEXT_COURSE, 480 'archetypes' => array( 481 'editingteacher' => CAP_ALLOW, 482 'manager' => CAP_ALLOW, 483 ) 484 ), 485 486 'moodle/user:create' => array( 487 488 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 489 490 'captype' => 'write', 491 'contextlevel' => CONTEXT_SYSTEM, 492 'archetypes' => array( 493 'manager' => CAP_ALLOW 494 ) 495 ), 496 497 'moodle/user:delete' => array( 498 499 'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS, 500 501 'captype' => 'write', 502 'contextlevel' => CONTEXT_SYSTEM, 503 'archetypes' => array( 504 'manager' => CAP_ALLOW 505 ) 506 ), 507 508 'moodle/user:update' => array( 509 510 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 511 512 'captype' => 'write', 513 'contextlevel' => CONTEXT_SYSTEM, 514 'archetypes' => array( 515 'manager' => CAP_ALLOW 516 ) 517 ), 518 519 'moodle/user:viewdetails' => array( 520 521 'captype' => 'read', 522 'contextlevel' => CONTEXT_COURSE, 523 'archetypes' => array( 524 'guest' => CAP_ALLOW, 525 'student' => CAP_ALLOW, 526 'teacher' => CAP_ALLOW, 527 'editingteacher' => CAP_ALLOW, 528 'manager' => CAP_ALLOW 529 ) 530 ), 531 532 'moodle/user:viewalldetails' => array( 533 'riskbitmask' => RISK_PERSONAL, 534 'captype' => 'read', 535 'contextlevel' => CONTEXT_USER, 536 'archetypes' => array( 537 'manager' => CAP_ALLOW 538 ), 539 'clonepermissionsfrom' => 'moodle/user:update' 540 ), 541 542 'moodle/user:viewlastip' => array( 543 'riskbitmask' => RISK_PERSONAL, 544 'captype' => 'read', 545 'contextlevel' => CONTEXT_USER, 546 'archetypes' => array( 547 'manager' => CAP_ALLOW 548 ), 549 'clonepermissionsfrom' => 'moodle/user:update' 550 ), 551 552 'moodle/user:viewhiddendetails' => array( 553 554 'riskbitmask' => RISK_PERSONAL, 555 556 'captype' => 'read', 557 'contextlevel' => CONTEXT_COURSE, 558 'archetypes' => array( 559 'teacher' => CAP_ALLOW, 560 'editingteacher' => CAP_ALLOW, 561 'manager' => CAP_ALLOW 562 ) 563 ), 564 565 'moodle/user:loginas' => array( 566 567 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG, 568 569 'captype' => 'write', 570 'contextlevel' => CONTEXT_COURSE, 571 'archetypes' => array( 572 'manager' => CAP_ALLOW 573 ) 574 ), 575 576 // can the user manage the system default profile page? 577 'moodle/user:managesyspages' => array( 578 579 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG, 580 581 'captype' => 'write', 582 'contextlevel' => CONTEXT_SYSTEM, 583 'archetypes' => array( 584 'manager' => CAP_ALLOW 585 ) 586 ), 587 588 // can the user manage another user's profile page? 589 'moodle/user:manageblocks' => array( 590 591 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 592 593 'captype' => 'write', 594 'contextlevel' => CONTEXT_USER 595 ), 596 597 // can the user manage their own profile page? 598 'moodle/user:manageownblocks' => array( 599 600 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 601 602 'captype' => 'write', 603 'contextlevel' => CONTEXT_SYSTEM, 604 'archetypes' => array( 605 'user' => CAP_ALLOW 606 ) 607 ), 608 609 // can the user manage their own files? 610 'moodle/user:manageownfiles' => array( 611 612 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 613 614 'captype' => 'write', 615 'contextlevel' => CONTEXT_SYSTEM, 616 'archetypes' => array( 617 'user' => CAP_ALLOW 618 ) 619 ), 620 621 // Can the user ignore the setting userquota? 622 // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose. 623 'moodle/user:ignoreuserquota' => array( 624 'riskbitmap' => RISK_SPAM, 625 'captype' => 'write', 626 'contextlevel' => CONTEXT_SYSTEM, 627 'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits' 628 ), 629 630 // can the user manage the system default dashboard page? 631 'moodle/my:configsyspages' => array( 632 633 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG, 634 635 'captype' => 'write', 636 'contextlevel' => CONTEXT_SYSTEM, 637 'archetypes' => array( 638 'manager' => CAP_ALLOW 639 ) 640 ), 641 642 'moodle/role:assign' => array( 643 644 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 645 646 'captype' => 'write', 647 'contextlevel' => CONTEXT_COURSE, 648 'archetypes' => array( 649 'editingteacher' => CAP_ALLOW, 650 'manager' => CAP_ALLOW 651 ) 652 ), 653 654 'moodle/role:review' => array( 655 656 'riskbitmask' => RISK_PERSONAL, 657 658 'captype' => 'read', 659 'contextlevel' => CONTEXT_COURSE, 660 'archetypes' => array( 661 'teacher' => CAP_ALLOW, 662 'editingteacher' => CAP_ALLOW, 663 'manager' => CAP_ALLOW 664 ) 665 ), 666 667 // The ability to override the permissions for any capability. 668 'moodle/role:override' => array( 669 670 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 671 672 'captype' => 'write', 673 'contextlevel' => CONTEXT_COURSE, 674 'archetypes' => array( 675 'manager' => CAP_ALLOW 676 ) 677 ), 678 679 // The ability to override the permissions for 'safe' capabilities (those without risks). 680 // If a user has moodle/role:override then you should not check this capability. 681 'moodle/role:safeoverride' => array( 682 683 'riskbitmask' => RISK_SPAM, 684 685 'captype' => 'write', 686 'contextlevel' => CONTEXT_COURSE, 687 'archetypes' => array( 688 'editingteacher' => CAP_ALLOW 689 ) 690 ), 691 692 'moodle/role:manage' => array( 693 694 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 695 696 'captype' => 'write', 697 'contextlevel' => CONTEXT_SYSTEM, 698 'archetypes' => array( 699 'manager' => CAP_ALLOW 700 ) 701 ), 702 703 'moodle/role:switchroles' => array( 704 705 'riskbitmask' => RISK_XSS | RISK_PERSONAL, 706 707 'captype' => 'read', 708 'contextlevel' => CONTEXT_COURSE, 709 'archetypes' => array( 710 'editingteacher' => CAP_ALLOW, 711 'manager' => CAP_ALLOW 712 ) 713 ), 714 715 // Create, update and delete course categories. (Deleting a course category 716 // does not let you delete the courses it contains, unless you also have 717 // moodle/course: delete.) Creating and deleting requires this permission in 718 // the parent category. 719 'moodle/category:manage' => array( 720 721 'riskbitmask' => RISK_XSS, 722 723 'captype' => 'write', 724 'contextlevel' => CONTEXT_COURSECAT, 725 'archetypes' => array( 726 'manager' => CAP_ALLOW 727 ), 728 'clonepermissionsfrom' => 'moodle/category:update' 729 ), 730 731 'moodle/category:viewcourselist' => array( 732 733 'captype' => 'read', 734 'contextlevel' => CONTEXT_COURSECAT, 735 'archetypes' => array( 736 'guest' => CAP_ALLOW, 737 'user' => CAP_ALLOW, 738 ) 739 ), 740 741 'moodle/category:viewhiddencategories' => array( 742 743 'captype' => 'read', 744 'contextlevel' => CONTEXT_COURSECAT, 745 'archetypes' => array( 746 'coursecreator' => CAP_ALLOW, 747 'manager' => CAP_ALLOW 748 ), 749 'clonepermissionsfrom' => 'moodle/category:visibility' 750 ), 751 752 // create, delete, move cohorts in system and course categories, 753 // (cohorts with component !== null can be only moved) 754 'moodle/cohort:manage' => array( 755 756 'captype' => 'write', 757 'contextlevel' => CONTEXT_COURSECAT, 758 'archetypes' => array( 759 'manager' => CAP_ALLOW 760 ) 761 ), 762 763 // add and remove cohort members (only for cohorts where component !