Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
- Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
/lib/db/ -> access.php (source)
Differences Between: [Versions 310 and 402] [Versions 311 and 402] [Versions 39 and 402] [Versions 400 and 402] [Versions 401 and 402] [Versions 402 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Capability definitions for Moodle core. 19 * 20 * The capabilities are loaded into the database table when the module is 21 * installed or updated. Whenever the capability definitions are updated, 22 * the module version number should be bumped up. 23 * 24 * The system has four possible values for a capability: 25 * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set). 26 * 27 * 28 * CAPABILITY NAMING CONVENTION 29 * 30 * It is important that capability names are unique. The naming convention 31 * for capabilities that are specific to modules and blocks is as follows: 32 * [mod/block]/<plugin_name>:<capabilityname> 33 * 34 * component_name should be the same as the directory name of the mod or block. 35 * 36 * Core moodle capabilities are defined thus: 37 * moodle/<capabilityclass>:<capabilityname> 38 * 39 * Examples: mod/forum:viewpost 40 * block/recent_activity:view 41 * moodle/site:deleteuser 42 * 43 * The variable name for the capability definitions array is $capabilities 44 * 45 * For more information, take a look to the documentation available: 46 * - Access API: {@link https://moodledev.io/docs/apis/subsystems/access} 47 * - Upgrade API: {@link https://moodledev.io/docs/guides/upgrade} 48 * 49 * @package core_access 50 * @category access 51 * @copyright 2006 onwards Martin Dougiamas http://dougiamas.com 52 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 53 */ 54 55 defined('MOODLE_INTERNAL') || die(); 56 57 $capabilities = array( 58 'moodle/site:config' => array( 59 60 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS, 61 62 'captype' => 'write', 63 'contextlevel' => CONTEXT_SYSTEM, 64 'archetypes' => array( 65 ) 66 ), 67 'moodle/site:configview' => array( 68 'captype' => 'read', 69 'contextlevel' => CONTEXT_SYSTEM, 70 'archetypes' => array( 71 'manager' => CAP_ALLOW, 72 'coursecreator' => CAP_ALLOW, 73 ) 74 ), 75 76 'moodle/site:readallmessages' => array( 77 78 'riskbitmask' => RISK_PERSONAL, 79 80 'captype' => 'read', 81 'contextlevel' => CONTEXT_SYSTEM, 82 'archetypes' => array( 83 'manager' => CAP_ALLOW, 84 'editingteacher' => CAP_ALLOW 85 ) 86 ), 87 88 'moodle/site:manageallmessaging' => array( 89 90 'riskbitmask' => RISK_PERSONAL, 91 92 'captype' => 'write', 93 'contextlevel' => CONTEXT_SYSTEM, 94 'archetypes' => array( 95 'manager' => CAP_ALLOW 96 ) 97 ), 98 99 'moodle/site:deleteanymessage' => array( 100 101 'riskbitmask' => RISK_DATALOSS, 102 103 'captype' => 'write', 104 'contextlevel' => CONTEXT_SYSTEM, 105 'archetypes' => array( 106 'manager' => CAP_ALLOW 107 ) 108 ), 109 110 'moodle/site:sendmessage' => array( 111 112 'riskbitmask' => RISK_SPAM, 113 114 'captype' => 'write', 115 'contextlevel' => CONTEXT_SYSTEM, 116 'archetypes' => array( 117 'manager' => CAP_ALLOW, 118 'user' => CAP_ALLOW 119 ) 120 ), 121 122 'moodle/site:senderrormessage' => [ 123 'riskbitmask' => RISK_SPAM, 124 'captype' => 'write', 125 'contextlevel' => CONTEXT_SYSTEM, 126 'archetypes' => array( 127 'user' => CAP_ALLOW 128 ) 129 ], 130 131 'moodle/site:deleteownmessage' => array( 132 133 'captype' => 'write', 134 'contextlevel' => CONTEXT_SYSTEM, 135 'archetypes' => array( 136 'user' => CAP_ALLOW 137 ) 138 ), 139 140 'moodle/site:approvecourse' => array( 141 142 'riskbitmask' => RISK_XSS, 143 144 'captype' => 'write', 145 'contextlevel' => CONTEXT_COURSECAT, 146 'archetypes' => array( 147 'manager' => CAP_ALLOW 148 ) 149 ), 150 151 'moodle/backup:backupcourse' => array( 152 153 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 154 155 'captype' => 'write', 156 'contextlevel' => CONTEXT_COURSE, 157 'archetypes' => array( 158 'editingteacher' => CAP_ALLOW, 159 'manager' => CAP_ALLOW 160 ), 161 162 'clonepermissionsfrom' => 'moodle/site:backup' 163 ), 164 165 'moodle/backup:backupsection' => array( 166 167 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 168 169 'captype' => 'write', 170 'contextlevel' => CONTEXT_COURSE, 171 'archetypes' => array( 172 'editingteacher' => CAP_ALLOW, 173 'manager' => CAP_ALLOW 174 ), 175 176 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 177 ), 178 179 'moodle/backup:backupactivity' => array( 180 181 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 182 183 'captype' => 'write', 184 'contextlevel' => CONTEXT_MODULE, 185 'archetypes' => array( 186 'editingteacher' => CAP_ALLOW, 187 'manager' => CAP_ALLOW 188 ), 189 190 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 191 ), 192 193 'moodle/backup:backuptargetimport' => array( 194 195 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 196 197 'captype' => 'read', 198 'contextlevel' => CONTEXT_COURSE, 199 'archetypes' => array( 200 'editingteacher' => CAP_ALLOW, 201 'manager' => CAP_ALLOW 202 ), 203 204 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 205 ), 206 207 'moodle/backup:downloadfile' => array( 208 209 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 210 211 'captype' => 'write', 212 'contextlevel' => CONTEXT_COURSE, 213 'archetypes' => array( 214 'editingteacher' => CAP_ALLOW, 215 'manager' => CAP_ALLOW 216 ), 217 218 'clonepermissionsfrom' => 'moodle/site:backupdownload' 219 ), 220 221 'moodle/backup:configure' => array( 222 223 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 224 225 'captype' => 'write', 226 'contextlevel' => CONTEXT_COURSE, 227 'archetypes' => array( 228 'editingteacher' => CAP_ALLOW, 229 'manager' => CAP_ALLOW 230 ) 231 ), 232 233 'moodle/backup:userinfo' => array( 234 235 'riskbitmask' => RISK_PERSONAL, 236 237 'captype' => 'read', 238 'contextlevel' => CONTEXT_COURSE, 239 'archetypes' => array( 240 'manager' => CAP_ALLOW 241 ) 242 ), 243 244 'moodle/backup:anonymise' => array( 245 246 'riskbitmask' => RISK_PERSONAL, 247 248 'captype' => 'read', 249 'contextlevel' => CONTEXT_COURSE, 250 'archetypes' => array( 251 'manager' => CAP_ALLOW 252 ) 253 ), 254 255 'moodle/restore:restorecourse' => array( 256 257 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 258 259 'captype' => 'write', 260 'contextlevel' => CONTEXT_COURSE, 261 'archetypes' => array( 262 'editingteacher' => CAP_ALLOW, 263 'manager' => CAP_ALLOW 264 ), 265 266 'clonepermissionsfrom' => 'moodle/site:restore' 267 ), 268 269 'moodle/restore:restoresection' => array( 270 271 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 272 273 'captype' => 'write', 274 'contextlevel' => CONTEXT_COURSE, 275 'archetypes' => array( 276 'editingteacher' => CAP_ALLOW, 277 'manager' => CAP_ALLOW 278 ), 279 280 'clonepermissionsfrom' => 'moodle/restore:restorecourse' 281 ), 282 283 'moodle/restore:restoreactivity' => array( 284 285 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 286 287 'captype' => 'write', 288 'contextlevel' => CONTEXT_COURSE, 289 'archetypes' => array( 290 'editingteacher' => CAP_ALLOW, 291 'manager' => CAP_ALLOW 292 ), 293 294 'clonepermissionsfrom' => 'moodle/restore:restorecourse' 295 ), 296 297 'moodle/restore:viewautomatedfilearea' => array( 298 299 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 300 301 'captype' => 'write', 302 'contextlevel' => CONTEXT_COURSE, 303 'archetypes' => array( 304 'editingteacher' => CAP_ALLOW, 305 'manager' => CAP_ALLOW 306 ), 307 ), 308 309 'moodle/restore:restoretargetimport' => array( 310 311 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 312 313 'captype' => 'write', 314 'contextlevel' => CONTEXT_COURSE, 315 'archetypes' => array( 316 'editingteacher' => CAP_ALLOW, 317 'manager' => CAP_ALLOW 318 ), 319 320 'clonepermissionsfrom' => 'moodle/site:import' 321 ), 322 323 'moodle/restore:uploadfile' => array( 324 325 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 326 327 'captype' => 'write', 328 'contextlevel' => CONTEXT_COURSE, 329 'archetypes' => array( 330 'editingteacher' => CAP_ALLOW, 331 'manager' => CAP_ALLOW 332 ), 333 334 'clonepermissionsfrom' => 'moodle/site:backupupload' 335 ), 336 337 'moodle/restore:configure' => array( 338 339 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 340 341 'captype' => 'write', 342 'contextlevel' => CONTEXT_COURSE, 343 'archetypes' => array( 344 'editingteacher' => CAP_ALLOW, 345 'manager' => CAP_ALLOW 346 ) 347 ), 348 349 'moodle/restore:rolldates' => array( 350 351 'captype' => 'write', 352 'contextlevel' => CONTEXT_COURSE, 353 'archetypes' => array( 354 'coursecreator' => CAP_ALLOW, 355 