Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
- Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/lib/db/ -> access.php (source)
Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403] [Versions 401 and 403] [Versions 402 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Capability definitions for Moodle core. 19 * 20 * The capabilities are loaded into the database table when the module is 21 * installed or updated. Whenever the capability definitions are updated, 22 * the module version number should be bumped up. 23 * 24 * The system has four possible values for a capability: 25 * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set). 26 * 27 * 28 * CAPABILITY NAMING CONVENTION 29 * 30 * It is important that capability names are unique. The naming convention 31 * for capabilities that are specific to modules and blocks is as follows: 32 * [mod/block]/<plugin_name>:<capabilityname> 33 * 34 * component_name should be the same as the directory name of the mod or block. 35 * 36 * Core moodle capabilities are defined thus: 37 * moodle/<capabilityclass>:<capabilityname> 38 * 39 * Examples: mod/forum:viewpost 40 * block/recent_activity:view 41 * moodle/site:deleteuser 42 * 43 * The variable name for the capability definitions array is $capabilities 44 * 45 * For more information, take a look to the documentation available: 46 * - Access API: {@link https://moodledev.io/docs/apis/subsystems/access} 47 * - Upgrade API: {@link https://moodledev.io/docs/guides/upgrade} 48 * 49 * @package core_access 50 * @category access 51 * @copyright 2006 onwards Martin Dougiamas http://dougiamas.com 52 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 53 */ 54 55 defined('MOODLE_INTERNAL') || die(); 56 57 $capabilities = array( 58 'moodle/site:config' => array( 59 60 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS, 61 62 'captype' => 'write', 63 'contextlevel' => CONTEXT_SYSTEM, 64 'archetypes' => array( 65 ) 66 ), 67 'moodle/site:configview' => array( 68 'captype' => 'read', 69 'contextlevel' => CONTEXT_SYSTEM, 70 'archetypes' => array( 71 'manager' => CAP_ALLOW, 72 'coursecreator' => CAP_ALLOW, 73 ) 74 ), 75 76 'moodle/site:readallmessages' => array( 77 78 'riskbitmask' => RISK_PERSONAL, 79 80 'captype' => 'read', 81 'contextlevel' => CONTEXT_SYSTEM, 82 'archetypes' => array( 83 'manager' => CAP_ALLOW, 84 'editingteacher' => CAP_ALLOW 85 ) 86 ), 87 88 'moodle/site:manageallmessaging' => array( 89 90 'riskbitmask' => RISK_PERSONAL, 91 92 'captype' => 'write', 93 'contextlevel' => CONTEXT_SYSTEM, 94 'archetypes' => array( 95 'manager' => CAP_ALLOW 96 ) 97 ), 98 99 'moodle/site:deleteanymessage' => array( 100 101 'riskbitmask' => RISK_DATALOSS, 102 103 'captype' => 'write', 104 'contextlevel' => CONTEXT_SYSTEM, 105 'archetypes' => array( 106 'manager' => CAP_ALLOW 107 ) 108 ), 109 110 'moodle/site:sendmessage' => array( 111 112 'riskbitmask' => RISK_SPAM, 113 114 'captype' => 'write', 115 'contextlevel' => CONTEXT_SYSTEM, 116 'archetypes' => array( 117 'manager' => CAP_ALLOW, 118 'user' => CAP_ALLOW 119 ) 120 ), 121 122 'moodle/site:senderrormessage' => [ 123 'riskbitmask' => RISK_SPAM, 124 'captype' => 'write', 125 'contextlevel' => CONTEXT_SYSTEM, 126 'archetypes' => array( 127 'user' => CAP_ALLOW 128 ) 129 ], 130 131 'moodle/site:deleteownmessage' => array( 132 133 'captype' => 'write', 134 'contextlevel' => CONTEXT_SYSTEM, 