== null) 764 'moodle/cohort:assign' => array( 765 766 'captype' => 'write', 767 'contextlevel' => CONTEXT_COURSECAT, 768 'archetypes' => array( 769 'manager' => CAP_ALLOW 770 ) 771 ), 772 773 // View visible and hidden cohorts defined in the current context. 774 'moodle/cohort:view' => array( 775 776 'captype' => 'read', 777 'contextlevel' => CONTEXT_COURSE, 778 'archetypes' => array( 779 'editingteacher' => CAP_ALLOW, 780 'manager' => CAP_ALLOW 781 ) 782 ), 783 784 'moodle/course:create' => array( 785 786 'riskbitmask' => RISK_XSS, 787 788 'captype' => 'write', 789 'contextlevel' => CONTEXT_COURSECAT, 790 'archetypes' => array( 791 'coursecreator' => CAP_ALLOW, 792 'manager' => CAP_ALLOW 793 ) 794 ), 795 796 'moodle/course:creategroupconversations' => array( 797 'riskbitmask' => RISK_XSS, 798 'captype' => 'write', 799 'contextlevel' => CONTEXT_COURSE, 800 'archetypes' => array( 801 'editingteacher' => CAP_ALLOW, 802 'manager' => CAP_ALLOW 803 ) 804 ), 805 806 'moodle/course:request' => array( 807 'captype' => 'write', 808 'contextlevel' => CONTEXT_COURSECAT, 809 ), 810 811 'moodle/course:delete' => array( 812 813 'riskbitmask' => RISK_DATALOSS, 814 815 'captype' => 'write', 816 'contextlevel' => CONTEXT_COURSE, 817 'archetypes' => array( 818 'manager' => CAP_ALLOW 819 ) 820 ), 821 822 'moodle/course:update' => array( 823 824 'riskbitmask' => RISK_XSS, 825 826 'captype' => 'write', 827 'contextlevel' => CONTEXT_COURSE, 828 'archetypes' => array( 829 'editingteacher' => CAP_ALLOW, 830 'manager' => CAP_ALLOW 831 ) 832 ), 833 834 'moodle/course:view' => array( 835 836 'captype' => 'read', 837 'contextlevel' => CONTEXT_COURSE, 838 'archetypes' => array( 839 'manager' => CAP_ALLOW, 840 ) 841 ), 842 843 /* review course enrolments - no group restrictions, it is really full access to all participants info*/ 844 'moodle/course:enrolreview' => array( 845 846 'riskbitmask' => RISK_PERSONAL, 847 848 'captype' => 'read', 849 'contextlevel' => CONTEXT_COURSE, 850 'archetypes' => array( 851 'editingteacher' => CAP_ALLOW, 852 'manager' => CAP_ALLOW, 853 ) 854 ), 855 856 /* add, remove, hide enrol instances in courses */ 857 'moodle/course:enrolconfig' => array( 858 859 'riskbitmask' => RISK_PERSONAL, 860 861 'captype' => 'write', 862 'contextlevel' => CONTEXT_COURSE, 863 'archetypes' => array( 864 'editingteacher' => CAP_ALLOW, 865 'manager' => CAP_ALLOW, 866 ) 867 ), 868 869 'moodle/course:reviewotherusers' => array( 870 871 'captype' => 'read', 872 'contextlevel' => CONTEXT_COURSE, 873 'archetypes' => array( 874 'editingteacher' => CAP_ALLOW, 875 'manager' => CAP_ALLOW, 876 ), 877 'clonepermissionsfrom' => 'moodle/role:assign' 878 ), 879 880 'moodle/course:bulkmessaging' => array( 881 882 'riskbitmask' => RISK_SPAM, 883 884 'captype' => 'write', 885 'contextlevel' => CONTEXT_COURSE, 886 'archetypes' => array( 887 'teacher' => CAP_ALLOW, 888 'editingteacher' => CAP_ALLOW, 889 'manager' => CAP_ALLOW 890 ) 891 ), 892 893 'moodle/course:viewhiddenuserfields' => array( 894 895 'riskbitmask' => RISK_PERSONAL, 896 897 'captype' => 'read', 898 'contextlevel' => CONTEXT_COURSE, 899 'archetypes' => array( 900 'teacher' => CAP_ALLOW, 901 'editingteacher' => CAP_ALLOW, 902 'manager' => CAP_ALLOW 903 ) 904 ), 905 906 'moodle/course:viewhiddencourses' => array( 907 908 'captype' => 'read', 909 'contextlevel' => CONTEXT_COURSE, 910 'archetypes' => array( 911 'coursecreator' => CAP_ALLOW, 912 'teacher' => CAP_ALLOW, 913 'editingteacher' => CAP_ALLOW, 914 'manager' => CAP_ALLOW 915 ) 916 ), 917 918 'moodle/course:visibility' => array( 919 920 'captype' => 'write', 921 'contextlevel' => CONTEXT_COURSE, 922 'archetypes' => array( 923 'editingteacher' => CAP_ALLOW, 924 'manager' => CAP_ALLOW 925 ) 926 ), 927 928 'moodle/course:managefiles' => array( 929 930 'riskbitmask' => RISK_XSS, 931 932 'captype' => 'write', 933 'contextlevel' => CONTEXT_COURSE, 934 'archetypes' => array( 935 'editingteacher' => CAP_ALLOW, 936 'manager' => CAP_ALLOW 937 ) 938 ), 939 940 'moodle/course:ignoreavailabilityrestrictions' => array( 941 'captype' => 'read', 942 'contextlevel' => CONTEXT_MODULE, 943 'archetypes' => array( 944 'manager' => CAP_ALLOW, 945 'coursecreator' => CAP_ALLOW, 946 'editingteacher' => CAP_ALLOW, 947 'teacher' => CAP_ALLOW, 948 ), 949 'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities' 950 ), 951 952 'moodle/course:ignorefilesizelimits' => array( 953 954 'captype' => 'write', 955 'contextlevel' => CONTEXT_COURSE, 956 'archetypes' => array( 957 ) 958 ), 959 960 'moodle/course:manageactivities' => array( 961 962 'riskbitmask' => RISK_XSS, 963 964 'captype' => 'write', 965 'contextlevel' => CONTEXT_MODULE, 966 'archetypes' => array( 967 'editingteacher' => CAP_ALLOW, 968 'manager' => CAP_ALLOW 969 ) 970 ), 971 972 'moodle/course:activityvisibility' => array( 973 974 'captype' => 'write', 975 'contextlevel' => CONTEXT_MODULE, 976 'archetypes' => array( 977 'editingteacher' => CAP_ALLOW, 978 'manager' => CAP_ALLOW 979 ) 980 ), 981 982 'moodle/course:viewhiddenactivities' => array( 983 984 'captype' => 'read', 985 'contextlevel' => CONTEXT_MODULE, 986 'archetypes' => array( 987 'teacher' => CAP_ALLOW, 988 'editingteacher' => CAP_ALLOW, 989 'manager' => CAP_ALLOW 990 ) 991 ), 992 993 'moodle/course:viewparticipants' => array( 994 995 'captype' => 'read', 996 'contextlevel' => CONTEXT_COURSE, 997 'archetypes' => array( 998 'student' => CAP_ALLOW, 999 'teacher' => CAP_ALLOW, 1000 'editingteacher' => CAP_ALLOW, 1001 'manager' => CAP_ALLOW 1002 ) 1003 ), 1004 1005 'moodle/course:changefullname' => array( 1006 1007 'riskbitmask' => RISK_XSS, 1008 1009 'captype' => 'write', 1010 'contextlevel' => CONTEXT_COURSE, 1011 'archetypes' => array( 1012 'editingteacher' => CAP_ALLOW, 1013 'manager' => CAP_ALLOW 1014 ), 1015 'clonepermissionsfrom' => 'moodle/course:update' 1016 ), 1017 1018 'moodle/course:changeshortname' => array( 1019 1020 'riskbitmask' => RISK_XSS, 1021 1022 'captype' => 'write', 1023 'contextlevel' => CONTEXT_COURSE, 1024 'archetypes' => array( 1025 'editingteacher' => CAP_ALLOW, 1026 'manager' => CAP_ALLOW 1027 ), 1028 'clonepermissionsfrom' => 'moodle/course:update' 1029 ), 1030 1031 'moodle/course:changelockedcustomfields' => array( 1032 1033 'riskbitmask' => RISK_SPAM, 1034 1035 'captype' => 'write', 1036 'contextlevel' => CONTEXT_COURSE, 1037 'archetypes' => array( 1038 'manager' => CAP_ALLOW 1039 ), 1040 ), 1041 1042 'moodle/course:configurecustomfields' => array( 1043 1044 'riskbitmask' => RISK_SPAM, 1045 1046 'captype' => 'write', 1047 'contextlevel' => CONTEXT_SYSTEM, 1048 'clonepermissionsfrom' => 'moodle/site:config' 1049 ), 1050 1051 'moodle/course:renameroles' => array( 1052 'captype' => 'write', 1053 'contextlevel' => CONTEXT_COURSE, 1054 'archetypes' => array( 1055 'editingteacher' => CAP_ALLOW, 1056 'manager' => CAP_ALLOW 1057 ), 1058 'clonepermissionsfrom' => 'moodle/course:update' 1059 ), 1060 1061 'moodle/course:changeidnumber' => array( 1062 1063 'riskbitmask' => RISK_XSS, 1064 1065 'captype' => 'write', 1066 'contextlevel' => CONTEXT_COURSE, 1067 'archetypes' => array( 1068 'editingteacher' => CAP_ALLOW, 1069 'manager' => CAP_ALLOW 1070 ), 1071 'clonepermissionsfrom' => 'moodle/course:update' 1072 ), 1073 'moodle/course:changecategory' => array( 1074 'riskbitmask' => RISK_XSS, 1075 1076 'captype' => 'write', 1077 'contextlevel' => CONTEXT_COURSE, 1078 'archetypes' => array( 1079 'editingteacher' => CAP_ALLOW, 1080 'manager' => CAP_ALLOW 1081 ), 1082 'clonepermissionsfrom' => 'moodle/course:update' 1083 ), 1084 1085 'moodle/course:changesummary' => array( 1086 'riskbitmask' => RISK_XSS, 1087 1088 'captype' => 'write', 1089 'contextlevel' => CONTEXT_COURSE, 1090 'archetypes' => array( 1091 'editingteacher' => CAP_ALLOW, 1092 'manager' => CAP_ALLOW 1093 ), 1094 'clonepermissionsfrom' => 'moodle/course:update' 1095 ), 1096 1097 // Ability to set a forced language for a course or activity. 