'manager' => CAP_ALLOW 356 ) 357 ), 358 359 'moodle/restore:userinfo' => array( 360 361 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG, 362 363 'captype' => 'write', 364 'contextlevel' => CONTEXT_COURSE, 365 'archetypes' => array( 366 'manager' => CAP_ALLOW 367 ) 368 ), 369 370 'moodle/restore:createuser' => array( 371 372 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 373 374 'captype' => 'write', 375 'contextlevel' => CONTEXT_SYSTEM, 376 'archetypes' => array( 377 'manager' => CAP_ALLOW 378 ) 379 ), 380 381 'moodle/site:manageblocks' => array( 382 383 'riskbitmask' => RISK_SPAM | RISK_XSS, 384 385 'captype' => 'write', 386 'contextlevel' => CONTEXT_BLOCK, 387 'archetypes' => array( 388 'editingteacher' => CAP_ALLOW, 389 'manager' => CAP_ALLOW 390 ) 391 ), 392 393 'moodle/site:accessallgroups' => array( 394 395 'captype' => 'read', 396 'contextlevel' => CONTEXT_MODULE, 397 'archetypes' => array( 398 'editingteacher' => CAP_ALLOW, 399 'manager' => CAP_ALLOW 400 ) 401 ), 402 403 'moodle/site:viewanonymousevents' => array( 404 405 'riskbitmask' => RISK_PERSONAL, 406 407 'captype' => 'read', 408 'contextlevel' => CONTEXT_MODULE, 409 'archetypes' => array( 410 'manager' => CAP_ALLOW, 411 ) 412 ), 413 414 'moodle/site:viewfullnames' => array( 415 416 'captype' => 'read', 417 'contextlevel' => CONTEXT_MODULE, 418 'archetypes' => array( 419 'teacher' => CAP_ALLOW, 420 'editingteacher' => CAP_ALLOW, 421 'manager' => CAP_ALLOW 422 ) 423 ), 424 425 // In reports that give lists of users, extra information about each user's 426 // identity (the fields configured in site option showuseridentity) will be 427 // displayed to users who have this capability. 428 'moodle/site:viewuseridentity' => array( 429 430 'captype' => 'read', 431 'contextlevel' => CONTEXT_MODULE, 432 'archetypes' => array( 433 'teacher' => CAP_ALLOW, 434 'editingteacher' => CAP_ALLOW, 435 'manager' => CAP_ALLOW 436 ) 437 ), 438 439 'moodle/site:viewreports' => array( 440 441 'riskbitmask' => RISK_PERSONAL, 442 443 'captype' => 'read', 444 'contextlevel' => CONTEXT_COURSE, 445 'archetypes' => array( 446 'teacher' => CAP_ALLOW, 447 'editingteacher' => CAP_ALLOW, 448 'manager' => CAP_ALLOW 449 ) 450 ), 451 452 'moodle/site:trustcontent' => array( 453 454 'riskbitmask' => RISK_XSS, 455 456 'captype' => 'write', 457 'contextlevel' => CONTEXT_MODULE, 458 'archetypes' => array( 459 'editingteacher' => CAP_ALLOW, 460 'manager' => CAP_ALLOW 461 ) 462 ), 463 464 'moodle/site:uploadusers' => array( 465 466 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 467 468 'captype' => 'write', 469 'contextlevel' => CONTEXT_SYSTEM, 470 'archetypes' => array( 471 'manager' => CAP_ALLOW 472 ) 473 ), 474 475 // Permission to manage filter setting overrides in subcontexts. 476 'moodle/filter:manage' => array( 477 478 'captype' => 'write', 479 'contextlevel' => CONTEXT_COURSE, 480 'archetypes' => array( 481 'editingteacher' => CAP_ALLOW, 482 'manager' => CAP_ALLOW, 483 ) 484 ), 485 486 'moodle/user:create' => array( 487 488 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 489 490 'captype' => 'write', 491 'contextlevel' => CONTEXT_SYSTEM, 492 'archetypes' => array( 493 'manager' => CAP_ALLOW 494 ) 495 ), 496 497 'moodle/user:delete' => array( 498 499 'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS, 500 501 'captype' => 'write', 502 'contextlevel' => CONTEXT_SYSTEM, 503 'archetypes' => array( 504 'manager' => CAP_ALLOW 505 ) 506 ), 507 508 'moodle/user:update' => array( 509 510 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 511 512 'captype' => 'write', 513 'contextlevel' => CONTEXT_SYSTEM, 514 'archetypes' => array( 515 'manager' => CAP_ALLOW 516 ) 517 ), 518 519 'moodle/user:viewdetails' => array( 520 521 'captype' => 'read', 522 'contextlevel' => CONTEXT_COURSE, 523 'archetypes' => array( 524 'guest' => CAP_ALLOW, 525 'student' => CAP_ALLOW, 526 'teacher' => CAP_ALLOW, 527 'editingteacher' => CAP_ALLOW, 528 'manager' => CAP_ALLOW 529 ) 530 ), 531 532 'moodle/user:viewalldetails' => array( 533 'riskbitmask' => RISK_PERSONAL, 534 'captype' => 'read', 535 'contextlevel' => CONTEXT_USER, 536 'archetypes' => array( 537 'manager' => CAP_ALLOW 538 ), 539 'clonepermissionsfrom' => 'moodle/user:update' 540 ), 541 542 'moodle/user:viewlastip' => array( 543 'riskbitmask' => RISK_PERSONAL, 544 'captype' => 'read', 545 'contextlevel' => CONTEXT_USER, 546 'archetypes' => array( 547 'manager' => CAP_ALLOW 548 ), 549 'clonepermissionsfrom' => 'moodle/user:update' 550 ), 551 552 'moodle/user:viewhiddendetails' => array( 553 554 'riskbitmask' => RISK_PERSONAL, 555 556 'captype' => 'read', 557 'contextlevel' => CONTEXT_COURSE, 558 'archetypes' => array( 559 'teacher' => CAP_ALLOW, 560 'editingteacher' => CAP_ALLOW, 561 'manager' => CAP_ALLOW 562 ) 563 ), 564 565 'moodle/user:loginas' => array( 566 567 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG, 568 569 'captype' => 'write', 570 'contextlevel' => CONTEXT_COURSE, 571 'archetypes' => array( 572 'manager' => CAP_ALLOW 573 ) 574 ), 575 576 // can the user manage the system default profile page? 577 'moodle/user:managesyspages' => array( 578 579 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG, 580 581 'captype' => 'write', 582 'contextlevel' => CONTEXT_SYSTEM, 583 'archetypes' => array( 584 'manager' => CAP_ALLOW 585 ) 586 ), 587 588 // can the user manage another user's profile page? 589 'moodle/user:manageblocks' => array( 590 591 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 592 593 'captype' => 'write', 594 'contextlevel' => CONTEXT_USER 595 ), 596 597 // can the user manage their own profile page? 598 'moodle/user:manageownblocks' => array( 599 600 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 601 602 'captype' => 'write', 603 'contextlevel' => CONTEXT_SYSTEM, 604 'archetypes' => array( 605 'user' => CAP_ALLOW 606 ) 607 ), 608 609 // can the user manage their own files? 610 'moodle/user:manageownfiles' => array( 611 612 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 613 614 'captype' => 'write', 615 'contextlevel' => CONTEXT_SYSTEM, 616 'archetypes' => array( 617 'user' => CAP_ALLOW 618 ) 619 ), 620 621 // Can the user ignore the setting userquota? 622 // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose. 623 'moodle/user:ignoreuserquota' => array( 624 'riskbitmap' => RISK_SPAM, 625 'captype' => 'write', 626 'contextlevel' => CONTEXT_SYSTEM, 627 'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits' 628 ), 629 630 // can the user manage the system default dashboard page? 631 'moodle/my:configsyspages' => array( 632 633 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG, 634 635 'captype' => 'write', 636 'contextlevel' => CONTEXT_SYSTEM, 637 'archetypes' => array( 638 'manager' => CAP_ALLOW 639 ) 640 ), 641 642 'moodle/role:assign' => array( 643 644 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 645 646 'captype' => 'write', 647 'contextlevel' => CONTEXT_COURSE, 648 'archetypes' => array( 649 'editingteacher' => CAP_ALLOW, 650 'manager' => CAP_ALLOW 651 ) 652 ), 653 654 'moodle/role:review' => array( 655 656 'riskbitmask' => RISK_PERSONAL, 657 658 'captype' => 'read', 659 'contextlevel' => CONTEXT_COURSE, 660 'archetypes' => array( 661 'teacher' => CAP_ALLOW, 662 'editingteacher' => CAP_ALLOW, 663 'manager' => CAP_ALLOW 664 ) 665 ), 666 667 // The ability to override the permissions for any capability. 668 'moodle/role:override' => array( 669 670 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 671 672 'captype' => 'write', 673 'contextlevel' => CONTEXT_COURSE, 674 'archetypes' => array( 675 'manager' => CAP_ALLOW 676 ) 677 ), 678 679 // The ability to override the permissions for 'safe' capabilities (those without risks). 680 // If a user has moodle/role:override then you should not check this capability. 681 'moodle/role:safeoverride' => array( 682 683 'riskbitmask' => RISK_SPAM, 684 685 'captype' => 'write', 686 'contextlevel' => CONTEXT_COURSE, 687 'archetypes' => array( 688 'editingteacher' => CAP_ALLOW 689 ) 690 ), 691 692 'moodle/role:manage' => array( 693 694 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 695 696 'captype' => 'write', 697 'contextlevel' => CONTEXT_SYSTEM, 698 'archetypes' => array( 699 'manager' => CAP_ALLOW 700 ) 701 ), 702 703 'moodle/role:switchroles' => array( 704 705 'riskbitmask' => RISK_XSS | RISK_PERSONAL, 706 707 'captype' => 'read', 708 'contextlevel' => CONTEXT_COURSE, 709 'archetypes' => array( 710 'editingteacher' => CAP_ALLOW, 711 'manager' => CAP_ALLOW 712 ) 713 ), 714 715 // Create, update and delete course categories. (Deleting a course category 716 // does not let you delete the courses it contains, unless you also have 717 // moodle/course: delete.) Creating and deleting requires this permission in 718 // the parent category. 