135 'archetypes' => array( 136 'user' => CAP_ALLOW 137 ) 138 ), 139 140 'moodle/site:approvecourse' => array( 141 142 'riskbitmask' => RISK_XSS, 143 144 'captype' => 'write', 145 'contextlevel' => CONTEXT_COURSECAT, 146 'archetypes' => array( 147 'manager' => CAP_ALLOW 148 ) 149 ), 150 151 'moodle/backup:backupcourse' => array( 152 153 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 154 155 'captype' => 'write', 156 'contextlevel' => CONTEXT_COURSE, 157 'archetypes' => array( 158 'editingteacher' => CAP_ALLOW, 159 'manager' => CAP_ALLOW 160 ), 161 162 'clonepermissionsfrom' => 'moodle/site:backup' 163 ), 164 165 'moodle/backup:backupsection' => array( 166 167 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 168 169 'captype' => 'write', 170 'contextlevel' => CONTEXT_COURSE, 171 'archetypes' => array( 172 'editingteacher' => CAP_ALLOW, 173 'manager' => CAP_ALLOW 174 ), 175 176 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 177 ), 178 179 'moodle/backup:backupactivity' => array( 180 181 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 182 183 'captype' => 'write', 184 'contextlevel' => CONTEXT_MODULE, 185 'archetypes' => array( 186 'editingteacher' => CAP_ALLOW, 187 'manager' => CAP_ALLOW 188 ), 189 190 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 191 ), 192 193 'moodle/backup:backuptargetimport' => array( 194 195 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 196 197 'captype' => 'read', 198 'contextlevel' => CONTEXT_COURSE, 199 'archetypes' => array( 200 'editingteacher' => CAP_ALLOW, 201 'manager' => CAP_ALLOW 202 ), 203 204 'clonepermissionsfrom' => 'moodle/backup:backupcourse' 205 ), 206 207 'moodle/backup:downloadfile' => array( 208 209 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 210 211 'captype' => 'write', 212 'contextlevel' => CONTEXT_COURSE, 213 'archetypes' => array( 214 'editingteacher' => CAP_ALLOW, 215 'manager' => CAP_ALLOW 216 ), 217 218 'clonepermissionsfrom' => 'moodle/site:backupdownload' 219 ), 220 221 'moodle/backup:configure' => array( 222 223 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 224 225 'captype' => 'write', 226 'contextlevel' => CONTEXT_COURSE, 227 'archetypes' => array( 228 'editingteacher' => CAP_ALLOW, 229 'manager' => CAP_ALLOW 230 ) 231 ), 232 233 'moodle/backup:userinfo' => array( 234 235 'riskbitmask' => RISK_PERSONAL, 236 237 'captype' => 'read', 238 'contextlevel' => CONTEXT_COURSE, 239 'archetypes' => array( 240 'manager' => CAP_ALLOW 241 ) 242 ), 243 244 'moodle/backup:anonymise' => array( 245 246 'riskbitmask' => RISK_PERSONAL, 247 248 'captype' => 'read', 249 'contextlevel' => CONTEXT_COURSE, 250 'archetypes' => array( 251 'manager' => CAP_ALLOW 252 ) 253 ), 254 255 'moodle/restore:restorecourse' => array( 256 257 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 258 259 'captype' => 'write', 260 'contextlevel' => CONTEXT_COURSE, 261 'archetypes' => array( 262 'editingteacher' => CAP_ALLOW, 263 'manager' => CAP_ALLOW 264 ), 265 266 'clonepermissionsfrom' => 'moodle/site:restore' 267 ), 268 269 'moodle/restore:restoresection' => array( 270 271 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 272 273 'captype' => 'write', 274 'contextlevel' => CONTEXT_COURSE, 275 'archetypes' => array( 276 'editingteacher' => CAP_ALLOW, 277 'manager' => CAP_ALLOW 278 ), 279 280 'clonepermissionsfrom' => 'moodle/restore:restorecourse' 281 ), 