1098 'moodle/course:setforcedlanguage' => array( 1099 'captype' => 'write', 1100 'contextlevel' => CONTEXT_COURSE, 1101 'archetypes' => array( 1102 'editingteacher' => CAP_ALLOW, 1103 'manager' => CAP_ALLOW 1104 ), 1105 'clonepermissionsfrom' => 'moodle/course:update' 1106 ), 1107 1108 1109 'moodle/site:viewparticipants' => array( 1110 1111 'captype' => 'read', 1112 'contextlevel' => CONTEXT_SYSTEM, 1113 'archetypes' => array( 1114 'manager' => CAP_ALLOW 1115 ) 1116 ), 1117 1118 'moodle/course:isincompletionreports' => array( 1119 'captype' => 'read', 1120 'contextlevel' => CONTEXT_COURSE, 1121 'archetypes' => array( 1122 'student' => CAP_ALLOW, 1123 ), 1124 ), 1125 1126 'moodle/course:viewscales' => array( 1127 1128 'captype' => 'read', 1129 'contextlevel' => CONTEXT_COURSE, 1130 'archetypes' => array( 1131 'student' => CAP_ALLOW, 1132 'teacher' => CAP_ALLOW, 1133 'editingteacher' => CAP_ALLOW, 1134 'manager' => CAP_ALLOW 1135 ) 1136 ), 1137 1138 'moodle/course:managescales' => array( 1139 1140 'captype' => 'write', 1141 'contextlevel' => CONTEXT_COURSE, 1142 'archetypes' => array( 1143 'editingteacher' => CAP_ALLOW, 1144 'manager' => CAP_ALLOW 1145 ) 1146 ), 1147 1148 'moodle/course:managegroups' => array( 1149 'riskbitmask' => RISK_XSS, 1150 1151 'captype' => 'write', 1152 'contextlevel' => CONTEXT_COURSE, 1153 'archetypes' => array( 1154 'editingteacher' => CAP_ALLOW, 1155 'manager' => CAP_ALLOW 1156 ) 1157 ), 1158 1159 'moodle/course:reset' => array( 1160 1161 'riskbitmask' => RISK_DATALOSS, 1162 1163 'captype' => 'write', 1164 'contextlevel' => CONTEXT_COURSE, 1165 'archetypes' => array( 1166 'editingteacher' => CAP_ALLOW, 1167 'manager' => CAP_ALLOW 1168 ) 1169 ), 1170 1171 'moodle/course:viewsuspendedusers' => array( 1172 1173 'captype' => 'read', 1174 'contextlevel' => CONTEXT_COURSE, 1175 'archetypes' => array( 1176 'editingteacher' => CAP_ALLOW, 1177 'manager' => CAP_ALLOW 1178 ) 1179 ), 1180 1181 'moodle/course:tag' => array( 1182 'riskbitmask' => RISK_SPAM, 1183 'captype' => 'write', 1184 'contextlevel' => CONTEXT_COURSE, 1185 'archetypes' => array( 1186 'manager' => CAP_ALLOW, 1187 'editingteacher' => CAP_ALLOW, 1188 ), 1189 'clonepermissionsfrom' => 'moodle/course:update' 1190 ), 1191 1192 'moodle/blog:view' => array( 1193 1194 'captype' => 'read', 1195 'contextlevel' => CONTEXT_SYSTEM, 1196 'archetypes' => array( 1197 'guest' => CAP_ALLOW, 1198 'user' => CAP_ALLOW, 1199 'student' => CAP_ALLOW, 1200 'teacher' => CAP_ALLOW, 1201 'editingteacher' => CAP_ALLOW, 1202 'manager' => CAP_ALLOW 1203 ) 1204 ), 1205 1206 'moodle/blog:search' => array( 1207 'captype' => 'read', 1208 'contextlevel' => CONTEXT_SYSTEM, 1209 'archetypes' => array( 1210 'guest' => CAP_ALLOW, 1211 'user' => CAP_ALLOW, 1212 'student' => CAP_ALLOW, 1213 'teacher' => CAP_ALLOW, 1214 'editingteacher' => CAP_ALLOW, 1215 'manager' => CAP_ALLOW 1216 ) 1217 ), 1218 1219 'moodle/blog:viewdrafts' => array( 1220 1221 'riskbitmask' => RISK_PERSONAL, 1222 'captype' => 'read', 1223 'contextlevel' => CONTEXT_SYSTEM, 1224 'archetypes' => array( 1225 'manager' => CAP_ALLOW 1226 ) 1227 ), 1228 1229 'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only 1230 1231 'riskbitmask' => RISK_SPAM, 1232 1233 'captype' => 'write', 1234 'contextlevel' => CONTEXT_SYSTEM, 1235 'archetypes' => array( 1236 'user' => CAP_ALLOW, 1237 'manager' => CAP_ALLOW 1238 ) 1239 ), 1240 1241 'moodle/blog:manageentries' => array( 1242 1243 'riskbitmask' => RISK_SPAM, 1244 1245 'captype' => 'write', 1246 'contextlevel' => CONTEXT_SYSTEM, 1247 'archetypes' => array( 1248 'teacher' => CAP_ALLOW, 1249 'editingteacher' => CAP_ALLOW, 1250 'manager' => CAP_ALLOW 1251 ) 1252 ), 1253 1254 'moodle/blog:manageexternal' => array( 1255 1256 'riskbitmask' => RISK_SPAM, 1257 1258 'captype' => 'write', 1259 'contextlevel' => CONTEXT_SYSTEM, 1260 'archetypes' => array( 1261 'student' => CAP_ALLOW, 1262 'user' => CAP_ALLOW, 1263 'teacher' => CAP_ALLOW, 1264 'editingteacher' => CAP_ALLOW, 1265 'manager' => CAP_ALLOW 1266 ) 1267 ), 1268 1269 'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only 1270 1271 'riskbitmask' => RISK_SPAM, 1272 1273 'captype' => 'write', 1274 'contextlevel' => CONTEXT_COURSE, 1275 'archetypes' => array( 1276 'user' => CAP_ALLOW, 1277 'manager' => CAP_ALLOW 1278 ) 1279 ), 1280 1281 'moodle/calendar:managegroupentries' => array( 1282 1283 'riskbitmask' => RISK_SPAM, 1284 1285 'captype' => 'write', 1286 'contextlevel' => CONTEXT_COURSE, 1287 'archetypes' => array( 1288 'teacher' => CAP_ALLOW, 1289 'editingteacher' => CAP_ALLOW, 1290 'manager' => CAP_ALLOW 1291 ) 1292 ), 1293 1294 'moodle/calendar:manageentries' => array( 1295 1296 'riskbitmask' => RISK_SPAM, 1297 1298 'captype' => 'write', 1299 'contextlevel' => CONTEXT_COURSE, 1300 'archetypes' => array( 1301 'teacher' => CAP_ALLOW, 1302 'editingteacher' => CAP_ALLOW, 1303 'manager' => CAP_ALLOW 1304 ) 1305 ), 1306 1307 'moodle/user:editprofile' => array( 1308 1309 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1310 1311 'captype' => 'write', 1312 'contextlevel' => CONTEXT_USER, 1313 'archetypes' => array( 1314 'manager' => CAP_ALLOW 1315 ) 1316 ), 1317 1318 'moodle/user:editownprofile' => array( 1319 1320 'riskbitmask' => RISK_SPAM, 1321 1322 'captype' => 'write', 1323 'contextlevel' => CONTEXT_SYSTEM, 1324 'archetypes' => array( 1325 'guest' => CAP_PROHIBIT, 1326 'user' => CAP_ALLOW, 1327 'manager' => CAP_ALLOW 1328 ) 1329 ), 1330 1331 'moodle/user:changeownpassword' => array( 1332 1333 'captype' => 'write', 1334 'contextlevel' => CONTEXT_SYSTEM, 1335 'archetypes' => array( 1336 'guest' => CAP_PROHIBIT, 1337 'user' => CAP_ALLOW, 1338 'manager' => CAP_ALLOW 1339 ) 1340 ), 1341 1342 // The next 3 might make no sense for some roles, e.g teacher, etc. 1343 // since the next level up is site. These are more for the parent role 1344 'moodle/user:readuserposts' => array( 1345 1346 'captype' => 'read', 1347 'contextlevel' => CONTEXT_USER, 1348 'archetypes' => array( 1349 'student' => CAP_ALLOW, 1350 'teacher' => CAP_ALLOW, 1351 'editingteacher' => CAP_ALLOW, 1352 'manager' => CAP_ALLOW 1353 ) 1354 ), 1355 1356 'moodle/user:readuserblogs' => array( 1357 1358 'captype' => 'read', 1359 'contextlevel' => CONTEXT_USER, 1360 'archetypes' => array( 1361 