719 'moodle/category:manage' => array( 720 721 'riskbitmask' => RISK_XSS, 722 723 'captype' => 'write', 724 'contextlevel' => CONTEXT_COURSECAT, 725 'archetypes' => array( 726 'manager' => CAP_ALLOW 727 ), 728 'clonepermissionsfrom' => 'moodle/category:update' 729 ), 730 731 'moodle/category:viewcourselist' => array( 732 733 'captype' => 'read', 734 'contextlevel' => CONTEXT_COURSECAT, 735 'archetypes' => array( 736 'guest' => CAP_ALLOW, 737 'user' => CAP_ALLOW, 738 ) 739 ), 740 741 'moodle/category:viewhiddencategories' => array( 742 743 'captype' => 'read', 744 'contextlevel' => CONTEXT_COURSECAT, 745 'archetypes' => array( 746 'coursecreator' => CAP_ALLOW, 747 'manager' => CAP_ALLOW 748 ), 749 'clonepermissionsfrom' => 'moodle/category:visibility' 750 ), 751 752 // create, delete, move cohorts in system and course categories, 753 // (cohorts with component !== null can be only moved) 754 'moodle/cohort:manage' => array( 755 756 'captype' => 'write', 757 'contextlevel' => CONTEXT_COURSECAT, 758 'archetypes' => array( 759 'manager' => CAP_ALLOW 760 ) 761 ), 762 763 // add and remove cohort members (only for cohorts where component !== null) 764 'moodle/cohort:assign' => array( 765 766 'captype' => 'write', 767 'contextlevel' => CONTEXT_COURSECAT, 768 'archetypes' => array( 769 'manager' => CAP_ALLOW 770 ) 771 ), 772 773 // View visible and hidden cohorts defined in the current context. 774 'moodle/cohort:view' => array( 775 776 'captype' => 'read', 777 'contextlevel' => CONTEXT_COURSE, 778 'archetypes' => array( 779 'editingteacher' => CAP_ALLOW, 780 'manager' => CAP_ALLOW 781 ) 782 ), 783 784 'moodle/cohort:configurecustomfields' => array( 785 'riskbitmask' => RISK_SPAM, 786 'captype' => 'write', 787 'contextlevel' => CONTEXT_SYSTEM, 788 'clonepermissionsfrom' => 'moodle/site:config' 789 ), 790 791 'moodle/course:create' => array( 792 793 'riskbitmask' => RISK_XSS, 794 795 'captype' => 'write', 796 'contextlevel' => CONTEXT_COURSECAT, 797 'archetypes' => array( 798 'coursecreator' => CAP_ALLOW, 799 'manager' => CAP_ALLOW 800 ) 801 ), 802 803 'moodle/course:creategroupconversations' => array( 804 'riskbitmask' => RISK_XSS, 805 'captype' => 'write', 806 'contextlevel' => CONTEXT_COURSE, 807 'archetypes' => array( 808 'editingteacher' => CAP_ALLOW, 809 'manager' => CAP_ALLOW 810 ) 811 ), 812 813 'moodle/course:request' => array( 814 'captype' => 'write', 815 'contextlevel' => CONTEXT_COURSECAT, 816 ), 817 818 'moodle/course:delete' => array( 819 820 'riskbitmask' => RISK_DATALOSS, 821 822 'captype' => 'write', 823 'contextlevel' => CONTEXT_COURSE, 824 'archetypes' => array( 825 'manager' => CAP_ALLOW 826 ) 827 ), 828 829 'moodle/course:update' => array( 830 831 'riskbitmask' => RISK_XSS, 832 833 'captype' => 'write', 834 'contextlevel' => CONTEXT_COURSE, 835 'archetypes' => array( 836 'editingteacher' => CAP_ALLOW, 837 'manager' => CAP_ALLOW 838 ) 839 ), 840 841 'moodle/course:view' => array( 842 843 'captype' => 'read', 844 'contextlevel' => CONTEXT_COURSE, 845 'archetypes' => array( 846 'manager' => CAP_ALLOW, 847 ) 848 ), 849 850 /* review course enrolments - no group restrictions, it is really full access to all participants info*/ 851 'moodle/course:enrolreview' => array( 852 853 'riskbitmask' => RISK_PERSONAL, 854 855 'captype' => 'read', 856 'contextlevel' => CONTEXT_COURSE, 857 'archetypes' => array( 858 'editingteacher' => CAP_ALLOW, 859 'manager' => CAP_ALLOW, 860 ) 861 ), 862 863 /* add, remove, hide enrol instances in courses */ 864 'moodle/course:enrolconfig' => array( 865 866 'riskbitmask' => RISK_PERSONAL, 867 868 'captype' => 'write', 869 'contextlevel' => CONTEXT_COURSE, 870 'archetypes' => array( 871 'editingteacher' => CAP_ALLOW, 872 'manager' => CAP_ALLOW, 873 ) 874 ), 875 876 'moodle/course:reviewotherusers' => array( 877 878 'captype' => 'read', 879 'contextlevel' => CONTEXT_COURSE, 880 'archetypes' => array( 881 'editingteacher' => CAP_ALLOW, 882 'manager' => CAP_ALLOW, 883 ), 884 'clonepermissionsfrom' => 'moodle/role:assign' 885 ), 886 887 'moodle/course:bulkmessaging' => array( 888 889 'riskbitmask' => RISK_SPAM, 890 891 'captype' => 'write', 892 'contextlevel' => CONTEXT_COURSE, 893 'archetypes' => array( 894 'teacher' => CAP_ALLOW, 895 'editingteacher' => CAP_ALLOW, 896 'manager' => CAP_ALLOW 897 ) 898 ), 899 900 'moodle/course:viewhiddenuserfields' => array( 901 902 'riskbitmask' => RISK_PERSONAL, 903 904 'captype' => 'read', 905 'contextlevel' => CONTEXT_COURSE, 906 'archetypes' => array( 907 'teacher' => CAP_ALLOW, 908 'editingteacher' => CAP_ALLOW, 909 'manager' => CAP_ALLOW 910 ) 911 ), 912 913 'moodle/course:viewhiddencourses' => array( 914 915 'captype' => 'read', 916 'contextlevel' => CONTEXT_COURSE, 917 'archetypes' => array( 918 'coursecreator' => CAP_ALLOW, 919 'teacher' => CAP_ALLOW, 920 'editingteacher' => CAP_ALLOW, 921 'manager' => CAP_ALLOW 922 ) 923 ), 924 925 'moodle/course:visibility' => array( 926 927 'captype' => 'write', 928 'contextlevel' => CONTEXT_COURSE, 929 'archetypes' => array( 930 'editingteacher' => CAP_ALLOW, 931 'manager' => CAP_ALLOW 932 ) 933 ), 934 935 'moodle/course:managefiles' => array( 936 937 'riskbitmask' => RISK_XSS, 938 939 'captype' => 'write', 940 'contextlevel' => CONTEXT_COURSE, 941 'archetypes' => array( 942 'editingteacher' => CAP_ALLOW, 943 'manager' => CAP_ALLOW 944 ) 945 ), 946 947 'moodle/course:ignoreavailabilityrestrictions' => array( 948 'captype' => 'read', 949 'contextlevel' => CONTEXT_MODULE, 950 'archetypes' => array( 951 'manager' => CAP_ALLOW, 952 'coursecreator' => CAP_ALLOW, 953 'editingteacher' => CAP_ALLOW, 954 'teacher' => CAP_ALLOW, 955 ), 956 'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities' 957 ), 958 959 'moodle/course:ignorefilesizelimits' => array( 960 961 'captype' => 'write', 962 'contextlevel' => CONTEXT_COURSE, 963 'archetypes' => array( 964 ) 965 ), 966 967 'moodle/course:manageactivities' => array( 968 969 'riskbitmask' => RISK_XSS, 970 971 'captype' => 'write', 972 'contextlevel' => CONTEXT_MODULE, 973 'archetypes' => array( 974 'editingteacher' => CAP_ALLOW, 975 'manager' => CAP_ALLOW 976 ) 977 ), 978 979 'moodle/course:activityvisibility' => array( 980 981 'captype' => 'write', 982 'contextlevel' => CONTEXT_MODULE, 983 'archetypes' => array( 984 'editingteacher' => CAP_ALLOW, 985 'manager' => CAP_ALLOW 986 ) 987 ), 988 989 'moodle/course:viewhiddenactivities' => array( 990 991 'captype' => 'read', 992 'contextlevel' => CONTEXT_MODULE, 993 'archetypes' => array( 994 'teacher' => CAP_ALLOW, 995 'editingteacher' => CAP_ALLOW, 996 'manager' => CAP_ALLOW 997 ) 998 ), 999 1000 'moodle/course:viewparticipants' => array( 1001 1002 'captype' => 'read', 1003 'contextlevel' => CONTEXT_COURSE, 1004 'archetypes' => array( 1005 'student' => CAP_ALLOW, 1006 'teacher' => CAP_ALLOW, 1007 'editingteacher' => CAP_ALLOW, 1008 'manager' => CAP_ALLOW 1009 ) 1010 ), 1011 1012 'moodle/course:changefullname' => array( 1013 1014 'riskbitmask' => RISK_XSS, 1015 1016 'captype' => 'write', 1017 'contextlevel' => CONTEXT_COURSE, 1018 'archetypes' => array( 1019 'editingteacher' => CAP_ALLOW, 1020 'manager' => CAP_ALLOW 1021 ), 1022 'clonepermissionsfrom' => 'moodle/course:update' 1023 ), 1024 1025 'moodle/course:changeshortname' => array( 1026 1027 'riskbitmask' => RISK_XSS, 1028 1029 'captype' => 'write', 1030 'contextlevel' => CONTEXT_COURSE, 1031 'archetypes' => array( 1032 'editingteacher' => CAP_ALLOW, 1033 'manager' => CAP_ALLOW 1034 ), 1035 'clonepermissionsfrom' => 'moodle/course:update' 1036 ), 1037 1038 'moodle/course:changelockedcustomfields' => array( 1039 1040 'riskbitmask' => RISK_SPAM, 1041 1042 'captype' => 'write', 1043 'contextlevel' => CONTEXT_COURSE, 1044 'archetypes' => array( 1045 'manager' => CAP_ALLOW 1046 ), 1047 ), 1048 1049 'moodle/course:configurecustomfields' => array( 1050 1051 'riskbitmask' => RISK_SPAM, 1052 1053 'captype' => 'write', 1054 'contextlevel' => CONTEXT_SYSTEM, 1055 'clonepermissionsfrom' => 'moodle/site:config' 1056 ), 1057 1058 'moodle/course:renameroles' => array( 1059 'captype' => 'write', 1060 'contextlevel' => CONTEXT_COURSE, 1061 'archetypes' => array( 1062 'editingteacher' => CAP_ALLOW, 1063 'manager' => CAP_ALLOW 1064 ), 1065 'clonepermissionsfrom' => 'moodle/course:update' 1066 ), 1067 1068 'moodle/course:changeidnumber' => array( 1069 1070 'riskbitmask' => RISK_XSS, 1071 1072 'captype' => 'write', 1073 'contextlevel' => CONTEXT_COURSE, 1074 'archetypes' => array( 1075 'editingteacher' => CAP_ALLOW, 1076 'manager' => CAP_ALLOW 1077 ), 1078 'clonepermissionsfrom' => 'moodle/course:update' 1079 ), 1080 'moodle/course:changecategory' => array( 1081 'riskbitmask' => RISK_XSS, 1082 1083 'captype' => 'write', 1084 'contextlevel' => CONTEXT_COURSE, 1085 'archetypes' => array( 1086 'editingteacher' => CAP_ALLOW, 1087 'manager' => CAP_ALLOW 1088 ), 1089 'clonepermissionsfrom' => 'moodle/course:update' 1090 ), 1091 1092 'moodle/course:changesummary' => array( 1093 'riskbitmask' => RISK_XSS, 1094 1095 'captype' => 'write', 1096 'contextlevel' => CONTEXT_COURSE, 1097 'archetypes' => array( 1098 'editingteacher' => CAP_ALLOW, 1099 'manager' => CAP_ALLOW 1100 ), 1101 'clonepermissionsfrom' => 'moodle/course:update' 1102 ), 1103 1104 // Ability to set a forced language for a course or activity. 