282 283 'moodle/restore:restoreactivity' => array( 284 285 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 286 287 'captype' => 'write', 288 'contextlevel' => CONTEXT_COURSE, 289 'archetypes' => array( 290 'editingteacher' => CAP_ALLOW, 291 'manager' => CAP_ALLOW 292 ), 293 294 'clonepermissionsfrom' => 'moodle/restore:restorecourse' 295 ), 296 297 'moodle/restore:viewautomatedfilearea' => array( 298 299 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 300 301 'captype' => 'write', 302 'contextlevel' => CONTEXT_COURSE, 303 'archetypes' => array( 304 'editingteacher' => CAP_ALLOW, 305 'manager' => CAP_ALLOW 306 ), 307 ), 308 309 'moodle/restore:restoretargetimport' => array( 310 311 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 312 313 'captype' => 'write', 314 'contextlevel' => CONTEXT_COURSE, 315 'archetypes' => array( 316 'editingteacher' => CAP_ALLOW, 317 'manager' => CAP_ALLOW 318 ), 319 320 'clonepermissionsfrom' => 'moodle/site:import' 321 ), 322 323 'moodle/restore:uploadfile' => array( 324 325 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 326 327 'captype' => 'write', 328 'contextlevel' => CONTEXT_COURSE, 329 'archetypes' => array( 330 'editingteacher' => CAP_ALLOW, 331 'manager' => CAP_ALLOW 332 ), 333 334 'clonepermissionsfrom' => 'moodle/site:backupupload' 335 ), 336 337 'moodle/restore:configure' => array( 338 339 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 340 341 'captype' => 'write', 342 'contextlevel' => CONTEXT_COURSE, 343 'archetypes' => array( 344 'editingteacher' => CAP_ALLOW, 345 'manager' => CAP_ALLOW 346 ) 347 ), 348 349 'moodle/restore:rolldates' => array( 350 351 'captype' => 'write', 352 'contextlevel' => CONTEXT_COURSE, 353 'archetypes' => array( 354 'coursecreator' => CAP_ALLOW, 355 'manager' => CAP_ALLOW 356 ) 357 ), 358 359 'moodle/restore:userinfo' => array( 360 361 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG, 362 363 'captype' => 'write', 364 'contextlevel' => CONTEXT_COURSE, 365 'archetypes' => array( 366 'manager' => CAP_ALLOW 367 ) 368 ), 369 370 'moodle/restore:createuser' => array( 371 372 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 373 374 'captype' => 'write', 375 'contextlevel' => CONTEXT_SYSTEM, 376 'archetypes' => array( 377 'manager' => CAP_ALLOW 378 ) 379 ), 380 381 'moodle/site:manageblocks' => array( 382 383 'riskbitmask' => RISK_SPAM | RISK_XSS, 384 385 'captype' => 'write', 386 'contextlevel' => CONTEXT_BLOCK, 387 'archetypes' => array( 388 'editingteacher' => CAP_ALLOW, 389 'manager' => CAP_ALLOW 390 ) 391 ), 392 393 'moodle/site:accessallgroups' => array( 394 395 'captype' => 'read', 396 'contextlevel' => CONTEXT_MODULE, 397 'archetypes' => array( 398 'editingteacher' => CAP_ALLOW, 399 'manager' => CAP_ALLOW 400 ) 401 ), 402 403 'moodle/site:viewanonymousevents' => array( 404 405 'riskbitmask' => RISK_PERSONAL, 406 407 'captype' => 'read', 408 'contextlevel' => CONTEXT_MODULE, 409 'archetypes' => array( 410 'manager' => CAP_ALLOW, 411 ) 412 ), 413 414 'moodle/site:viewfullnames' => array( 415 416 'captype' => 'read', 417 'contextlevel' => CONTEXT_MODULE, 418 'archetypes' => array( 419 'teacher' => CAP_ALLOW, 420 'editingteacher' => CAP_ALLOW, 421 'manager' => CAP_ALLOW 422 ) 423 ), 424 425 // In reports that give lists of users, extra information about each user's 426 // identity (the fields configured in site option showuseridentity) will be 427 // displayed to users who have this capability. 