'student' => CAP_ALLOW, 1362 'teacher' => CAP_ALLOW, 1363 'editingteacher' => CAP_ALLOW, 1364 'manager' => CAP_ALLOW 1365 ) 1366 ), 1367 1368 // designed for parent role - not used in legacy roles 1369 'moodle/user:viewuseractivitiesreport' => array( 1370 'riskbitmask' => RISK_PERSONAL, 1371 1372 'captype' => 'read', 1373 'contextlevel' => CONTEXT_USER, 1374 'archetypes' => array( 1375 ) 1376 ), 1377 1378 //capabilities designed for the new message system configuration 1379 'moodle/user:editmessageprofile' => array( 1380 1381 'riskbitmask' => RISK_SPAM, 1382 1383 'captype' => 'write', 1384 'contextlevel' => CONTEXT_USER, 1385 'archetypes' => array( 1386 'manager' => CAP_ALLOW 1387 ) 1388 ), 1389 1390 'moodle/user:editownmessageprofile' => array( 1391 1392 'captype' => 'write', 1393 'contextlevel' => CONTEXT_SYSTEM, 1394 'archetypes' => array( 1395 'guest' => CAP_PROHIBIT, 1396 'user' => CAP_ALLOW, 1397 'manager' => CAP_ALLOW 1398 ) 1399 ), 1400 1401 'moodle/question:managecategory' => array( 1402 'riskbitmask' => RISK_SPAM | RISK_XSS, 1403 'captype' => 'write', 1404 'contextlevel' => CONTEXT_COURSE, 1405 'archetypes' => array( 1406 'editingteacher' => CAP_ALLOW, 1407 'manager' => CAP_ALLOW 1408 ) 1409 ), 1410 1411 //new in moodle 1.9 1412 'moodle/question:add' => array( 1413 'riskbitmask' => RISK_SPAM | RISK_XSS, 1414 'captype' => 'write', 1415 'contextlevel' => CONTEXT_COURSE, 1416 'archetypes' => array( 1417 'editingteacher' => CAP_ALLOW, 1418 'manager' => CAP_ALLOW 1419 ), 1420 'clonepermissionsfrom' => 'moodle/question:manage' 1421 ), 1422 'moodle/question:editmine' => array( 1423 'riskbitmask' => RISK_SPAM | RISK_XSS, 1424 'captype' => 'write', 1425 'contextlevel' => CONTEXT_COURSE, 1426 'archetypes' => array( 1427 'editingteacher' => CAP_ALLOW, 1428 'manager' => CAP_ALLOW 1429 ), 1430 'clonepermissionsfrom' => 'moodle/question:manage' 1431 ), 1432 'moodle/question:editall' => array( 1433 'riskbitmask' => RISK_SPAM | RISK_XSS, 1434 'captype' => 'write', 1435 'contextlevel' => CONTEXT_COURSE, 1436 'archetypes' => array( 1437 'editingteacher' => CAP_ALLOW, 1438 'manager' => CAP_ALLOW 1439 ), 1440 'clonepermissionsfrom' => 'moodle/question:manage' 1441 ), 1442 'moodle/question:viewmine' => array( 1443 'captype' => 'read', 1444 'contextlevel' => CONTEXT_COURSE, 1445 'archetypes' => array( 1446 'editingteacher' => CAP_ALLOW, 1447 'manager' => CAP_ALLOW 1448 ), 1449 'clonepermissionsfrom' => 'moodle/question:manage' 1450 ), 1451 'moodle/question:viewall' => array( 1452 'captype' => 'read', 1453 'contextlevel' => CONTEXT_COURSE, 1454 'archetypes' => array( 1455 'editingteacher' => CAP_ALLOW, 1456 'manager' => CAP_ALLOW 1457 ), 1458 'clonepermissionsfrom' => 'moodle/question:manage' 1459 ), 1460 'moodle/question:usemine' => array( 1461 'captype' => 'read', 1462 'contextlevel' => CONTEXT_COURSE, 1463 'archetypes' => array( 1464 'editingteacher' => CAP_ALLOW, 1465 'manager' => CAP_ALLOW 1466 ), 1467 'clonepermissionsfrom' => 'moodle/question:manage' 1468 ), 1469 'moodle/question:useall' => array( 1470 'captype' => 'read', 1471 'contextlevel' => CONTEXT_COURSE, 1472 'archetypes' => array( 1473 'editingteacher' => CAP_ALLOW, 1474 'manager' => CAP_ALLOW 1475 ), 1476 'clonepermissionsfrom' => 'moodle/question:manage' 1477 ), 1478 'moodle/question:movemine' => array( 1479 'captype' => 'write', 1480 'contextlevel' => CONTEXT_COURSE, 1481 'archetypes' => array( 1482 'editingteacher' => CAP_ALLOW, 1483 'manager' => CAP_ALLOW 1484 ), 1485 'clonepermissionsfrom' => 'moodle/question:manage' 1486 ), 1487 'moodle/question:moveall' => array( 1488 'captype' => 'write', 1489 'contextlevel' => CONTEXT_COURSE, 1490 'archetypes' => array( 1491 'editingteacher' => CAP_ALLOW, 1492 'manager' => CAP_ALLOW 1493 ), 1494 'clonepermissionsfrom' => 'moodle/question:manage' 1495 ), 1496 //END new in moodle 1.9 1497 1498 // Configure the installed question types. 1499 'moodle/question:config' => array( 1500 'riskbitmask' => RISK_CONFIG, 1501 'captype' => 'write', 1502 'contextlevel' => CONTEXT_SYSTEM, 1503 'archetypes' => array( 1504 'manager' => CAP_ALLOW 1505 ) 1506 ), 1507 1508 // While attempting questions, the ability to flag particular questions for later reference. 1509 'moodle/question:flag' => array( 1510 'captype' => 'write', 1511 'contextlevel' => CONTEXT_COURSE, 1512 'archetypes' => array( 1513 'student' => CAP_ALLOW, 1514 'teacher' => CAP_ALLOW, 1515 'editingteacher' => CAP_ALLOW, 1516 'manager' => CAP_ALLOW 1517 ) 1518 ), 1519 1520 // Controls whether the user can tag his own questions. 1521 'moodle/question:tagmine' => array( 1522 'captype' => 'write', 1523 'contextlevel' => CONTEXT_COURSE, 1524 'archetypes' => array( 1525 'editingteacher' => CAP_ALLOW, 1526 'manager' => CAP_ALLOW 1527 ), 1528 'clonepermissionsfrom' => 'moodle/question:editmine' 1529 ), 1530 1531 // Controls whether the user can tag all questions. 1532 'moodle/question:tagall' => array( 1533 'captype' => 'write', 1534 'contextlevel' => CONTEXT_COURSE, 1535 'archetypes' => array( 1536 'editingteacher' => CAP_ALLOW, 1537 'manager' => CAP_ALLOW 1538 ), 1539 'clonepermissionsfrom' => 'moodle/question:editall' 1540 ), 1541 1542 'moodle/site:doclinks' => array( 1543 'captype' => 'read', 1544 'contextlevel' => CONTEXT_SYSTEM, 1545 'archetypes' => array( 1546 'teacher' => CAP_ALLOW, 1547 'editingteacher' => CAP_ALLOW, 1548 'manager' => CAP_ALLOW 1549 ) 1550 ), 1551 1552 'moodle/course:sectionvisibility' => array( 1553 1554 'captype' => 'write', 1555 'contextlevel' => CONTEXT_COURSE, 1556 'archetypes' => array( 1557 'editingteacher' => CAP_ALLOW, 1558 'manager' => CAP_ALLOW 1559 ) 1560 ), 1561 1562 'moodle/course:useremail' => array( 1563 1564 'captype' => 'write', 1565 'contextlevel' => CONTEXT_COURSE, 1566 'archetypes' => array( 1567 'editingteacher' => CAP_ALLOW, 1568 'manager' => CAP_ALLOW 1569 ) 1570 ), 1571 1572 'moodle/course:viewhiddensections' => array( 1573 1574 'captype' => 'read', 1575 'contextlevel' => CONTEXT_COURSE, 1576 'archetypes' => array( 1577 'editingteacher' => CAP_ALLOW, 1578 'manager' => CAP_ALLOW 1579 ) 1580 ), 1581 1582 'moodle/course:setcurrentsection' => array( 1583 1584 'captype' => 'write', 1585 'contextlevel' => CONTEXT_COURSE, 1586 'archetypes' => array( 1587 'editingteacher' => CAP_ALLOW, 1588 'manager' => CAP_ALLOW 1589 ) 1590 ), 1591 1592 'moodle/course:movesections' => array( 1593 1594 'captype' => 'write', 1595 'contextlevel' => CONTEXT_COURSE, 1596 'archetypes' => array( 1597 'editingteacher' => CAP_ALLOW, 1598 'manager' => CAP_ALLOW 1599 ), 1600 'clonepermissionsfrom' => 'moodle/course:update' 1601 ), 1602 1603 'moodle/site:mnetlogintoremote' => array( 1604 1605 'captype' => 'read', 1606 'contextlevel' => CONTEXT_SYSTEM, 1607 'archetypes' => array( 1608 ) 1609 ), 1610 1611 'moodle/grade:viewall' => array( 1612 'riskbitmask' => RISK_PERSONAL, 1613 'captype' => 'read', 1614 'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER 1615 'archetypes' => array( 1616 'teacher' => CAP_ALLOW, 1617 'editingteacher' => CAP_ALLOW, 1618 'manager' => CAP_ALLOW 1619 ), 1620 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' 