1105 'moodle/course:setforcedlanguage' => array( 1106 'captype' => 'write', 1107 'contextlevel' => CONTEXT_COURSE, 1108 'archetypes' => array( 1109 'editingteacher' => CAP_ALLOW, 1110 'manager' => CAP_ALLOW 1111 ), 1112 'clonepermissionsfrom' => 'moodle/course:update' 1113 ), 1114 1115 1116 'moodle/site:viewparticipants' => array( 1117 1118 'captype' => 'read', 1119 'contextlevel' => CONTEXT_SYSTEM, 1120 'archetypes' => array( 1121 'manager' => CAP_ALLOW 1122 ) 1123 ), 1124 1125 'moodle/course:isincompletionreports' => array( 1126 'captype' => 'read', 1127 'contextlevel' => CONTEXT_COURSE, 1128 'archetypes' => array( 1129 'student' => CAP_ALLOW, 1130 ), 1131 ), 1132 1133 'moodle/course:viewscales' => array( 1134 1135 'captype' => 'read', 1136 'contextlevel' => CONTEXT_COURSE, 1137 'archetypes' => array( 1138 'student' => CAP_ALLOW, 1139 'teacher' => CAP_ALLOW, 1140 'editingteacher' => CAP_ALLOW, 1141 'manager' => CAP_ALLOW 1142 ) 1143 ), 1144 1145 'moodle/course:managescales' => array( 1146 1147 'captype' => 'write', 1148 'contextlevel' => CONTEXT_COURSE, 1149 'archetypes' => array( 1150 'editingteacher' => CAP_ALLOW, 1151 'manager' => CAP_ALLOW 1152 ) 1153 ), 1154 1155 'moodle/course:managegroups' => array( 1156 'riskbitmask' => RISK_XSS, 1157 1158 'captype' => 'write', 1159 'contextlevel' => CONTEXT_COURSE, 1160 'archetypes' => array( 1161 'editingteacher' => CAP_ALLOW, 1162 'manager' => CAP_ALLOW 1163 ) 1164 ), 1165 1166 'moodle/course:viewhiddengroups' => array( 1167 'riskbitmask' => RISK_PERSONAL, 1168 'captype' => 'READ', 1169 'contextlevel' => CONTEXT_COURSE, 1170 'archetypes' => array( 1171 'teacher' => CAP_ALLOW, 1172 'editingteacher' => CAP_ALLOW, 1173 'manager' => CAP_ALLOW 1174 ) 1175 ), 1176 1177 'moodle/course:reset' => array( 1178 1179 'riskbitmask' => RISK_DATALOSS, 1180 1181 'captype' => 'write', 1182 'contextlevel' => CONTEXT_COURSE, 1183 'archetypes' => array( 1184 'editingteacher' => CAP_ALLOW, 1185 'manager' => CAP_ALLOW 1186 ) 1187 ), 1188 1189 'moodle/course:viewsuspendedusers' => array( 1190 1191 'captype' => 'read', 1192 'contextlevel' => CONTEXT_COURSE, 1193 'archetypes' => array( 1194 'editingteacher' => CAP_ALLOW, 1195 'manager' => CAP_ALLOW 1196 ) 1197 ), 1198 1199 'moodle/course:tag' => array( 1200 'riskbitmask' => RISK_SPAM, 1201 'captype' => 'write', 1202 'contextlevel' => CONTEXT_COURSE, 1203 'archetypes' => array( 1204 'manager' => CAP_ALLOW, 1205 'editingteacher' => CAP_ALLOW, 1206 ), 1207 'clonepermissionsfrom' => 'moodle/course:update' 1208 ), 1209 1210 'moodle/blog:view' => array( 1211 1212 'captype' => 'read', 1213 'contextlevel' => CONTEXT_SYSTEM, 1214 'archetypes' => array( 1215 'guest' => CAP_ALLOW, 1216 'user' => CAP_ALLOW, 1217 'student' => CAP_ALLOW, 1218 'teacher' => CAP_ALLOW, 1219 'editingteacher' => CAP_ALLOW, 1220 'manager' => CAP_ALLOW 1221 ) 1222 ), 1223 1224 'moodle/blog:search' => array( 1225 'captype' => 'read', 1226 'contextlevel' => CONTEXT_SYSTEM, 1227 'archetypes' => array( 1228 'guest' => CAP_ALLOW, 1229 'user' => CAP_ALLOW, 1230 'student' => CAP_ALLOW, 1231 'teacher' => CAP_ALLOW, 1232 'editingteacher' => CAP_ALLOW, 1233 'manager' => CAP_ALLOW 1234 ) 1235 ), 1236 1237 'moodle/blog:viewdrafts' => array( 1238 1239 'riskbitmask' => RISK_PERSONAL, 1240 'captype' => 'read', 1241 'contextlevel' => CONTEXT_SYSTEM, 1242 'archetypes' => array( 1243 'manager' => CAP_ALLOW 1244 ) 1245 ), 1246 1247 'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only 1248 1249 'riskbitmask' => RISK_SPAM, 1250 1251 'captype' => 'write', 1252 'contextlevel' => CONTEXT_SYSTEM, 1253 'archetypes' => array( 1254 'user' => CAP_ALLOW, 1255 'manager' => CAP_ALLOW 1256 ) 1257 ), 1258 1259 'moodle/blog:manageentries' => array( 1260 1261 'riskbitmask' => RISK_SPAM, 1262 1263 'captype' => 'write', 1264 'contextlevel' => CONTEXT_SYSTEM, 1265 'archetypes' => array( 1266 'teacher' => CAP_ALLOW, 1267 'editingteacher' => CAP_ALLOW, 1268 'manager' => CAP_ALLOW 1269 ) 1270 ), 1271 1272 'moodle/blog:manageexternal' => array( 1273 1274 'riskbitmask' => RISK_SPAM, 1275 1276 'captype' => 'write', 1277 'contextlevel' => CONTEXT_SYSTEM, 1278 'archetypes' => array( 1279 'student' => CAP_ALLOW, 1280 'user' => CAP_ALLOW, 1281 'teacher' => CAP_ALLOW, 1282 'editingteacher' => CAP_ALLOW, 1283 'manager' => CAP_ALLOW 1284 ) 1285 ), 1286 1287 'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only 1288 1289 'riskbitmask' => RISK_SPAM, 1290 1291 'captype' => 'write', 1292 'contextlevel' => CONTEXT_COURSE, 1293 'archetypes' => array( 1294 'user' => CAP_ALLOW, 1295 'manager' => CAP_ALLOW 1296 ) 1297 ), 1298 1299 'moodle/calendar:managegroupentries' => array( 1300 1301 'riskbitmask' => RISK_SPAM, 1302 1303 'captype' => 'write', 1304 'contextlevel' => CONTEXT_COURSE, 1305 'archetypes' => array( 1306 'teacher' => CAP_ALLOW, 1307 'editingteacher' => CAP_ALLOW, 1308 'manager' => CAP_ALLOW 1309 ) 1310 ), 1311 1312 'moodle/calendar:manageentries' => array( 1313 1314 'riskbitmask' => RISK_SPAM, 1315 1316 'captype' => 'write', 1317 'contextlevel' => CONTEXT_COURSE, 1318 'archetypes' => array( 1319 'teacher' => CAP_ALLOW, 1320 'editingteacher' => CAP_ALLOW, 1321 'manager' => CAP_ALLOW 1322 ) 1323 ), 1324 1325 'moodle/user:editprofile' => array( 1326 1327 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1328 1329 'captype' => 'write', 1330 'contextlevel' => CONTEXT_USER, 1331 'archetypes' => array( 1332 'manager' => CAP_ALLOW 1333 ) 1334 ), 1335 1336 'moodle/user:editownprofile' => array( 1337 1338 'riskbitmask' => RISK_SPAM, 1339 1340 'captype' => 'write', 1341 'contextlevel' => CONTEXT_SYSTEM, 1342 'archetypes' => array( 1343 'guest' => CAP_PROHIBIT, 1344 'user' => CAP_ALLOW, 1345 'manager' => CAP_ALLOW 1346 ) 1347 ), 1348 1349 'moodle/user:changeownpassword' => array( 1350 1351 'captype' => 'write', 1352 'contextlevel' => CONTEXT_SYSTEM, 1353 'archetypes' => array( 1354 'guest' => CAP_PROHIBIT, 1355 'user' => CAP_ALLOW, 1356 'manager' => CAP_ALLOW 1357 ) 1358 ), 1359 1360 // The next 3 might make no sense for some roles, e.g teacher, etc. 1361 // since the next level up is site. These are more for the parent role 1362 'moodle/user:readuserposts' => array( 1363 1364 'captype' => 'read', 1365 'contextlevel' => CONTEXT_USER, 1366 'archetypes' => array( 1367 'student' => CAP_ALLOW, 1368 'teacher' => CAP_ALLOW, 1369 'editingteacher' => CAP_ALLOW, 1370 'manager' => CAP_ALLOW 1371 ) 1372 ), 1373 1374 'moodle/user:readuserblogs' => array( 1375 1376 'captype' => 'read', 1377 'contextlevel' => CONTEXT_USER, 1378 'archetypes' => array( 1379 'student' => CAP_ALLOW, 1380 'teacher' => CAP_ALLOW, 1381 'editingteacher' => CAP_ALLOW, 1382 'manager' => CAP_ALLOW 1383 ) 1384 ), 1385 1386 // designed for parent role - not used in legacy roles 1387 'moodle/user:viewuseractivitiesreport' => array( 1388 'riskbitmask' => RISK_PERSONAL, 1389 1390 'captype' => 'read', 1391 'contextlevel' => CONTEXT_USER, 1392 'archetypes' => array( 1393 ) 1394 ), 1395 1396 //capabilities designed for the new message system configuration 1397 'moodle/user:editmessageprofile' => array( 1398 1399 'riskbitmask' => RISK_SPAM, 1400 1401 'captype' => 'write', 1402 'contextlevel' => CONTEXT_USER, 1403 'archetypes' => array( 1404 'manager' => CAP_ALLOW 1405 ) 1406 ), 1407 1408 'moodle/user:editownmessageprofile' => array( 1409 1410 'captype' => 'write', 1411 'contextlevel' => CONTEXT_SYSTEM, 1412 'archetypes' => array( 1413 'guest' => CAP_PROHIBIT, 1414 'user' => CAP_ALLOW, 1415 'manager' => CAP_ALLOW 1416 ) 1417 ), 1418 1419 'moodle/question:managecategory' => array( 1420 'riskbitmask' => RISK_SPAM | RISK_XSS, 1421 'captype' => 'write', 1422 'contextlevel' => CONTEXT_COURSE, 1423 'archetypes' => array( 1424 'editingteacher' => CAP_ALLOW, 1425 'manager' => CAP_ALLOW 1426 ) 1427 ), 1428 1429 //new in moodle 1.9 1430 'moodle/question:add' => array( 1431 'riskbitmask' => RISK_SPAM | RISK_XSS, 1432 'captype' => 'write', 1433 'contextlevel' => CONTEXT_COURSE, 1434 'archetypes' => array( 1435 'editingteacher' => CAP_ALLOW, 1436 'manager' => CAP_ALLOW 1437 ), 1438 'clonepermissionsfrom' => 'moodle/question:manage' 1439 ), 1440 'moodle/question:editmine' => array( 1441 'riskbitmask' => RISK_SPAM | RISK_XSS, 1442 'captype' => 'write', 1443 'contextlevel' => CONTEXT_COURSE, 1444 'archetypes' => array( 1445 'editingteacher' => CAP_ALLOW, 1446 'manager' => CAP_ALLOW 1447 ), 1448 'clonepermissionsfrom' => 'moodle/question:manage' 1449 ), 1450 'moodle/question:editall' => array( 1451 'riskbitmask' => RISK_SPAM | RISK_XSS, 1452 'captype' => 'write', 1453 'contextlevel' => CONTEXT_COURSE, 1454 'archetypes' => array( 1455 'editingteacher' => CAP_ALLOW, 1456 'manager' => CAP_ALLOW 1457 ), 1458 'clonepermissionsfrom' => 'moodle/question:manage' 1459 ), 1460 'moodle/question:viewmine' => array( 1461 'captype' => 'read', 1462 'contextlevel' => CONTEXT_COURSE, 1463 'archetypes' => array( 1464 'editingteacher' => CAP_ALLOW, 1465 'manager' => CAP_ALLOW 1466 ), 1467 'clonepermissionsfrom' => 'moodle/question:manage' 1468 ), 1469 'moodle/question:viewall' => array( 1470 'captype' => 'read', 1471 'contextlevel' => CONTEXT_COURSE, 1472 'archetypes' => array( 1473 'editingteacher' => CAP_ALLOW, 1474 'manager' => CAP_ALLOW 1475 ), 1476 'clonepermissionsfrom' => 'moodle/question:manage' 1477 ), 1478 'moodle/question:usemine' => array( 1479 'captype' => 'read', 1480 'contextlevel' => CONTEXT_COURSE, 1481 'archetypes' => array( 1482 'editingteacher' => CAP_ALLOW, 1483 'manager' => CAP_ALLOW 1484 ), 1485 'clonepermissionsfrom' => 'moodle/question:manage' 1486 ), 1487 'moodle/question:useall' => array( 1488 'captype' => 'read', 1489 'contextlevel' => CONTEXT_COURSE, 1490 'archetypes' => array( 1491 'editingteacher' => CAP_ALLOW, 1492 'manager' => CAP_ALLOW 1493 ), 1494 'clonepermissionsfrom' => 'moodle/question:manage' 1495 ), 1496 'moodle/question:movemine' => array( 1497 'captype' => 'write', 1498 'contextlevel' => CONTEXT_COURSE, 1499 'archetypes' => array( 1500 'editingteacher' => CAP_ALLOW, 1501 'manager' => CAP_ALLOW 1502 ), 1503 'clonepermissionsfrom' => 'moodle/question:manage' 1504 ), 1505 'moodle/question:moveall' => array( 1506 'captype' => 'write', 1507 'contextlevel' => CONTEXT_COURSE, 1508 'archetypes' => array( 1509 'editingteacher' => CAP_ALLOW, 1510 'manager' => CAP_ALLOW 1511 ), 1512 'clonepermissionsfrom' => 'moodle/question:manage' 1513 ), 1514 //END new in moodle 1.9 1515 1516 // Configure the installed question types. 1517 'moodle/question:config' => array( 1518 'riskbitmask' => RISK_CONFIG, 1519 'captype' => 'write', 1520 'contextlevel' => CONTEXT_SYSTEM, 1521 'archetypes' => array( 1522 'manager' => CAP_ALLOW 1523 ) 1524 ), 1525 1526 // While attempting questions, the ability to flag particular questions for later reference. 1527 'moodle/question:flag' => array( 1528 'captype' => 'write', 1529 'contextlevel' => CONTEXT_COURSE, 1530 'archetypes' => array( 1531 'student' => CAP_ALLOW, 1532 'teacher' => CAP_ALLOW, 1533 'editingteacher' => CAP_ALLOW, 1534 'manager' => CAP_ALLOW 1535 ) 1536 ), 1537 1538 // Controls whether the user can tag his own questions. 1539 'moodle/question:tagmine' => array( 1540 'captype' => 'write', 1541 'contextlevel' => CONTEXT_COURSE, 1542 'archetypes' => array( 1543 'editingteacher' => CAP_ALLOW, 1544 'manager' => CAP_ALLOW 1545 ), 1546 'clonepermissionsfrom' => 'moodle/question:editmine' 1547 ), 1548 1549 // Controls whether the user can tag all questions. 1550 'moodle/question:tagall' => array( 1551 'captype' => 'write', 1552 'contextlevel' => CONTEXT_COURSE, 1553 'archetypes' => array( 1554 'editingteacher' => CAP_ALLOW, 1555 'manager' => CAP_ALLOW 1556 ), 1557 'clonepermissionsfrom' => 'moodle/question:editall' 1558 ), 1559 1560 'moodle/site:doclinks' => array( 1561 'captype' => 'read', 1562 'contextlevel' => CONTEXT_SYSTEM, 1563 'archetypes' => array( 1564 'teacher' => CAP_ALLOW, 1565 'editingteacher' => CAP_ALLOW, 1566 'manager' => CAP_ALLOW 1567 ) 1568 ), 1569 1570 'moodle/course:sectionvisibility' => array( 1571 1572 'captype' => 'write', 1573 'contextlevel' => CONTEXT_COURSE, 1574 'archetypes' => array( 1575 'editingteacher' => CAP_ALLOW, 1576 'manager' => CAP_ALLOW 1577 ) 1578 ), 1579 1580 'moodle/course:useremail' => array( 1581 1582 'captype' => 'write', 1583 'contextlevel' => CONTEXT_COURSE, 1584 'archetypes' => array( 1585 'editingteacher' => CAP_ALLOW, 1586 'manager' => CAP_ALLOW 1587 ) 1588 ), 1589 1590 'moodle/course:viewhiddensections' => array( 1591 1592 'captype' => 'read', 1593 'contextlevel' => CONTEXT_COURSE, 1594 'archetypes' => array( 1595 'editingteacher' => CAP_ALLOW, 1596 'manager' => CAP_ALLOW 1597 ) 1598 ), 1599 1600 'moodle/course:setcurrentsection' => array( 1601 1602 'captype' => 'write', 1603 'contextlevel' => CONTEXT_COURSE, 1604 'archetypes' => array( 1605 'editingteacher' => CAP_ALLOW, 1606 'manager' => CAP_ALLOW 1607 ) 1608 ), 1609 1610 'moodle/course:movesections' => array( 1611 1612 'captype' => 'write', 1613 'contextlevel' => CONTEXT_COURSE, 1614 'archetypes' => array( 1615 'editingteacher' => CAP_ALLOW, 1616 'manager' => CAP_ALLOW 1617 ), 1618 'clonepermissionsfrom' => 'moodle/course:update' 1619 ), 1620 1621 'moodle/site:mnetlogintoremote' => array( 1622 1623 'captype' => 'read', 1624 'contextlevel' => CONTEXT_SYSTEM, 1625 'archetypes' => array( 1626 ) 1627 ), 1628 1629 'moodle/grade:viewall' => array( 1630 'riskbitmask' => RISK_PERSONAL, 1631 'captype' => 'read', 1632 'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER 1633 'archetypes' => array( 1634 'teacher' => CAP_ALLOW, 1635 'editingteacher' => CAP_ALLOW, 1636 'manager' => CAP_ALLOW 1637 ), 1638 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' 1639 ), 1640 1641 'moodle/grade:view' => array( 1642 'captype' => 'read', 1643 'contextlevel' => CONTEXT_COURSE, 1644 'archetypes' => array( 1645 'student' => CAP_ALLOW 1646 ) 1647 ), 1648 1649 'moodle/grade:viewhidden' => array( 1650 'riskbitmask' => RISK_PERSONAL, 1651 'captype' => 'read', 1652 'contextlevel' => CONTEXT_COURSE, 1653 'archetypes' => array( 1654 'teacher' => CAP_ALLOW, 1655 'editingteacher' => CAP_ALLOW, 1656 'manager' => CAP_ALLOW 1657 ), 1658 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' 1659 ), 1660 1661 'moodle/grade:import' => array( 1662 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1663 'captype' => 'write', 1664 'contextlevel' => CONTEXT_COURSE, 1665 'archetypes' => array( 1666 'editingteacher' => CAP_ALLOW, 1667 'manager' => CAP_ALLOW 1668 ), 1669 'clonepermissionsfrom' => 'moodle/course:managegrades' 1670 ), 1671 1672 'moodle/grade:export' => array( 1673 'riskbitmask' => RISK_PERSONAL, 1674 'captype' => 'read', 1675 'contextlevel' => CONTEXT_COURSE, 1676 'archetypes' => array( 1677 'teacher' => CAP_ALLOW, 1678 'editingteacher' => CAP_ALLOW, 1679 'manager' => CAP_ALLOW 1680 ), 1681 'clonepermissionsfrom' => 'moodle/course:managegrades' 1682 ), 1683 1684 'moodle/grade:manage' => array( 1685 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1686 'captype' => 'write', 1687 'contextlevel' => CONTEXT_COURSE, 1688 'archetypes' => array( 1689 'editingteacher' => CAP_ALLOW, 1690 'manager' => CAP_ALLOW 1691 ), 1692 'clonepermissionsfrom' => 'moodle/course:managegrades' 1693 ), 1694 1695 'moodle/grade:edit' => array( 1696 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1697 'captype' => 'write', 1698 'contextlevel' => CONTEXT_COURSE, 1699 'archetypes' => array( 1700 'editingteacher' => CAP_ALLOW, 1701 'manager' => CAP_ALLOW 1702 ), 1703 'clonepermissionsfrom' => 'moodle/course:managegrades' 1704 ), 1705 1706 // ability to define advanced grading forms in activities either from scratch 1707 // or from a shared template 1708 'moodle/grade:managegradingforms' => array( 1709 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1710 'captype' => 'write', 1711 'contextlevel' => CONTEXT_COURSE, 1712 'archetypes' => array( 1713 'editingteacher' => CAP_ALLOW, 1714 'manager' => CAP_ALLOW 1715 ), 1716 'clonepermissionsfrom' => 'moodle/course:managegrades' 1717 ), 1718 1719 // ability to save a grading form as a new shared template and eventually edit 1720 // and remove own templates (templates originally shared by that user) 1721 'moodle/grade:sharegradingforms' => array( 1722 'riskbitmask' => RISK_XSS, 1723 'captype' => 'write', 1724 'contextlevel' => CONTEXT_SYSTEM, 1725 'archetypes' => array( 1726 'manager' => CAP_ALLOW 1727 ), 1728 ), 1729 1730 // ability to