428 'moodle/site:viewuseridentity' => array( 429 430 'captype' => 'read', 431 'contextlevel' => CONTEXT_MODULE, 432 'archetypes' => array( 433 'teacher' => CAP_ALLOW, 434 'editingteacher' => CAP_ALLOW, 435 'manager' => CAP_ALLOW 436 ) 437 ), 438 439 'moodle/site:viewreports' => array( 440 441 'riskbitmask' => RISK_PERSONAL, 442 443 'captype' => 'read', 444 'contextlevel' => CONTEXT_COURSE, 445 'archetypes' => array( 446 'teacher' => CAP_ALLOW, 447 'editingteacher' => CAP_ALLOW, 448 'manager' => CAP_ALLOW 449 ) 450 ), 451 452 'moodle/site:trustcontent' => array( 453 454 'riskbitmask' => RISK_XSS, 455 456 'captype' => 'write', 457 'contextlevel' => CONTEXT_MODULE, 458 'archetypes' => array( 459 'editingteacher' => CAP_ALLOW, 460 'manager' => CAP_ALLOW 461 ) 462 ), 463 464 'moodle/site:uploadusers' => array( 465 466 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 467 468 'captype' => 'write', 469 'contextlevel' => CONTEXT_SYSTEM, 470 'archetypes' => array( 471 'manager' => CAP_ALLOW 472 ) 473 ), 474 475 // Permission to manage filter setting overrides in subcontexts. 476 'moodle/filter:manage' => array( 477 478 'captype' => 'write', 479 'contextlevel' => CONTEXT_COURSE, 480 'archetypes' => array( 481 'editingteacher' => CAP_ALLOW, 482 'manager' => CAP_ALLOW, 483 ) 484 ), 485 486 'moodle/user:create' => array( 487 488 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 489 490 'captype' => 'write', 491 'contextlevel' => CONTEXT_SYSTEM, 492 'archetypes' => array( 493 'manager' => CAP_ALLOW 494 ) 495 ), 496 497 'moodle/user:delete' => array( 498 499 'riskbitmask' => RISK_PERSONAL | RISK_DATALOSS, 500 501 'captype' => 'write', 502 'contextlevel' => CONTEXT_SYSTEM, 503 'archetypes' => array( 504 'manager' => CAP_ALLOW 505 ) 506 ), 507 508 'moodle/user:update' => array( 509 510 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 511 512 'captype' => 'write', 513 'contextlevel' => CONTEXT_SYSTEM, 514 'archetypes' => array( 515 'manager' => CAP_ALLOW 516 ) 517 ), 518 519 'moodle/user:viewdetails' => array( 520 521 'captype' => 'read', 522 'contextlevel' => CONTEXT_COURSE, 523 'archetypes' => array( 524 'guest' => CAP_ALLOW, 525 'student' => CAP_ALLOW, 526 'teacher' => CAP_ALLOW, 527 'editingteacher' => CAP_ALLOW, 528 'manager' => CAP_ALLOW 529 ) 530 ), 531 532 'moodle/user:viewalldetails' => array( 533 'riskbitmask' => RISK_PERSONAL, 534 'captype' => 'read', 535 'contextlevel' => CONTEXT_USER, 536 'archetypes' => array( 537 'manager' => CAP_ALLOW 538 ), 539 'clonepermissionsfrom' => 'moodle/user:update' 540 ), 541 542 'moodle/user:viewlastip' => array( 543 'riskbitmask' => RISK_PERSONAL, 544 'captype' => 'read', 545 'contextlevel' => CONTEXT_USER, 546 'archetypes' => array( 547 'manager' => CAP_ALLOW 548 ), 549 'clonepermissionsfrom' => 'moodle/user:update' 550 ), 551 552 'moodle/user:viewhiddendetails' => array( 553 554 'riskbitmask' => RISK_PERSONAL, 555 556 'captype' => 'read', 557 'contextlevel' => CONTEXT_COURSE, 558 'archetypes' => array( 559 'teacher' => CAP_ALLOW, 560 'editingteacher' => CAP_ALLOW, 561 'manager' => CAP_ALLOW 562 ) 563 ), 564 565 'moodle/user:loginas' => array( 566 567 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG, 568 569 'captype' => 'write', 570 'contextlevel' => CONTEXT_COURSE, 571 'archetypes' => array( 572 'manager' => CAP_ALLOW 573 ) 574 ), 575 576 // can the user manage the system default profile page? 577 'moodle/user:managesyspages' => array( 578 579 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG, 580 581 'captype' => 'write', 582 'contextlevel' => CONTEXT_SYSTEM, 583 'archetypes' => array( 584 'manager' => CAP_ALLOW 585 ) 586 ), 587 588 // can the user manage another user's profile page? 589 'moodle/user:manageblocks' => array( 590 591 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 592 593 'captype' => 'write', 594 'contextlevel' => CONTEXT_USER 595 ), 596 597 // can the user manage their own profile page? 598 'moodle/user:manageownblocks' => array( 599 600 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 601 602 'captype' => 'write', 603 'contextlevel' => CONTEXT_SYSTEM, 604 'archetypes' => array( 605 'user' => CAP_ALLOW 606 ) 607 ), 608 609 // can the user manage their own files? 610 'moodle/user:manageownfiles' => array( 611 612 'riskbitmap' => RISK_SPAM | RISK_PERSONAL, 613 614 'captype' => 'write', 615 'contextlevel' => CONTEXT_SYSTEM, 616 'archetypes' => array( 617 'user' => CAP_ALLOW 618 ) 619 ), 620 621 // Can the user ignore the setting userquota? 622 // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose. 623 'moodle/user:ignoreuserquota' => array( 624 'riskbitmap' => RISK_SPAM, 625 'captype' => 'write', 626 'contextlevel' => CONTEXT_SYSTEM, 627 'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits' 628 ), 629 630 // can the user manage the system default dashboard page? 631 'moodle/my:configsyspages' => array( 632 633 'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG, 634 635 'captype' => 'write', 636 'contextlevel' => CONTEXT_SYSTEM, 637 'archetypes' => array( 638 'manager' => CAP_ALLOW 639 ) 640 ), 641 642 'moodle/role:assign' => array( 643 644 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 645 646 'captype' => 'write', 647 'contextlevel' => CONTEXT_COURSE, 648 'archetypes' => array( 649 'editingteacher' => CAP_ALLOW, 650 'manager' => CAP_ALLOW 651 ) 652 ), 653 654 'moodle/role:review' => array( 655 656 'riskbitmask' => RISK_PERSONAL, 657 658 'captype' => 'read', 659 'contextlevel' => CONTEXT_COURSE, 660 'archetypes' => array( 661 'teacher' => CAP_ALLOW, 662 'editingteacher' => CAP_ALLOW, 663 'manager' => CAP_ALLOW 664 ) 665 ), 666 667 // The ability to override the permissions for any capability. 668 'moodle/role:override' => array( 669 670 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 671 672 'captype' => 'write', 673 'contextlevel' => CONTEXT_COURSE, 674 'archetypes' => array( 675 'manager' => CAP_ALLOW 676 ) 677 ), 678 679 // The ability to override the permissions for 'safe' capabilities (those without risks). 680 // If a user has moodle/role:override then you should not check this capability. 681 'moodle/role:safeoverride' => array( 682 683 'riskbitmask' => RISK_SPAM, 684 685 'captype' => 'write', 686 'contextlevel' => CONTEXT_COURSE, 687 'archetypes' => array( 688 'editingteacher' => CAP_ALLOW 689 ) 690 ), 691 692 'moodle/role:manage' => array( 693 694 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, 695 696 'captype' => 'write', 697 'contextlevel' => CONTEXT_SYSTEM, 698 'archetypes' => array( 699 'manager' => CAP_ALLOW 700 ) 701 ), 702 703 'moodle/role:switchroles' => array( 704 705 'riskbitmask' => RISK_XSS | RISK_PERSONAL, 706 707 'captype' => 'read', 708 'contextlevel' => CONTEXT_COURSE, 709 'archetypes' => array( 710 'editingteacher' => CAP_ALLOW, 711 'manager' => CAP_ALLOW 712 ) 713 ), 714 715 // Create, update and delete course categories. (Deleting a course category 716 // does not let you delete the courses it contains, unless you also have 717 // moodle/course: delete.) Creating and deleting requires this permission in 718 // the parent category. 