1621 ), 1622 1623 'moodle/grade:view' => array( 1624 'captype' => 'read', 1625 'contextlevel' => CONTEXT_COURSE, 1626 'archetypes' => array( 1627 'student' => CAP_ALLOW 1628 ) 1629 ), 1630 1631 'moodle/grade:viewhidden' => array( 1632 'riskbitmask' => RISK_PERSONAL, 1633 'captype' => 'read', 1634 'contextlevel' => CONTEXT_COURSE, 1635 'archetypes' => array( 1636 'teacher' => CAP_ALLOW, 1637 'editingteacher' => CAP_ALLOW, 1638 'manager' => CAP_ALLOW 1639 ), 1640 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' 1641 ), 1642 1643 'moodle/grade:import' => array( 1644 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1645 'captype' => 'write', 1646 'contextlevel' => CONTEXT_COURSE, 1647 'archetypes' => array( 1648 'editingteacher' => CAP_ALLOW, 1649 'manager' => CAP_ALLOW 1650 ), 1651 'clonepermissionsfrom' => 'moodle/course:managegrades' 1652 ), 1653 1654 'moodle/grade:export' => array( 1655 'riskbitmask' => RISK_PERSONAL, 1656 'captype' => 'read', 1657 'contextlevel' => CONTEXT_COURSE, 1658 'archetypes' => array( 1659 'teacher' => CAP_ALLOW, 1660 'editingteacher' => CAP_ALLOW, 1661 'manager' => CAP_ALLOW 1662 ), 1663 'clonepermissionsfrom' => 'moodle/course:managegrades' 1664 ), 1665 1666 'moodle/grade:manage' => array( 1667 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1668 'captype' => 'write', 1669 'contextlevel' => CONTEXT_COURSE, 1670 'archetypes' => array( 1671 'editingteacher' => CAP_ALLOW, 1672 'manager' => CAP_ALLOW 1673 ), 1674 'clonepermissionsfrom' => 'moodle/course:managegrades' 1675 ), 1676 1677 'moodle/grade:edit' => array( 1678 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1679 'captype' => 'write', 1680 'contextlevel' => CONTEXT_COURSE, 1681 'archetypes' => array( 1682 'editingteacher' => CAP_ALLOW, 1683 'manager' => CAP_ALLOW 1684 ), 1685 'clonepermissionsfrom' => 'moodle/course:managegrades' 1686 ), 1687 1688 // ability to define advanced grading forms in activities either from scratch 1689 // or from a shared template 1690 'moodle/grade:managegradingforms' => array( 1691 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1692 'captype' => 'write', 1693 'contextlevel' => CONTEXT_COURSE, 1694 'archetypes' => array( 1695 'editingteacher' => CAP_ALLOW, 1696 'manager' => CAP_ALLOW 1697 ), 1698 'clonepermissionsfrom' => 'moodle/course:managegrades' 1699 ), 1700 1701 // ability to save a grading form as a new shared template and eventually edit 1702 // and remove own templates (templates originally shared by that user) 1703 'moodle/grade:sharegradingforms' => array( 1704 'riskbitmask' => RISK_XSS, 1705 'captype' => 'write', 1706 'contextlevel' => CONTEXT_SYSTEM, 1707 'archetypes' => array( 1708 'manager' => CAP_ALLOW 1709 ), 1710 ), 1711 1712 // ability to edit and remove any shared template, even those originally shared 1713 // by other users 1714 'moodle/grade:managesharedforms' => array( 1715 'riskbitmask' => RISK_XSS, 1716 'captype' => 'write', 1717 'contextlevel' => CONTEXT_SYSTEM, 1718 'archetypes' => array( 1719 'manager' => CAP_ALLOW 1720 ), 1721 ), 1722 1723 'moodle/grade:manageoutcomes' => array( 1724 'captype' => 'write', 1725 'contextlevel' => CONTEXT_COURSE, 1726 'archetypes' => array( 1727 'editingteacher' => CAP_ALLOW, 1728 'manager' => CAP_ALLOW 1729 ), 1730 'clonepermissionsfrom' => 'moodle/course:managegrades' 1731 ), 1732 1733 'moodle/grade:manageletters' => array( 1734 'captype' => 'write', 1735 'contextlevel' => CONTEXT_COURSE, 1736 'archetypes' => array( 1737 'editingteacher' => CAP_ALLOW, 1738 'manager' => CAP_ALLOW 1739 ), 1740 'clonepermissionsfrom' => 'moodle/course:managegrades' 1741 ), 1742 1743 'moodle/grade:hide' => array( 1744 'captype' => 'write', 1745 'contextlevel' => CONTEXT_COURSE, 1746 'archetypes' => array( 1747 'editingteacher' => CAP_ALLOW, 1748 'manager' => CAP_ALLOW 1749 ) 1750 ), 1751 1752 'moodle/grade:lock' => array( 1753 'captype' => 'write', 1754 'contextlevel' => CONTEXT_COURSE, 1755 'archetypes' => array( 1756 'editingteacher' => CAP_ALLOW, 1757 'manager' => CAP_ALLOW 1758 ) 1759 ), 1760 1761 'moodle/grade:unlock' => array( 1762 'captype' => 'write', 1763 'contextlevel' => CONTEXT_COURSE, 1764 'archetypes' => array( 1765 'editingteacher' => CAP_ALLOW, 1766 'manager' => CAP_ALLOW 1767 ) 1768 ), 1769 1770 'moodle/my:manageblocks' => array( 1771 'captype' => 'write', 1772 'contextlevel' => CONTEXT_SYSTEM, 1773 'archetypes' => array( 1774 'user' => CAP_ALLOW 1775 ) 1776 ), 1777 1778 'moodle/notes:view' => array( 1779 'captype' => 'read', 1780 'contextlevel' => CONTEXT_COURSE, 1781 'archetypes' => array( 1782 'teacher' => CAP_ALLOW, 1783 'editingteacher' => CAP_ALLOW, 1784 'manager' => CAP_ALLOW 1785 ) 1786 ), 1787 1788 'moodle/notes:manage' => array( 1789 'riskbitmask' => RISK_SPAM, 1790 1791 'captype' => 'write', 1792 'contextlevel' => CONTEXT_COURSE, 1793 'archetypes' => array( 1794 'teacher' => CAP_ALLOW, 1795 'editingteacher' => CAP_ALLOW, 1796 'manager' => CAP_ALLOW 1797 ) 1798 ), 1799 1800 'moodle/tag:manage' => array( 1801 'riskbitmask' => RISK_SPAM, 1802 1803 'captype' => 'write', 1804 'contextlevel' => CONTEXT_SYSTEM, 1805 'archetypes' => array( 1806 'manager' => CAP_ALLOW 1807 ) 1808 ), 1809 1810 'moodle/tag:edit' => array( 1811 'riskbitmask' => RISK_SPAM, 1812 1813 'captype' => 'write', 1814 'contextlevel' => CONTEXT_SYSTEM, 1815 'archetypes' => array( 1816 'manager' => CAP_ALLOW 1817 ) 1818 ), 1819 1820 'moodle/tag:flag' => array( 1821 'riskbitmask' => RISK_SPAM, 1822 1823 'captype' => 'write', 1824 'contextlevel' => CONTEXT_SYSTEM, 1825 'archetypes' => array( 1826 'user' => CAP_ALLOW 1827 ) 1828 ), 1829 1830 'moodle/tag:editblocks' => array( 1831 'captype' => 'write', 1832 'contextlevel' => CONTEXT_SYSTEM, 1833 'archetypes' => array( 1834 'teacher' => CAP_ALLOW, 1835 'editingteacher' => CAP_ALLOW, 1836 'manager' => CAP_ALLOW 1837 ) 1838 ), 1839 1840 'moodle/block:view' => array( 1841 'captype' => 'read', 1842 'contextlevel' => CONTEXT_BLOCK, 1843 'archetypes' => array( 1844 'guest' => CAP_ALLOW, 1845 'user' => CAP_ALLOW, 1846 'student' => CAP_ALLOW, 1847 'teacher' => CAP_ALLOW, 1848 'editingteacher' => CAP_ALLOW, 1849 ) 1850 ), 1851 1852 'moodle/block:edit' => array( 1853 'riskbitmask' => RISK_SPAM | RISK_XSS, 1854 1855 'captype' => 'write', 1856 'contextlevel' => CONTEXT_BLOCK, 1857 'archetypes' => array( 1858 'editingteacher' => CAP_ALLOW, 1859 'manager' => CAP_ALLOW 1860 ) 1861 ), 1862 1863 'moodle/portfolio:export' => array( 1864 'captype' => 'read', 1865 'contextlevel' => CONTEXT_SYSTEM, 1866 'archetypes' => array( 1867 'user' => CAP_ALLOW, 1868 'student' => CAP_ALLOW, 1869 'teacher' => CAP_ALLOW, 1870 'editingteacher' => CAP_ALLOW, 1871 ) 1872 ), 1873 'moodle/comment:view' => array( 1874 'captype' => 'read', 1875 'contextlevel' => CONTEXT_COURSE, 1876 'archetypes' => array( 1877 'frontpage' => CAP_ALLOW, 1878 'guest' => CAP_ALLOW, 1879 'user' => CAP_ALLOW, 1880 'student' => CAP_ALLOW, 1881 'teacher' => CAP_ALLOW, 1882 'editingteacher' => CAP_ALLOW, 1883 'manager' => CAP_ALLOW 1884 ) 1885 ), 1886 'moodle/comment:post' => array( 1887 1888 