edit and remove any shared template, even those originally shared 1731 // by other users 1732 'moodle/grade:managesharedforms' => array( 1733 'riskbitmask' => RISK_XSS, 1734 'captype' => 'write', 1735 'contextlevel' => CONTEXT_SYSTEM, 1736 'archetypes' => array( 1737 'manager' => CAP_ALLOW 1738 ), 1739 ), 1740 1741 'moodle/grade:manageoutcomes' => array( 1742 'captype' => 'write', 1743 'contextlevel' => CONTEXT_COURSE, 1744 'archetypes' => array( 1745 'editingteacher' => CAP_ALLOW, 1746 'manager' => CAP_ALLOW 1747 ), 1748 'clonepermissionsfrom' => 'moodle/course:managegrades' 1749 ), 1750 1751 'moodle/grade:manageletters' => array( 1752 'captype' => 'write', 1753 'contextlevel' => CONTEXT_COURSE, 1754 'archetypes' => array( 1755 'editingteacher' => CAP_ALLOW, 1756 'manager' => CAP_ALLOW 1757 ), 1758 'clonepermissionsfrom' => 'moodle/course:managegrades' 1759 ), 1760 1761 'moodle/grade:hide' => array( 1762 'captype' => 'write', 1763 'contextlevel' => CONTEXT_COURSE, 1764 'archetypes' => array( 1765 'editingteacher' => CAP_ALLOW, 1766 'manager' => CAP_ALLOW 1767 ) 1768 ), 1769 1770 'moodle/grade:lock' => array( 1771 'captype' => 'write', 1772 'contextlevel' => CONTEXT_COURSE, 1773 'archetypes' => array( 1774 'editingteacher' => CAP_ALLOW, 1775 'manager' => CAP_ALLOW 1776 ) 1777 ), 1778 1779 'moodle/grade:unlock' => array( 1780 'captype' => 'write', 1781 'contextlevel' => CONTEXT_COURSE, 1782 'archetypes' => array( 1783 'editingteacher' => CAP_ALLOW, 1784 'manager' => CAP_ALLOW 1785 ) 1786 ), 1787 1788 'moodle/my:manageblocks' => array( 1789 'captype' => 'write', 1790 'contextlevel' => CONTEXT_SYSTEM, 1791 'archetypes' => array( 1792 'user' => CAP_ALLOW 1793 ) 1794 ), 1795 1796 'moodle/notes:view' => array( 1797 'captype' => 'read', 1798 'contextlevel' => CONTEXT_COURSE, 1799 'archetypes' => array( 1800 'teacher' => CAP_ALLOW, 1801 'editingteacher' => CAP_ALLOW, 1802 'manager' => CAP_ALLOW 1803 ) 1804 ), 1805 1806 'moodle/notes:manage' => array( 1807 'riskbitmask' => RISK_SPAM, 1808 1809 'captype' => 'write', 1810 'contextlevel' => CONTEXT_COURSE, 1811 'archetypes' => array( 1812 'teacher' => CAP_ALLOW, 1813 'editingteacher' => CAP_ALLOW, 1814 'manager' => CAP_ALLOW 1815 ) 1816 ), 1817 1818 'moodle/tag:manage' => array( 1819 'riskbitmask' => RISK_SPAM, 1820 1821 'captype' => 'write', 1822 'contextlevel' => CONTEXT_SYSTEM, 1823 'archetypes' => array( 1824 'manager' => CAP_ALLOW 1825 ) 1826 ), 1827 1828 'moodle/tag:edit' => array( 1829 'riskbitmask' => RISK_SPAM, 1830 1831 'captype' => 'write', 1832 'contextlevel' => CONTEXT_SYSTEM, 1833 'archetypes' => array( 1834 'manager' => CAP_ALLOW 1835 ) 1836 ), 1837 1838 'moodle/tag:flag' => array( 1839 'riskbitmask' => RISK_SPAM, 1840 1841 'captype' => 'write', 1842 'contextlevel' => CONTEXT_SYSTEM, 1843 'archetypes' => array( 1844 'user' => CAP_ALLOW 1845 ) 1846 ), 1847 1848 'moodle/tag:editblocks' => array( 1849 'captype' => 'write', 1850 'contextlevel' => CONTEXT_SYSTEM, 1851 'archetypes' => array( 1852 'teacher' => CAP_ALLOW, 1853 'editingteacher' => CAP_ALLOW, 1854 'manager' => CAP_ALLOW 1855 ) 1856 ), 1857 1858 'moodle/block:view' => array( 1859 'captype' => 'read', 1860 'contextlevel' => CONTEXT_BLOCK, 1861 'archetypes' => array( 1862 'guest' => CAP_ALLOW, 1863 'user' => CAP_ALLOW, 1864 'student' => CAP_ALLOW, 1865 'teacher' => CAP_ALLOW, 1866 'editingteacher' => CAP_ALLOW, 1867 ) 1868 ), 1869 1870 'moodle/block:edit' => array( 1871 'riskbitmask' => RISK_SPAM | RISK_XSS, 1872 1873 'captype' => 'write', 1874 'contextlevel' => CONTEXT_BLOCK, 1875 'archetypes' => array( 1876 'editingteacher' => CAP_ALLOW, 1877 'manager' => CAP_ALLOW 1878 ) 1879 ), 1880 1881 'moodle/portfolio:export' => array( 1882 'captype' => 'read', 1883 'contextlevel' => CONTEXT_SYSTEM, 1884 'archetypes' => array( 1885 'user' => CAP_ALLOW, 1886 'student' => CAP_ALLOW, 1887 'teacher' => CAP_ALLOW, 1888 'editingteacher' => CAP_ALLOW, 1889 ) 1890 ), 1891 'moodle/comment:view' => array( 1892 'captype' => 'read', 1893 'contextlevel' => CONTEXT_COURSE, 1894 'archetypes' => array( 1895 'frontpage' => CAP_ALLOW, 1896 'guest' => CAP_ALLOW, 1897 'user' => CAP_ALLOW, 1898 'student' => CAP_ALLOW, 1899 'teacher' => CAP_ALLOW, 1900 'editingteacher' => CAP_ALLOW, 1901 'manager' => CAP_ALLOW 1902 ) 1903 ), 1904 'moodle/comment:post' => array( 1905 1906 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1907 'captype' => 'write', 1908 'contextlevel' => CONTEXT_COURSE, 1909 'archetypes' => array( 1910 'user' => CAP_ALLOW, 1911 'student' => CAP_ALLOW, 1912 'teacher' => CAP_ALLOW, 1913 'editingteacher' => CAP_ALLOW, 1914 'manager' => CAP_ALLOW 1915 ) 1916 ), 1917 'moodle/comment:delete' => array( 1918 1919 'riskbitmask' => RISK_DATALOSS, 1920 'captype' => 'write', 1921 'contextlevel' => CONTEXT_COURSE, 1922 'archetypes' => array( 1923 'editingteacher' => CAP_ALLOW, 1924 'manager' => CAP_ALLOW 1925 ) 1926 ), 1927 'moodle/webservice:createtoken' => array( 1928 1929 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS, 1930 'captype' => 'write', 1931 'contextlevel' => CONTEXT_SYSTEM, 1932 'archetypes' => array( 1933 'manager' => CAP_ALLOW 1934 ) 1935 ), 1936 'moodle/webservice:managealltokens' => array( 1937 1938 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL, 1939 'captype' => 'write', 1940 'contextlevel' => CONTEXT_SYSTEM, 1941 'archetypes' => array() 1942 ), 1943 'moodle/webservice:createmobiletoken' => array( 1944 1945 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1946 'captype' => 'write', 1947 'contextlevel' => CONTEXT_SYSTEM, 1948 'archetypes' => array( 1949 'user' => CAP_ALLOW 1950 ) 1951 ), 1952 'moodle/rating:view' => array( 1953 1954 'captype' => 'read', 1955 'contextlevel' => CONTEXT_COURSE, 1956 'archetypes' => array( 1957 'user' => CAP_ALLOW, 1958 'student' => CAP_ALLOW, 1959 'teacher' => CAP_ALLOW, 1960 'editingteacher' => CAP_ALLOW, 1961 'manager' => CAP_ALLOW 1962 ) 1963 ), 1964 'moodle/rating:viewany' => array( 1965 1966 'riskbitmask' => RISK_PERSONAL, 1967 'captype' => 'read', 1968 'contextlevel' => CONTEXT_COURSE, 1969 'archetypes' => array( 1970 'user' => CAP_ALLOW, 1971 'student' => CAP_ALLOW, 1972 'teacher' => CAP_ALLOW, 1973 'editingteacher' => CAP_ALLOW, 1974 'manager' => CAP_ALLOW 1975 ) 1976 ), 1977 'moodle/rating:viewall' => array( 1978 1979 'riskbitmask' => RISK_PERSONAL, 1980 'captype' => 'read', 1981 'contextlevel' => CONTEXT_COURSE, 1982 'archetypes' => array( 1983 'user' => CAP_ALLOW, 1984 'student' => CAP_ALLOW, 1985 'teacher' => CAP_ALLOW, 1986 'editingteacher' => CAP_ALLOW, 1987 'manager' => CAP_ALLOW 1988 ) 1989 ), 1990 'moodle/rating:rate' => array( 1991 1992 'captype' => 'write', 1993 'contextlevel' => CONTEXT_COURSE, 1994 'archetypes' => array( 1995 'user' => CAP_ALLOW, 1996 'student' => CAP_ALLOW, 1997 'teacher' => CAP_ALLOW, 1998 'editingteacher' => CAP_ALLOW, 1999 'manager' => CAP_ALLOW 2000 ) 2001 ), 2002 'moodle/course:markcomplete' => array( 2003 'captype' => 'write', 2004 'contextlevel' => CONTEXT_COURSE, 2005 'archetypes' => array( 2006 'teacher' => CAP_ALLOW, 2007 'editingteacher' => CAP_ALLOW, 2008 'manager' => CAP_ALLOW 2009 ) 2010 ), 2011 'moodle/course:overridecompletion' => array( 2012 'captype' => 'write', 2013 'contextlevel' => CONTEXT_COURSE, 2014 'archetypes' => array( 2015 'teacher' => CAP_ALLOW, 2016 'editingteacher' => CAP_ALLOW, 2017 'manager' => CAP_ALLOW 2018 ) 2019 ), 2020 2021 // Badges. 2022 'moodle/badges:manageglobalsettings' => array( 2023 'riskbitmask' => RISK_DATALOSS | RISK_CONFIG, 2024 'captype' => 'write', 2025 'contextlevel' => CONTEXT_SYSTEM, 2026 'archetypes' => array( 2027 'manager' => CAP_ALLOW, 2028 ) 2029 ), 2030 2031 // View available badges without earning them. 2032 'moodle/badges:viewbadges' => array( 2033 'captype' => 'read', 2034 'contextlevel' => CONTEXT_COURSE, 2035 'archetypes' => array( 2036 'user' => CAP_ALLOW, 2037 ) 2038 ), 2039 2040 // Manage badges on own private badges page. 2041 'moodle/badges:manageownbadges' => array( 2042 'riskbitmap' => RISK_SPAM, 2043 'captype' => 'write', 2044 'contextlevel' => CONTEXT_USER, 2045 'archetypes' => array( 2046 'user' => CAP_ALLOW 2047 ) 2048 ), 2049 2050 // View public badges in other users' profiles. 2051 'moodle/badges:viewotherbadges' => array( 2052 'riskbitmap' => RISK_PERSONAL, 2053 'captype' => 'read', 2054 'contextlevel' => CONTEXT_USER, 2055 'archetypes' => array( 2056 'user' => CAP_ALLOW 2057 ) 2058 ), 2059 2060 // Earn badge. 2061 'moodle/badges:earnbadge' => array( 2062 'captype' => 'write', 2063 'contextlevel' => CONTEXT_COURSE, 2064 'archetypes' => array( 2065 'user' => CAP_ALLOW, 2066 ) 2067 ), 2068 2069 // Create/duplicate badges. 