719 'moodle/category:manage' => array( 720 721 'riskbitmask' => RISK_XSS, 722 723 'captype' => 'write', 724 'contextlevel' => CONTEXT_COURSECAT, 725 'archetypes' => array( 726 'manager' => CAP_ALLOW 727 ), 728 'clonepermissionsfrom' => 'moodle/category:update' 729 ), 730 731 'moodle/category:viewcourselist' => array( 732 733 'captype' => 'read', 734 'contextlevel' => CONTEXT_COURSECAT, 735 'archetypes' => array( 736 'guest' => CAP_ALLOW, 737 'user' => CAP_ALLOW, 738 ) 739 ), 740 741 'moodle/category:viewhiddencategories' => array( 742 743 'captype' => 'read', 744 'contextlevel' => CONTEXT_COURSECAT, 745 'archetypes' => array( 746 'coursecreator' => CAP_ALLOW, 747 'manager' => CAP_ALLOW 748 ), 749 'clonepermissionsfrom' => 'moodle/category:visibility' 750 ), 751 752 // create, delete, move cohorts in system and course categories, 753 // (cohorts with component !== null can be only moved) 754 'moodle/cohort:manage' => array( 755 756 'captype' => 'write', 757 'contextlevel' => CONTEXT_COURSECAT, 758 'archetypes' => array( 759 'manager' => CAP_ALLOW 760 ) 761 ), 762 763 // add and remove cohort members (only for cohorts where component !== null) 764 'moodle/cohort:assign' => array( 765 766 'captype' => 'write', 767 'contextlevel' => CONTEXT_COURSECAT, 768 'archetypes' => array( 769 'manager' => CAP_ALLOW 770 ) 771 ), 772 773 // View visible and hidden cohorts defined in the current context. 774 'moodle/cohort:view' => array( 775 776 'captype' => 'read', 777 'contextlevel' => CONTEXT_COURSE, 778 'archetypes' => array( 779 'editingteacher' => CAP_ALLOW, 780 'manager' => CAP_ALLOW 781 ) 782 ), 783 784 'moodle/cohort:configurecustomfields' => array( 785 'riskbitmask' => RISK_SPAM, 786 'captype' => 'write', 787 'contextlevel' => CONTEXT_SYSTEM, 788 'clonepermissionsfrom' => 'moodle/site:config' 789 ), 790 791 'moodle/group:configurecustomfields' => array( 792 'riskbitmask' => RISK_SPAM, 793 'captype' => 'write', 794 'contextlevel' => CONTEXT_SYSTEM, 795 'clonepermissionsfrom' => 'moodle/site:config' 796 ), 797 798 'moodle/course:create' => array( 799 800 'riskbitmask' => RISK_XSS, 801 802 'captype' => 'write', 803 'contextlevel' => CONTEXT_COURSECAT, 804 'archetypes' => array( 805 'coursecreator' => CAP_ALLOW, 806 'manager' => CAP_ALLOW 807 ) 808 ), 809 810 'moodle/course:creategroupconversations' => array( 811 'riskbitmask' => RISK_XSS, 812 'captype' => 'write', 813 'contextlevel' => CONTEXT_COURSE, 814 'archetypes' => array( 815 'editingteacher' => CAP_ALLOW, 816 'manager' => CAP_ALLOW 817 ) 818 ), 819 820 'moodle/course:request' => array( 821 'captype' => 'write', 822 'contextlevel' => CONTEXT_COURSECAT, 823 ), 824 825 'moodle/course:delete' => array( 826 827 'riskbitmask' => RISK_DATALOSS, 828 829 'captype' => 'write', 830 'contextlevel' => CONTEXT_COURSE, 831 'archetypes' => array( 832 'manager' => CAP_ALLOW 833 ) 834 ), 835 836 'moodle/course:update' => array( 837 838 'riskbitmask' => RISK_XSS, 839 840 'captype' => 'write', 841 'contextlevel' => CONTEXT_COURSE, 