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1889 'captype' => 'write', 1890 'contextlevel' => CONTEXT_COURSE, 1891 'archetypes' => array( 1892 'user' => CAP_ALLOW, 1893 'student' => CAP_ALLOW, 1894 'teacher' => CAP_ALLOW, 1895 'editingteacher' => CAP_ALLOW, 1896 'manager' => CAP_ALLOW 1897 ) 1898 ), 1899 'moodle/comment:delete' => array( 1900 1901 'riskbitmask' => RISK_DATALOSS, 1902 'captype' => 'write', 1903 'contextlevel' => CONTEXT_COURSE, 1904 'archetypes' => array( 1905 'editingteacher' => CAP_ALLOW, 1906 'manager' => CAP_ALLOW 1907 ) 1908 ), 1909 'moodle/webservice:createtoken' => array( 1910 1911 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS, 1912 'captype' => 'write', 1913 'contextlevel' => CONTEXT_SYSTEM, 1914 'archetypes' => array( 1915 'manager' => CAP_ALLOW 1916 ) 1917 ), 1918 'moodle/webservice:managealltokens' => array( 1919 1920 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL, 1921 'captype' => 'write', 1922 'contextlevel' => CONTEXT_SYSTEM, 1923 'archetypes' => array() 1924 ), 1925 'moodle/webservice:createmobiletoken' => array( 1926 1927 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1928 'captype' => 'write', 1929 'contextlevel' => CONTEXT_SYSTEM, 1930 'archetypes' => array( 1931 'user' => CAP_ALLOW 1932 ) 1933 ), 1934 'moodle/rating:view' => array( 1935 1936 'captype' => 'read', 1937 'contextlevel' => CONTEXT_COURSE, 1938 'archetypes' => array( 1939 'user' => CAP_ALLOW, 1940 'student' => CAP_ALLOW, 1941 'teacher' => CAP_ALLOW, 1942 'editingteacher' => CAP_ALLOW, 1943 'manager' => CAP_ALLOW 1944 ) 1945 ), 1946 'moodle/rating:viewany' => array( 1947 1948 'riskbitmask' => RISK_PERSONAL, 1949 'captype' => 'read', 1950 'contextlevel' => CONTEXT_COURSE, 1951 'archetypes' => array( 1952 'user' => CAP_ALLOW, 1953 'student' => CAP_ALLOW, 1954 'teacher' => CAP_ALLOW, 1955 'editingteacher' => CAP_ALLOW, 1956 'manager' => CAP_ALLOW 1957 ) 1958 ), 1959 'moodle/rating:viewall' => array( 1960 1961 'riskbitmask' => RISK_PERSONAL, 1962 'captype' => 'read', 1963 'contextlevel' => CONTEXT_COURSE, 1964 'archetypes' => array( 1965 'user' => CAP_ALLOW, 1966 'student' => CAP_ALLOW, 1967 'teacher' => CAP_ALLOW, 1968 'editingteacher' => CAP_ALLOW, 1969 'manager' => CAP_ALLOW 1970 ) 1971 ), 1972 'moodle/rating:rate' => array( 1973 1974 'captype' => 'write', 1975 'contextlevel' => CONTEXT_COURSE, 1976 'archetypes' => array( 1977 'user' => CAP_ALLOW, 1978 'student' => CAP_ALLOW, 1979 'teacher' => CAP_ALLOW, 1980 'editingteacher' => CAP_ALLOW, 1981 'manager' => CAP_ALLOW 1982 ) 1983 ), 1984 'moodle/course:markcomplete' => array( 1985 'captype' => 'write', 1986 'contextlevel' => CONTEXT_COURSE, 1987 'archetypes' => array( 1988 'teacher' => CAP_ALLOW, 1989 'editingteacher' => CAP_ALLOW, 1990 'manager' => CAP_ALLOW 1991 ) 1992 ), 1993 'moodle/course:overridecompletion' => array( 1994 'captype' => 'write', 1995 'contextlevel' => CONTEXT_COURSE, 1996 'archetypes' => array( 1997 'teacher' => CAP_ALLOW, 1998 'editingteacher' => CAP_ALLOW, 1999 'manager' => CAP_ALLOW 2000 ) 2001 ), 2002 2003 // Badges. 2004 'moodle/badges:manageglobalsettings' => array( 2005 'riskbitmask' => RISK_DATALOSS | RISK_CONFIG, 2006 'captype' => 'write', 2007 'contextlevel' => CONTEXT_SYSTEM, 2008 'archetypes' => array( 2009 'manager' => CAP_ALLOW, 2010 ) 2011 ), 2012 2013 // View available badges without earning them. 2014 'moodle/badges:viewbadges' => array( 2015 'captype' => 'read', 2016 'contextlevel' => CONTEXT_COURSE, 2017 'archetypes' => array( 2018 'user' => CAP_ALLOW, 2019 ) 2020 ), 2021 2022 // Manage badges on own private badges page. 2023 'moodle/badges:manageownbadges' => array( 2024 'riskbitmap' => RISK_SPAM, 2025 'captype' => 'write', 2026 'contextlevel' => CONTEXT_USER, 2027 'archetypes' => array( 2028 'user' => CAP_ALLOW 2029 ) 2030 ), 2031 2032 // View public badges in other users' profiles. 2033 'moodle/badges:viewotherbadges' => array( 2034 'riskbitmap' => RISK_PERSONAL, 2035 'captype' => 'read', 2036 'contextlevel' => CONTEXT_USER, 2037 'archetypes' => array( 2038 'user' => CAP_ALLOW 2039 ) 2040 ), 2041 2042 // Earn badge. 2043 'moodle/badges:earnbadge' => array( 2044 'captype' => 'write', 2045 'contextlevel' => CONTEXT_COURSE, 2046 'archetypes' => array( 2047 'user' => CAP_ALLOW, 2048 ) 2049 ), 2050 2051 // Create/duplicate badges. 2052 'moodle/badges:createbadge' => array( 2053 'riskbitmask' => RISK_SPAM, 2054 'captype' => 'write', 2055 'contextlevel' => CONTEXT_COURSE, 2056 'archetypes' => array( 2057 'manager' => CAP_ALLOW, 2058 'editingteacher' => CAP_ALLOW, 2059 ) 2060 ), 2061 2062 // Delete badges. 2063 'moodle/badges:deletebadge' => array( 2064 'riskbitmask' => RISK_DATALOSS, 2065 'captype' => 'write', 2066 'contextlevel' => CONTEXT_COURSE, 2067 'archetypes' => array( 2068 'manager' => CAP_ALLOW, 2069 'editingteacher' => CAP_ALLOW, 2070 ) 2071 ), 2072 2073 // Set up/edit badge details. 2074 'moodle/badges:configuredetails' => array( 2075 'riskbitmask' => RISK_SPAM, 2076 'captype' => 'write', 2077 'contextlevel' => CONTEXT_COURSE, 2078 'archetypes' => array( 2079 'manager' => CAP_ALLOW, 2080 'editingteacher' => CAP_ALLOW, 2081 ) 2082 ), 2083 2084 // Set up/edit criteria of earning a badge. 2085 'moodle/badges:configurecriteria' => array( 2086 'riskbitmask' => RISK_XSS, 2087 'captype' => 'write', 2088 'contextlevel' => CONTEXT_COURSE, 2089 'archetypes' => array( 2090 'manager' => CAP_ALLOW, 2091 'editingteacher' => CAP_ALLOW, 2092 ) 2093 ), 2094 2095 // Configure badge messages. 2096 'moodle/badges:configuremessages' => array( 2097 'riskbitmask' => RISK_SPAM, 2098 'captype' => 'write', 2099 'contextlevel' => CONTEXT_COURSE, 2100 'archetypes' => array( 2101 'manager' => CAP_ALLOW, 2102 'editingteacher' => CAP_ALLOW, 2103 ) 2104 ), 2105 2106 // Award badge to a user. 2107 'moodle/badges:awardbadge' => array( 2108 'riskbitmask' => RISK_SPAM, 2109 'captype' => 'write', 2110 'contextlevel' => CONTEXT_COURSE, 2111 'archetypes' => array( 2112 'manager' => CAP_ALLOW, 2113 'teacher' => CAP_ALLOW, 2114 'editingteacher' => CAP_ALLOW, 2115 ) 2116 ), 2117 2118 // Revoke badge from a user. 2119 'moodle/badges:revokebadge' => array( 2120 'riskbitmask' => RISK_SPAM, 2121 'captype' => 'write', 2122 'contextlevel' => CONTEXT_COURSE, 2123 'archetypes' => array( 2124 'manager' => CAP_ALLOW, 2125 'teacher' => CAP_ALLOW, 2126 'editingteacher' => CAP_ALLOW, 2127 ) 2128 ), 2129 2130 // View users who earned a specific badge without being able to award a badge. 2131 'moodle/badges:viewawarded' => array( 2132 'riskbitmask' => RISK_PERSONAL, 2133 'captype' => 'read', 2134 'contextlevel' => CONTEXT_COURSE, 2135 'archetypes' => array( 2136 'manager' => CAP_ALLOW, 2137 'teacher' => CAP_ALLOW, 2138 'editingteacher' => CAP_ALLOW, 2139 ) 2140 ), 2141 2142 'moodle/site:forcelanguage' => array( 2143 'captype' => 'read', 2144 'contextlevel' => CONTEXT_SYSTEM, 2145 'archetypes' => array( 2146 ) 2147 ), 2148 2149 // Perform site-wide search queries through the search API. 2150 'moodle/search:query' => array( 2151 'captype' => 'read', 2152 'contextlevel' => CONTEXT_SYSTEM, 2153 'archetypes' => array( 2154 'guest' => CAP_ALLOW, 2155 'user' => CAP_ALLOW, 2156 'student' => CAP_ALLOW, 2157 'teacher' => CAP_ALLOW, 2158 'editingteacher' => CAP_ALLOW, 2159 'manager' => CAP_ALLOW 2160 ) 2161 ), 2162 2163 // Competencies. 