2070 'moodle/badges:createbadge' => array( 2071 'riskbitmask' => RISK_SPAM, 2072 'captype' => 'write', 2073 'contextlevel' => CONTEXT_COURSE, 2074 'archetypes' => array( 2075 'manager' => CAP_ALLOW, 2076 'editingteacher' => CAP_ALLOW, 2077 ) 2078 ), 2079 2080 // Delete badges. 2081 'moodle/badges:deletebadge' => array( 2082 'riskbitmask' => RISK_DATALOSS, 2083 'captype' => 'write', 2084 'contextlevel' => CONTEXT_COURSE, 2085 'archetypes' => array( 2086 'manager' => CAP_ALLOW, 2087 'editingteacher' => CAP_ALLOW, 2088 ) 2089 ), 2090 2091 // Set up/edit badge details. 2092 'moodle/badges:configuredetails' => array( 2093 'riskbitmask' => RISK_SPAM, 2094 'captype' => 'write', 2095 'contextlevel' => CONTEXT_COURSE, 2096 'archetypes' => array( 2097 'manager' => CAP_ALLOW, 2098 'editingteacher' => CAP_ALLOW, 2099 ) 2100 ), 2101 2102 // Set up/edit criteria of earning a badge. 2103 'moodle/badges:configurecriteria' => array( 2104 'riskbitmask' => RISK_XSS, 2105 'captype' => 'write', 2106 'contextlevel' => CONTEXT_COURSE, 2107 'archetypes' => array( 2108 'manager' => CAP_ALLOW, 2109 'editingteacher' => CAP_ALLOW, 2110 ) 2111 ), 2112 2113 // Configure badge messages. 2114 'moodle/badges:configuremessages' => array( 2115 'riskbitmask' => RISK_SPAM, 2116 'captype' => 'write', 2117 'contextlevel' => CONTEXT_COURSE, 2118 'archetypes' => array( 2119 'manager' => CAP_ALLOW, 2120 'editingteacher' => CAP_ALLOW, 2121 ) 2122 ), 2123 2124 // Award badge to a user. 2125 'moodle/badges:awardbadge' => array( 2126 'riskbitmask' => RISK_SPAM, 2127 'captype' => 'write', 2128 'contextlevel' => CONTEXT_COURSE, 2129 'archetypes' => array( 2130 'manager' => CAP_ALLOW, 2131 'teacher' => CAP_ALLOW, 2132 'editingteacher' => CAP_ALLOW, 2133 ) 2134 ), 2135 2136 // Revoke badge from a user. 2137 'moodle/badges:revokebadge' => array( 2138 'riskbitmask' => RISK_SPAM, 2139 'captype' => 'write', 2140 'contextlevel' => CONTEXT_COURSE, 2141 'archetypes' => array( 2142 'manager' => CAP_ALLOW, 2143 'teacher' => CAP_ALLOW, 2144 'editingteacher' => CAP_ALLOW, 2145 ) 2146 ), 2147 2148 // View users who earned a specific badge without being able to award a badge. 2149 'moodle/badges:viewawarded' => array( 2150 'riskbitmask' => RISK_PERSONAL, 2151 'captype' => 'read', 2152 'contextlevel' => CONTEXT_COURSE, 2153 'archetypes' => array( 2154 'manager' => CAP_ALLOW, 2155 'teacher' => CAP_ALLOW, 2156 'editingteacher' => CAP_ALLOW, 2157 ) 2158 ), 2159 2160 'moodle/site:forcelanguage' => array( 2161 'captype' => 'read', 2162 'contextlevel' => CONTEXT_SYSTEM, 2163 'archetypes' => array( 2164 ) 2165 ), 2166 2167 // Perform site-wide search queries through the search API. 2168 'moodle/search:query' => array( 2169 'captype' => 'read', 2170 'contextlevel' => CONTEXT_SYSTEM, 2171 'archetypes' => array( 2172 'guest' => CAP_ALLOW, 2173 'user' => CAP_ALLOW, 2174 'student' => CAP_ALLOW, 2175 'teacher' => CAP_ALLOW, 2176 'editingteacher' => CAP_ALLOW, 2177 'manager' => CAP_ALLOW 2178 ) 2179 ), 2180 2181 // Competencies. 2182 'moodle/competency:competencymanage' => array( 2183 'captype' => 'write', 2184 'contextlevel' => CONTEXT_COURSECAT, 2185 'archetypes' => array( 2186 'manager' => CAP_ALLOW 2187 ) 2188 ), 2189 'moodle/competency:competencyview' => array( 2190 'captype' => 'read', 2191 'contextlevel' => CONTEXT_COURSECAT, 2192 'archetypes' => array( 2193 'user' => CAP_ALLOW 2194 ), 2195 ), 2196 'moodle/competency:competencygrade' => array( 2197 'captype' => 'write', 2198 'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER. 2199 'archetypes' => array( 2200 'editingteacher' => CAP_ALLOW, 2201 'teacher' => CAP_ALLOW, 2202 'manager' => CAP_ALLOW 2203 ), 2204 ), 2205 // Course competencies. 2206 'moodle/competency:coursecompetencymanage' => array( 2207 'captype' => 'write', 2208 'contextlevel' => CONTEXT_COURSE, 2209 'archetypes' => array( 2210 'editingteacher' => CAP_ALLOW, 2211 'manager' => CAP_ALLOW 2212 ), 2213 ), 2214 'moodle/competency:coursecompetencyconfigure' => array( 2215 'captype' => 'write', 2216 'contextlevel' => CONTEXT_MODULE, 2217 'archetypes' => array( 2218 'manager' => CAP_ALLOW 2219 ), 2220 ), 2221 'moodle/competency:coursecompetencygradable' => array( 2222 'captype' => 'read', 2223 'contextlevel' => CONTEXT_COURSE, 2224 'archetypes' => array( 2225 'student' => CAP_ALLOW 2226 ), 2227 'clonepermissionsfrom' => 'moodle/course:isincompletionreports' 2228 ), 2229 'moodle/competency:coursecompetencyview' => array( 2230 'captype' => 'read', 2231 'contextlevel' => CONTEXT_COURSE, 2232 'archetypes' => array( 2233 'user' => CAP_ALLOW 2234 ), 2235 ), 2236 // Evidence. 2237 'moodle/competency:evidencedelete' => array( 2238 'captype' => 'write', 2239 'contextlevel' => CONTEXT_USER, 2240 'archetypes' => array( 2241 ), 2242 'clonepermissionsfrom' => 'moodle/site:config' 2243 ), 2244 // User plans. 2245 'moodle/competency:planmanage' => array( 2246 'captype' => 'write', 2247 'contextlevel' => CONTEXT_USER, 2248 'archetypes' => array( 2249 'manager' => CAP_ALLOW 2250 ), 2251 ), 2252 'moodle/competency:planmanagedraft' => array( 2253 'captype' => 'write', 2254 'contextlevel' => CONTEXT_USER, 2255 'archetypes' => array( 2256 'manager' => CAP_ALLOW 2257 ), 2258 ), 2259 'moodle/competency:planmanageown' => array( 2260 'captype' => 'write', 2261 'contextlevel' => CONTEXT_USER, 2262 'archetypes' => array( 2263 ), 2264 ), 2265 'moodle/competency:planmanageowndraft' => array( 2266 'captype' => 'write', 2267 'contextlevel' => CONTEXT_USER, 2268 'archetypes' => array( 2269 ), 2270 ), 2271 'moodle/competency:planview' => array( 2272 'captype' => 'read', 2273 'contextlevel' => CONTEXT_USER, 2274 'archetypes' => array( 2275 'manager' => CAP_ALLOW 2276 ), 2277 ), 2278 'moodle/competency:planviewdraft' => array( 2279 'captype' => 'read', 2280 'contextlevel' => CONTEXT_USER, 2281 'archetypes' => array( 2282 'manager' => CAP_ALLOW 2283 ), 2284 ), 2285 'moodle/competency:planviewown' => array( 2286 'captype' => 'read', 2287 'contextlevel' => CONTEXT_USER, 2288 'archetypes' => array( 2289 'user' => CAP_ALLOW 2290 ), 2291 ), 2292 'moodle/competency:planviewowndraft' => array( 2293 'captype' => 'read', 2294 'contextlevel' => CONTEXT_USER, 2295 'archetypes' => array( 2296 ), 2297 ), 2298 'moodle/competency:planrequestreview' => array( 2299 'captype' => 'write', 2300 'contextlevel' => CONTEXT_USER, 2301 'archetypes' => array( 2302 'manager' => CAP_ALLOW 2303 ) 2304 ), 2305 'moodle/competency:planrequestreviewown' => array( 2306 'captype' => 'write', 2307 'contextlevel' => CONTEXT_USER, 2308 'archetypes' => array( 2309 'user' => CAP_ALLOW 2310 ) 2311 ), 2312 'moodle/competency:planreview' => array( 2313 'captype' => 'write', 2314 'contextlevel' => CONTEXT_USER, 2315 'archetypes' => array( 2316 'manager' => CAP_ALLOW 2317 ), 2318 ), 2319 'moodle/competency:plancomment' => array( 2320 'captype' => 'write', 2321 'contextlevel' => CONTEXT_USER, 2322 'archetypes' => array( 2323 'manager' => CAP_ALLOW 2324 ), 2325 ), 2326 'moodle/competency:plancommentown' => array( 2327 'captype' => 'write', 2328 'contextlevel' => CONTEXT_USER, 2329 'archetypes' => array( 2330 'user' => CAP_ALLOW 2331 ), 2332 ), 2333 // User competencies. 2334 'moodle/competency:usercompetencyview' => array( 2335 'captype' => 'read', 2336 'contextlevel' => CONTEXT_USER, // And CONTEXT_COURSE. 2337 'archetypes' => array( 2338 'manager' => CAP_ALLOW, 2339 'editingteacher' => CAP_ALLOW, 2340 'teacher' => CAP_ALLOW 2341 ) 2342 ), 2343 'moodle/competency:usercompetencyrequestreview' => array( 2344 'captype' => 'write', 2345 'contextlevel' => CONTEXT_USER, 2346 'archetypes' => array( 2347 'manager' => CAP_ALLOW 2348 ) 2349 ), 2350 'moodle/competency:usercompetencyrequestreviewown' => array( 2351 'captype' => 'write', 2352 'contextlevel' => CONTEXT_USER, 2353 'archetypes' => array( 2354 'user' => CAP_ALLOW 2355 ) 2356 ), 2357 'moodle/competency:usercompetencyreview' => array( 2358 'captype' => 'write', 2359 'contextlevel' => CONTEXT_USER, 2360 'archetypes' => array( 2361 'manager' => CAP_ALLOW 2362 ), 2363 ), 2364 'moodle/competency:usercompetencycomment' => array( 2365 'captype' => 'write', 2366 'contextlevel' => CONTEXT_USER, 2367 'archetypes' => array( 2368 'manager' => CAP_ALLOW 2369 ), 2370 ), 2371 'moodle/competency:usercompetencycommentown' => array( 2372 'captype' => 'write', 2373 'contextlevel' => CONTEXT_USER, 2374 'archetypes' => array( 2375 'user' => CAP_ALLOW 2376 ), 2377 ), 2378 // Template. 