842 'archetypes' => array( 843 'editingteacher' => CAP_ALLOW, 844 'manager' => CAP_ALLOW 845 ) 846 ), 847 848 'moodle/course:view' => array( 849 850 'captype' => 'read', 851 'contextlevel' => CONTEXT_COURSE, 852 'archetypes' => array( 853 'manager' => CAP_ALLOW, 854 ) 855 ), 856 857 /* review course enrolments - no group restrictions, it is really full access to all participants info*/ 858 'moodle/course:enrolreview' => array( 859 860 'riskbitmask' => RISK_PERSONAL, 861 862 'captype' => 'read', 863 'contextlevel' => CONTEXT_COURSE, 864 'archetypes' => array( 865 'editingteacher' => CAP_ALLOW, 866 'manager' => CAP_ALLOW, 867 ) 868 ), 869 870 /* add, remove, hide enrol instances in courses */ 871 'moodle/course:enrolconfig' => array( 872 873 'riskbitmask' => RISK_PERSONAL, 874 875 'captype' => 'write', 876 'contextlevel' => CONTEXT_COURSE, 877 'archetypes' => array( 878 'editingteacher' => CAP_ALLOW, 879 'manager' => CAP_ALLOW, 880 ) 881 ), 882 883 'moodle/course:reviewotherusers' => array( 884 885 'captype' => 'read', 886 'contextlevel' => CONTEXT_COURSE, 887 'archetypes' => array( 888 'editingteacher' => CAP_ALLOW, 889 'manager' => CAP_ALLOW, 890 ), 891 'clonepermissionsfrom' => 'moodle/role:assign' 892 ), 893 894 'moodle/course:bulkmessaging' => array( 895 896 'riskbitmask' => RISK_SPAM, 897 898 'captype' => 'write', 899 'contextlevel' => CONTEXT_COURSE, 900 'archetypes' => array( 901 'teacher' => CAP_ALLOW, 902 'editingteacher' => CAP_ALLOW, 903 'manager' => CAP_ALLOW 904 ) 905 ), 906 907 'moodle/course:viewhiddenuserfields' => array( 908 909 'riskbitmask' => RISK_PERSONAL, 910 911 'captype' => 'read', 912 'contextlevel' => CONTEXT_COURSE, 913 'archetypes' => array( 914 'teacher' => CAP_ALLOW, 915 'editingteacher' => CAP_ALLOW, 916 'manager' => CAP_ALLOW 917 ) 918 ), 919 920 'moodle/course:viewhiddencourses' => array( 921 922 'captype' => 'read', 923 'contextlevel' => CONTEXT_COURSE, 924 'archetypes' => array( 925 'coursecreator' => CAP_ALLOW, 926 'teacher' => CAP_ALLOW, 927 'editingteacher' => CAP_ALLOW, 928 'manager' => CAP_ALLOW 929 ) 930 ), 931 932 'moodle/course:visibility' => array( 933 934 'captype' => 'write', 935 'contextlevel' => CONTEXT_COURSE, 936 'archetypes' => array( 937 'editingteacher' => CAP_ALLOW, 938 'manager' => CAP_ALLOW 939 ) 940 ), 941 942 'moodle/course:managefiles' => array( 943 944 'riskbitmask' => RISK_XSS, 945 946 'captype' => 'write', 947 'contextlevel' => CONTEXT_COURSE, 948 'archetypes' => array( 949 'editingteacher' => CAP_ALLOW, 950 'manager' => CAP_ALLOW 951 ) 952 ), 953 954 'moodle/course:ignoreavailabilityrestrictions' => array( 955 'captype' => 'read', 956 'contextlevel' => CONTEXT_MODULE, 957 'archetypes' => array( 958 'manager' => CAP_ALLOW, 959 'coursecreator' => CAP_ALLOW, 960 'editingteacher' => CAP_ALLOW, 961 'teacher' => CAP_ALLOW, 962 ), 963 'clonepermissionsfrom' => 'moodle/course:viewhiddenactivities' 964 ), 965 966 'moodle/course:ignorefilesizelimits' => array( 967 968 'captype' => 'write', 969 'contextlevel' => CONTEXT_COURSE, 970 'archetypes' => array( 971 ) 972 ), 973 974 'moodle/course:manageactivities' => array( 975 976 'riskbitmask' => RISK_XSS, 977 978 'captype' => 'write', 979 'contextlevel' => CONTEXT_MODULE, 980 'archetypes' => array( 981 'editingteacher' => CAP_ALLOW, 982 'manager' => CAP_ALLOW 983 ) 984 ), 985 986 'moodle/course:activityvisibility' => array( 987 988 