2164 'moodle/competency:competencymanage' => array( 2165 'captype' => 'write', 2166 'contextlevel' => CONTEXT_COURSECAT, 2167 'archetypes' => array( 2168 'manager' => CAP_ALLOW 2169 ) 2170 ), 2171 'moodle/competency:competencyview' => array( 2172 'captype' => 'read', 2173 'contextlevel' => CONTEXT_COURSECAT, 2174 'archetypes' => array( 2175 'user' => CAP_ALLOW 2176 ), 2177 ), 2178 'moodle/competency:competencygrade' => array( 2179 'captype' => 'write', 2180 'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER. 2181 'archetypes' => array( 2182 'editingteacher' => CAP_ALLOW, 2183 'teacher' => CAP_ALLOW, 2184 'manager' => CAP_ALLOW 2185 ), 2186 ), 2187 // Course competencies. 2188 'moodle/competency:coursecompetencymanage' => array( 2189 'captype' => 'write', 2190 'contextlevel' => CONTEXT_COURSE, 2191 'archetypes' => array( 2192 'editingteacher' => CAP_ALLOW, 2193 'manager' => CAP_ALLOW 2194 ), 2195 ), 2196 'moodle/competency:coursecompetencyconfigure' => array( 2197 'captype' => 'write', 2198 'contextlevel' => CONTEXT_MODULE, 2199 'archetypes' => array( 2200 'manager' => CAP_ALLOW 2201 ), 2202 ), 2203 'moodle/competency:coursecompetencygradable' => array( 2204 'captype' => 'read', 2205 'contextlevel' => CONTEXT_COURSE, 2206 'archetypes' => array( 2207 'student' => CAP_ALLOW 2208 ), 2209 'clonepermissionsfrom' => 'moodle/course:isincompletionreports' 2210 ), 2211 'moodle/competency:coursecompetencyview' => array( 2212 'captype' => 'read', 2213 'contextlevel' => CONTEXT_COURSE, 2214 'archetypes' => array( 2215 'user' => CAP_ALLOW 2216 ), 2217 ), 2218 // Evidence. 2219 'moodle/competency:evidencedelete' => array( 2220 'captype' => 'write', 2221 'contextlevel' => CONTEXT_USER, 2222 'archetypes' => array( 2223 ), 2224 'clonepermissionsfrom' => 'moodle/site:config' 2225 ), 2226 // User plans. 2227 'moodle/competency:planmanage' => array( 2228 'captype' => 'write', 2229 'contextlevel' => CONTEXT_USER, 2230 'archetypes' => array( 2231 'manager' => CAP_ALLOW 2232 ), 2233 ), 2234 'moodle/competency:planmanagedraft' => array( 2235 'captype' => 'write', 2236 'contextlevel' => CONTEXT_USER, 2237 'archetypes' => array( 2238 'manager' => CAP_ALLOW 2239 ), 2240 ), 2241 'moodle/competency:planmanageown' => array( 2242 'captype' => 'write', 2243 'contextlevel' => CONTEXT_USER, 2244 'archetypes' => array( 2245 ), 2246 ), 2247 'moodle/competency:planmanageowndraft' => array( 2248 'captype' => 'write', 2249 'contextlevel' => CONTEXT_USER, 2250 'archetypes' => array( 2251 ), 2252 ), 2253 'moodle/competency:planview' => array( 2254 'captype' => 'read', 2255 'contextlevel' => CONTEXT_USER, 2256 'archetypes' => array( 2257 'manager' => CAP_ALLOW 2258 ), 2259 ), 2260 'moodle/competency:planviewdraft' => array( 2261 'captype' => 'read', 2262 'contextlevel' => CONTEXT_USER, 2263 'archetypes' => array( 2264 'manager' => CAP_ALLOW 2265 ), 2266 ), 2267 'moodle/competency:planviewown' => array( 2268 'captype' => 'read', 2269 'contextlevel' => CONTEXT_USER, 2270 'archetypes' => array( 2271 'user' => CAP_ALLOW 2272 ), 2273 ), 2274 'moodle/competency:planviewowndraft' => array( 2275 'captype' => 'read', 2276 'contextlevel' => CONTEXT_USER, 2277 'archetypes' => array( 2278 ), 2279 ), 2280 'moodle/competency:planrequestreview' => array( 2281 'captype' => 'write', 2282 'contextlevel' => CONTEXT_USER, 2283 'archetypes' => array( 2284 'manager' => CAP_ALLOW 2285 ) 2286 ), 2287 'moodle/competency:planrequestreviewown' => array( 2288 'captype' => 'write', 2289 'contextlevel' => CONTEXT_USER, 2290 'archetypes' => array( 2291 'user' => CAP_ALLOW 2292 ) 2293 ), 2294 'moodle/competency:planreview' => array( 2295 'captype' => 'write', 2296 'contextlevel' => CONTEXT_USER, 2297 'archetypes' => array( 2298 'manager' => CAP_ALLOW 2299 ), 2300 ), 2301 'moodle/competency:plancomment' => array( 2302 'captype' => 'write', 2303 'contextlevel' => CONTEXT_USER, 2304 'archetypes' => array( 2305 'manager' => CAP_ALLOW 2306 ), 2307 ), 2308 'moodle/competency:plancommentown' => array( 2309 'captype' => 'write', 2310 'contextlevel' => CONTEXT_USER, 2311 'archetypes' => array( 2312 'user' => CAP_ALLOW 2313 ), 2314 ), 2315 // User competencies. 2316 'moodle/competency:usercompetencyview' => array( 2317 'captype' => 'read', 2318 'contextlevel' => CONTEXT_USER, // And CONTEXT_COURSE. 2319 'archetypes' => array( 2320 'manager' => CAP_ALLOW, 2321 'editingteacher' => CAP_ALLOW, 2322 'teacher' => CAP_ALLOW 2323 ) 2324 ), 2325 'moodle/competency:usercompetencyrequestreview' => array( 2326 'captype' => 'write', 2327 'contextlevel' => CONTEXT_USER, 2328 'archetypes' => array( 2329 'manager' => CAP_ALLOW 2330 ) 2331 ), 2332 'moodle/competency:usercompetencyrequestreviewown' => array( 2333 'captype' => 'write', 2334 'contextlevel' => CONTEXT_USER, 2335 'archetypes' => array( 2336 'user' => CAP_ALLOW 2337 ) 2338 ), 2339 'moodle/competency:usercompetencyreview' => array( 2340 'captype' => 'write', 2341 'contextlevel' => CONTEXT_USER, 2342 'archetypes' => array( 2343 'manager' => CAP_ALLOW 2344 ), 2345 ), 2346 'moodle/competency:usercompetencycomment' => array( 2347 'captype' => 'write', 2348 'contextlevel' => CONTEXT_USER, 2349 'archetypes' => array( 2350 'manager' => CAP_ALLOW 2351 ), 2352 ), 2353 'moodle/competency:usercompetencycommentown' => array( 2354 'captype' => 'write', 2355 'contextlevel' => CONTEXT_USER, 2356 'archetypes' => array( 2357 'user' => CAP_ALLOW 2358 ), 2359 ), 2360 // Template. 2361 'moodle/competency:templatemanage' => array( 2362 'captype' => 'write', 2363 'contextlevel' => CONTEXT_COURSECAT, 2364 'archetypes' => array( 2365 'manager' => CAP_ALLOW 2366 ), 2367 ), 2368 'moodle/analytics:listinsights' => array( 2369 'riskbitmask' => RISK_PERSONAL, 2370 'captype' => 'read', 2371 'contextlevel' => CONTEXT_COURSE, 2372 'archetypes' => array( 2373 'teacher' => CAP_ALLOW, 2374 'editingteacher' => CAP_ALLOW, 2375 'manager' => CAP_ALLOW 2376 ) 2377 ), 2378 'moodle/analytics:managemodels' => array( 2379 'riskbitmask' => RISK_CONFIG, 2380 'captype' => 'write', 2381 'contextlevel' => CONTEXT_SYSTEM, 2382 'archetypes' => array( 2383 'manager' => CAP_ALLOW 2384 ), 2385 ), 2386 'moodle/competency:templateview' => array( 2387 'captype' => 'read', 2388 'contextlevel' => CONTEXT_COURSECAT, 2389 'archetypes' => array( 2390 'manager' => CAP_ALLOW 2391 ), 2392 ), 2393 // User evidence. 2394 'moodle/competency:userevidencemanage' => array( 2395 'captype' => 'write', 2396 'contextlevel' => CONTEXT_USER, 2397 'archetypes' => array( 2398 'manager' => CAP_ALLOW 2399 ), 2400 ), 2401 'moodle/competency:userevidencemanageown' => array( 2402 'captype' => 'write', 2403 'contextlevel' => CONTEXT_USER, 2404 'archetypes' => array( 2405 'user' => CAP_ALLOW 2406 ), 2407 ), 2408 'moodle/competency:userevidenceview' => array( 2409 'captype' => 'read', 2410 'contextlevel' => CONTEXT_USER, 2411 'archetypes' => array( 2412 'manager' => CAP_ALLOW 2413 ), 2414 ), 2415 'moodle/site:maintenanceaccess' => array( 2416 'captype' => 'write', 2417 'contextlevel' => CONTEXT_SYSTEM, 2418 'archetypes' => array( 2419 ) 2420 ), 2421 // Allow message any user, regardlesss of the privacy preferences for messaging. 