2379 'moodle/competency:templatemanage' => array( 2380 'captype' => 'write', 2381 'contextlevel' => CONTEXT_COURSECAT, 2382 'archetypes' => array( 2383 'manager' => CAP_ALLOW 2384 ), 2385 ), 2386 'moodle/analytics:listinsights' => array( 2387 'riskbitmask' => RISK_PERSONAL, 2388 'captype' => 'read', 2389 'contextlevel' => CONTEXT_COURSE, 2390 'archetypes' => array( 2391 'teacher' => CAP_ALLOW, 2392 'editingteacher' => CAP_ALLOW, 2393 'manager' => CAP_ALLOW 2394 ) 2395 ), 2396 'moodle/analytics:managemodels' => array( 2397 'riskbitmask' => RISK_CONFIG, 2398 'captype' => 'write', 2399 'contextlevel' => CONTEXT_SYSTEM, 2400 'archetypes' => array( 2401 'manager' => CAP_ALLOW 2402 ), 2403 ), 2404 'moodle/competency:templateview' => array( 2405 'captype' => 'read', 2406 'contextlevel' => CONTEXT_COURSECAT, 2407 'archetypes' => array( 2408 'manager' => CAP_ALLOW 2409 ), 2410 ), 2411 // User evidence. 2412 'moodle/competency:userevidencemanage' => array( 2413 'captype' => 'write', 2414 'contextlevel' => CONTEXT_USER, 2415 'archetypes' => array( 2416 'manager' => CAP_ALLOW 2417 ), 2418 ), 2419 'moodle/competency:userevidencemanageown' => array( 2420 'captype' => 'write', 2421 'contextlevel' => CONTEXT_USER, 2422 'archetypes' => array( 2423 'user' => CAP_ALLOW 2424 ), 2425 ), 2426 'moodle/competency:userevidenceview' => array( 2427 'captype' => 'read', 2428 'contextlevel' => CONTEXT_USER, 2429 'archetypes' => array( 2430 'manager' => CAP_ALLOW 2431 ), 2432 ), 2433 'moodle/site:maintenanceaccess' => array( 2434 'captype' => 'write', 2435 'contextlevel' => CONTEXT_SYSTEM, 2436 'archetypes' => array( 2437 ) 2438 ), 2439 // Allow message any user, regardlesss of the privacy preferences for messaging. 2440 'moodle/site:messageanyuser' => array( 2441 'riskbitmask' => RISK_SPAM, 2442 'captype' => 'write', 2443 'contextlevel' => CONTEXT_SYSTEM, 2444 'archetypes' => array( 2445 'teacher' => CAP_ALLOW, 2446 'editingteacher' => CAP_ALLOW, 2447 'manager' => CAP_ALLOW 2448 ) 2449 ), 2450 2451 // Context locking/unlocking. 2452 'moodle/site:managecontextlocks' => [ 2453 'captype' => 'write', 2454 'contextlevel' => CONTEXT_MODULE, 2455 'archetypes' => [ 2456 ], 2457 ], 2458 2459 // Manual completion toggling. 2460 'moodle/course:togglecompletion' => [ 2461 'captype' => 'write', 2462 'contextlevel' => CONTEXT_MODULE, 2463 'archetypes' => [ 2464 'user' => CAP_ALLOW, 2465 ], 2466 ], 2467 2468 'moodle/analytics:listowninsights' => array( 2469 'captype' => 'read', 2470 'contextlevel' => CONTEXT_SYSTEM, 2471 'archetypes' => array( 2472 'user' => CAP_ALLOW 2473 ) 2474 ), 2475 2476 // Set display option buttons to an H5P content. 2477 'moodle/h5p:setdisplayoptions' => array( 2478 'captype' => 'write', 2479 'contextlevel' => CONTEXT_MODULE, 2480 'archetypes' => array( 2481 'editingteacher' => CAP_ALLOW, 2482 ) 2483 ), 2484 2485 // Allow to deploy H5P content. 2486 'moodle/h5p:deploy' => array( 2487 'riskbitmask' => RISK_XSS, 2488 'captype' => 'write', 2489 'contextlevel' => CONTEXT_MODULE, 2490 'archetypes' => array( 2491 'manager' => CAP_ALLOW, 2492 'editingteacher' => CAP_ALLOW, 2493 ) 2494 ), 2495 2496 // Allow to update H5P content-type libraries. 2497 'moodle/h5p:updatelibraries' => [ 2498 'riskbitmask' => RISK_XSS, 2499 'captype' => 'write', 2500 'contextlevel' => CONTEXT_MODULE, 2501 'archetypes' => [ 2502 'manager' => CAP_ALLOW, 2503 ] 2504 ], 2505 2506 // Allow users to recommend activities in the activity chooser. 2507 'moodle/course:recommendactivity' => [ 2508 'captype' => 'write', 2509 'contextlevel' => CONTEXT_SYSTEM, 2510 'archetypes' => [ 2511 'manager' => CAP_ALLOW, 2512 ] 2513 ], 2514 2515 // Content bank capabilities. 2516 'moodle/contentbank:access' => array( 2517 'captype' => 'read', 2518 'contextlevel' => CONTEXT_COURSE, 2519 'archetypes' => array( 2520 'manager' => CAP_ALLOW, 2521 'coursecreator' => CAP_ALLOW, 2522 'editingteacher' => CAP_ALLOW, 2523 ) 2524 ), 2525 2526 'moodle/contentbank:upload' => array( 2527 'riskbitmask' => RISK_SPAM, 2528 'captype' => 'write', 2529 'contextlevel' => CONTEXT_COURSE, 2530 'archetypes' => array( 2531 'manager' => CAP_ALLOW, 2532 'coursecreator' => CAP_ALLOW, 2533 'editingteacher' => CAP_ALLOW, 2534 ) 2535 ), 2536 2537 // Delete any content from the content bank. 2538 'moodle/contentbank:deleteanycontent' => [ 2539 'riskbitmask' => RISK_DATALOSS, 2540 'captype' => 'write', 2541 'contextlevel' => CONTEXT_COURSE, 2542 'archetypes' => [ 2543 'manager' => CAP_ALLOW, 2544 'coursecreator' => CAP_ALLOW, 2545 ] 2546 ], 2547 2548 // Delete content created by yourself. 2549 'moodle/contentbank:deleteowncontent' => [ 2550 'captype' => 'write', 2551 'contextlevel' => CONTEXT_COURSE, 2552 'archetypes' => [ 2553 'user' => CAP_ALLOW, 2554 ] 2555 ], 2556 2557 // Manage (rename, move, publish, share, etc.) any content from the content bank. 2558 'moodle/contentbank:manageanycontent' => [ 2559 'riskbitmask' => RISK_DATALOSS, 2560 'captype' => 'write', 2561 'contextlevel' => CONTEXT_COURSE, 2562 'archetypes' => array( 2563 'manager' => CAP_ALLOW, 2564 'coursecreator' => CAP_ALLOW, 2565 ) 2566 ], 2567 2568 // Manage (rename, move, publish, share, etc.) content created by yourself. 2569 'moodle/contentbank:manageowncontent' => [ 2570 'captype' => 'write', 2571 'contextlevel' => CONTEXT_COURSE, 2572 'archetypes' => array( 2573 'manager' => CAP_ALLOW, 2574 'coursecreator' => CAP_ALLOW, 2575 'editingteacher' => CAP_ALLOW, 2576 ) 2577 ], 2578 2579 // Allow users to create/edit content within the content bank. 2580 'moodle/contentbank:useeditor' => [ 2581 'riskbitmask' => RISK_SPAM, 2582 'captype' => 'write', 2583 'contextlevel' => CONTEXT_COURSE, 2584 'archetypes' => array( 2585 'manager' => CAP_ALLOW, 2586 'coursecreator' => CAP_ALLOW, 2587 'editingteacher' => CAP_ALLOW, 2588 ) 2589 ], 2590 2591 // Allow users to download content. 2592 'moodle/contentbank:downloadcontent' => [ 2593 'captype' => 'read', 2594 'contextlevel' => CONTEXT_COURSE, 2595 'archetypes' => [ 2596 'manager' => CAP_ALLOW, 2597 'coursecreator' => CAP_ALLOW, 2598 'editingteacher' => CAP_ALLOW, 2599 ] 2600 ], 2601 2602 // Allow users to download course content. 2603 'moodle/course:downloadcoursecontent' => [ 2604 'captype' => 'read', 2605 'contextlevel' => CONTEXT_COURSE, 2606 'archetypes' => array( 2607 'student' => CAP_ALLOW, 2608 'teacher' => CAP_ALLOW, 2609 'editingteacher' => CAP_ALLOW, 2610 'manager' => CAP_ALLOW 2611 ) 2612 ], 2613 2614 // Allow users to configure download course content functionality within a course, if the feature is available. 2615 'moodle/course:configuredownloadcontent' => [ 2616 'captype' => 'write', 2617 'contextlevel' => CONTEXT_COURSE, 2618 'archetypes' => array( 2619 'editingteacher' => CAP_ALLOW, 2620 'manager' => CAP_ALLOW 2621 ), 2622 ], 2623 2624 // Allow to manage payment accounts. 2625 'moodle/payment:manageaccounts' => [ 2626 'captype' => 'write', 2627 'riskbitmask' => RISK_PERSONAL | RISK_CONFIG | RISK_DATALOSS, 2628 'contextlevel' => CONTEXT_COURSE, 2629 'archetypes' => [], 2630 ], 2631 2632 // Allow to view payments. 2633 'moodle/payment:viewpayments' => [ 2634 'captype' => 'read', 2635 'riskbitmask' => RISK_PERSONAL, 2636 'contextlevel' => CONTEXT_COURSE, 2637 'archetypes' => [], 2638 ], 2639 2640 // Allow users to view hidden content. 2641 'moodle/contentbank:viewunlistedcontent' => [ 2642 'captype' => 'read', 2643 'contextlevel' => CONTEXT_COURSE, 2644 'archetypes' => [ 2645 'manager' => CAP_ALLOW, 2646 'coursecreator' => CAP_ALLOW, 2647 ] 2648 ], 2649 2650 // Allow users to view custom reports. 2651 'moodle/reportbuilder:view' => [ 2652 'captype' => 'read', 2653 'contextlevel' => CONTEXT_SYSTEM, 2654 'archetypes' => [ 2655 'user' => CAP_ALLOW, 2656 ], 2657 ], 2658 2659 // Allow users to create/edit their own custom reports. 2660 'moodle/reportbuilder:edit' => [ 2661 'captype' => 'write', 2662 'riskbitmap' => RISK_PERSONAL, 2663 'contextlevel' => CONTEXT_SYSTEM, 2664 'archetypes' => [ 2665 'manager' => CAP_ALLOW, 2666 ], 2667 ], 2668 2669 // Allow users to create/edit all custom reports. 2670 'moodle/reportbuilder:editall' => [ 2671 'captype' => 'write', 2672 'riskbitmap' => RISK_PERSONAL, 2673 'contextlevel' => CONTEXT_SYSTEM, 2674 'archetypes' => [], 2675 ], 2676 2677 // Allow users to schedule reports as other users. 2678 'moodle/reportbuilder:scheduleviewas' => [ 2679 'captype' => 'read', 2680 'riskbitmap' => RISK_PERSONAL, 2681 'contextlevel' => CONTEXT_SYSTEM, 2682 'archetypes' => [], 2683 ], 2684 2685 // Allow users to share activities to MoodleNet. 2686 'moodle/moodlenet:shareactivity' => [ 2687 'captype' => 'read', 2688 'contextlevel' => CONTEXT_COURSE, 2689 'archetypes' => [ 2690 'editingteacher' => CAP_ALLOW, 2691 'manager' => CAP_ALLOW, 2692 ] 2693 ], 2694 );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