2422 'moodle/site:messageanyuser' => array( 2423 'riskbitmask' => RISK_SPAM, 2424 'captype' => 'write', 2425 'contextlevel' => CONTEXT_SYSTEM, 2426 'archetypes' => array( 2427 'teacher' => CAP_ALLOW, 2428 'editingteacher' => CAP_ALLOW, 2429 'manager' => CAP_ALLOW 2430 ) 2431 ), 2432 2433 // Context locking/unlocking. 2434 'moodle/site:managecontextlocks' => [ 2435 'captype' => 'write', 2436 'contextlevel' => CONTEXT_MODULE, 2437 'archetypes' => [ 2438 ], 2439 ], 2440 2441 // Manual completion toggling. 2442 'moodle/course:togglecompletion' => [ 2443 'captype' => 'write', 2444 'contextlevel' => CONTEXT_MODULE, 2445 'archetypes' => [ 2446 'user' => CAP_ALLOW, 2447 ], 2448 ], 2449 2450 'moodle/analytics:listowninsights' => array( 2451 'captype' => 'read', 2452 'contextlevel' => CONTEXT_SYSTEM, 2453 'archetypes' => array( 2454 'user' => CAP_ALLOW 2455 ) 2456 ), 2457 2458 // Set display option buttons to an H5P content. 2459 'moodle/h5p:setdisplayoptions' => array( 2460 'captype' => 'write', 2461 'contextlevel' => CONTEXT_MODULE, 2462 'archetypes' => array( 2463 'editingteacher' => CAP_ALLOW, 2464 ) 2465 ), 2466 2467 // Allow to deploy H5P content. 2468 'moodle/h5p:deploy' => array( 2469 'riskbitmask' => RISK_XSS, 2470 'captype' => 'write', 2471 'contextlevel' => CONTEXT_MODULE, 2472 'archetypes' => array( 2473 'manager' => CAP_ALLOW, 2474 'editingteacher' => CAP_ALLOW, 2475 ) 2476 ), 2477 2478 // Allow to update H5P content-type libraries. 2479 'moodle/h5p:updatelibraries' => [ 2480 'riskbitmask' => RISK_XSS, 2481 'captype' => 'write', 2482 'contextlevel' => CONTEXT_MODULE, 2483 'archetypes' => [ 2484 'manager' => CAP_ALLOW, 2485 ] 2486 ], 2487 2488 // Allow users to recommend activities in the activity chooser. 2489 'moodle/course:recommendactivity' => [ 2490 'captype' => 'write', 2491 'contextlevel' => CONTEXT_SYSTEM, 2492 'archetypes' => [ 2493 'manager' => CAP_ALLOW, 2494 ] 2495 ], 2496 2497 // Content bank capabilities. 2498 'moodle/contentbank:access' => array( 2499 'captype' => 'read', 2500 'contextlevel' => CONTEXT_COURSE, 2501 'archetypes' => array( 2502 'manager' => CAP_ALLOW, 2503 'coursecreator' => CAP_ALLOW, 2504 'editingteacher' => CAP_ALLOW, 2505 ) 2506 ), 2507 2508 'moodle/contentbank:upload' => array( 2509 'riskbitmask' => RISK_SPAM, 2510 'captype' => 'write', 2511 'contextlevel' => CONTEXT_COURSE, 2512 'archetypes' => array( 2513 'manager' => CAP_ALLOW, 2514 'coursecreator' => CAP_ALLOW, 2515 'editingteacher' => CAP_ALLOW, 2516 ) 2517 ), 2518 2519 // Delete any content from the content bank. 2520 'moodle/contentbank:deleteanycontent' => [ 2521 'riskbitmask' => RISK_DATALOSS, 2522 'captype' => 'write', 2523 'contextlevel' => CONTEXT_COURSE, 2524 'archetypes' => [ 2525 'manager' => CAP_ALLOW, 2526 'coursecreator' => CAP_ALLOW, 2527 ] 2528 ], 2529 2530 // Delete content created by yourself. 2531 'moodle/contentbank:deleteowncontent' => [ 2532 'captype' => 'write', 2533 'contextlevel' => CONTEXT_COURSE, 2534 'archetypes' => [ 2535 'user' => CAP_ALLOW, 2536 ] 2537 ], 2538 2539 // Manage (rename, move, publish, share, etc.) any content from the content bank. 2540 'moodle/contentbank:manageanycontent' => [ 2541 'riskbitmask' => RISK_DATALOSS, 2542 'captype' => 'write', 2543 'contextlevel' => CONTEXT_COURSE, 2544 'archetypes' => array( 2545 'manager' => CAP_ALLOW, 2546 'coursecreator' => CAP_ALLOW, 2547 ) 2548 ], 2549 2550 // Manage (rename, move, publish, share, etc.) content created by yourself. 2551 'moodle/contentbank:manageowncontent' => [ 2552 'captype' => 'write', 2553 'contextlevel' => CONTEXT_COURSE, 2554 'archetypes' => array( 2555 'manager' => CAP_ALLOW, 2556 'coursecreator' => CAP_ALLOW, 2557 'editingteacher' => CAP_ALLOW, 2558 ) 2559 ], 2560 2561 // Allow users to create/edit content within the content bank. 2562 'moodle/contentbank:useeditor' => [ 2563 'riskbitmask' => RISK_SPAM, 2564 'captype' => 'write', 2565 'contextlevel' => CONTEXT_COURSE, 2566 'archetypes' => array( 2567 'manager' => CAP_ALLOW, 2568 'coursecreator' => CAP_ALLOW, 2569 'editingteacher' => CAP_ALLOW, 2570 ) 2571 ], 2572 2573 // Allow users to download content. 2574 'moodle/contentbank:downloadcontent' => [ 2575 'captype' => 'read', 2576 'contextlevel' => CONTEXT_COURSE, 2577 'archetypes' => [ 2578 'manager' => CAP_ALLOW, 2579 'coursecreator' => CAP_ALLOW, 2580 'editingteacher' => CAP_ALLOW, 2581 ] 2582 ], 2583 2584 // Allow users to download course content. 2585 'moodle/course:downloadcoursecontent' => [ 2586 'captype' => 'read', 2587 'contextlevel' => CONTEXT_COURSE, 2588 'archetypes' => array( 2589 'student' => CAP_ALLOW, 2590 'teacher' => CAP_ALLOW, 2591 'editingteacher' => CAP_ALLOW, 2592 'manager' => CAP_ALLOW 2593 ) 2594 ], 2595 2596 // Allow users to configure download course content functionality within a course, if the feature is available. 2597 'moodle/course:configuredownloadcontent' => [ 2598 'captype' => 'write', 2599 'contextlevel' => CONTEXT_COURSE, 2600 'archetypes' => array( 2601 'editingteacher' => CAP_ALLOW, 2602 'manager' => CAP_ALLOW 2603 ), 2604 ], 2605 2606 // Allow to manage payment accounts. 2607 'moodle/payment:manageaccounts' => [ 2608 'captype' => 'write', 2609 'riskbitmask' => RISK_PERSONAL | RISK_CONFIG | RISK_DATALOSS, 2610 'contextlevel' => CONTEXT_COURSE, 2611 'archetypes' => [], 2612 ], 2613 2614 // Allow to view payments. 2615 'moodle/payment:viewpayments' => [ 2616 'captype' => 'read', 2617 'riskbitmask' => RISK_PERSONAL, 2618 'contextlevel' => CONTEXT_COURSE, 2619 'archetypes' => [], 2620 ], 2621 2622 // Allow users to view hidden content. 2623 'moodle/contentbank:viewunlistedcontent' => [ 2624 'captype' => 'read', 2625 'contextlevel' => CONTEXT_COURSE, 2626 'archetypes' => [ 2627 'manager' => CAP_ALLOW, 2628 'coursecreator' => CAP_ALLOW, 2629 ] 2630 ], 2631 2632 // Allow users to view custom reports. 2633 'moodle/reportbuilder:view' => [ 2634 'captype' => 'read', 2635 'contextlevel' => CONTEXT_SYSTEM, 2636 'archetypes' => [ 2637 'user' => CAP_ALLOW, 2638 ], 2639 ], 2640 2641 // Allow users to create/edit their own custom reports. 2642 'moodle/reportbuilder:edit' => [ 2643 'captype' => 'write', 2644 'riskbitmap' => RISK_PERSONAL, 2645 'contextlevel' => CONTEXT_SYSTEM, 2646 'archetypes' => [ 2647 'manager' => CAP_ALLOW, 2648 ], 2649 ], 2650 2651 // Allow users to create/edit all custom reports. 2652 'moodle/reportbuilder:editall' => [ 2653 'captype' => 'write', 2654 'riskbitmap' => RISK_PERSONAL, 2655 'contextlevel' => CONTEXT_SYSTEM, 2656 'archetypes' => [], 2657 ], 2658 2659 // Allow users to schedule reports as other users. 2660 'moodle/reportbuilder:scheduleviewas' => [ 2661 'captype' => 'read', 2662 'riskbitmap' => RISK_PERSONAL, 2663 'contextlevel' => CONTEXT_SYSTEM, 2664 'archetypes' => [], 2665 ], 2666 );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