'captype' => 'write', 989 'contextlevel' => CONTEXT_MODULE, 990 'archetypes' => array( 991 'editingteacher' => CAP_ALLOW, 992 'manager' => CAP_ALLOW 993 ) 994 ), 995 996 'moodle/course:viewhiddenactivities' => array( 997 998 'captype' => 'read', 999 'contextlevel' => CONTEXT_MODULE, 1000 'archetypes' => array( 1001 'teacher' => CAP_ALLOW, 1002 'editingteacher' => CAP_ALLOW, 1003 'manager' => CAP_ALLOW 1004 ) 1005 ), 1006 1007 'moodle/course:viewparticipants' => array( 1008 1009 'captype' => 'read', 1010 'contextlevel' => CONTEXT_COURSE, 1011 'archetypes' => array( 1012 'student' => CAP_ALLOW, 1013 'teacher' => CAP_ALLOW, 1014 'editingteacher' => CAP_ALLOW, 1015 'manager' => CAP_ALLOW 1016 ) 1017 ), 1018 1019 'moodle/course:changefullname' => array( 1020 1021 'riskbitmask' => RISK_XSS, 1022 1023 'captype' => 'write', 1024 'contextlevel' => CONTEXT_COURSE, 1025 'archetypes' => array( 1026 'editingteacher' => CAP_ALLOW, 1027 'manager' => CAP_ALLOW 1028 ), 1029 'clonepermissionsfrom' => 'moodle/course:update' 1030 ), 1031 1032 'moodle/course:changeshortname' => array( 1033 1034 'riskbitmask' => RISK_XSS, 1035 1036 'captype' => 'write', 1037 'contextlevel' => CONTEXT_COURSE, 1038 'archetypes' => array( 1039 'editingteacher' => CAP_ALLOW, 1040 'manager' => CAP_ALLOW 1041 ), 1042 'clonepermissionsfrom' => 'moodle/course:update' 1043 ), 1044 1045 'moodle/course:changelockedcustomfields' => array( 1046 1047 'riskbitmask' => RISK_SPAM, 1048 1049 'captype' => 'write', 1050 'contextlevel' => CONTEXT_COURSE, 1051 'archetypes' => array( 1052 'manager' => CAP_ALLOW 1053 ), 1054 ), 1055 1056 'moodle/course:configurecustomfields' => array( 1057 1058 'riskbitmask' => RISK_SPAM, 1059 1060 'captype' => 'write', 1061 'contextlevel' => CONTEXT_SYSTEM, 1062 'clonepermissionsfrom' => 'moodle/site:config' 1063 ), 1064 1065 'moodle/course:renameroles' => array( 1066 'captype' => 'write', 1067 'contextlevel' => CONTEXT_COURSE, 1068 'archetypes' => array( 1069 'editingteacher' => CAP_ALLOW, 1070 'manager' => CAP_ALLOW 1071 ), 1072 'clonepermissionsfrom' => 'moodle/course:update' 1073 ), 1074 1075 'moodle/course:changeidnumber' => array( 1076 1077 'riskbitmask' => RISK_XSS, 1078 1079 'captype' => 'write', 1080 'contextlevel' => CONTEXT_COURSE, 1081 'archetypes' => array( 1082 'editingteacher' => CAP_ALLOW, 1083 'manager' => CAP_ALLOW 1084 ), 1085 'clonepermissionsfrom' => 'moodle/course:update' 1086 ), 1087 'moodle/course:changecategory' => array( 1088 'riskbitmask' => RISK_XSS, 1089 1090 'captype' => 'write', 1091 'contextlevel' => CONTEXT_COURSE, 1092 'archetypes' => array( 1093 'editingteacher' => CAP_ALLOW, 1094 'manager' => CAP_ALLOW 1095 ), 1096 'clonepermissionsfrom' => 'moodle/course:update' 1097 ), 1098 1099 'moodle/course:changesummary' => array( 1100 'riskbitmask' => RISK_XSS, 1101 1102 'captype' => 'write', 1103 'contextlevel' => CONTEXT_COURSE, 1104 'archetypes' => array( 1105 'editingteacher' => CAP_ALLOW, 1106 'manager' => CAP_ALLOW 1107 ), 1108 'clonepermissionsfrom' => 'moodle/course:update' 1109 ), 1110 1111 // Ability to set a forced language for a course or activity. 1112 'moodle/course:setforcedlanguage' => array( 1113 'captype' => 'write', 1114 'contextlevel' => CONTEXT_COURSE, 1115 'archetypes' => array( 1116 'editingteacher' => CAP_ALLOW, 1117 'manager' => CAP_ALLOW 1118 ), 1119 'clonepermissionsfrom' => 'moodle/course:update' 1120 ), 1121 1122 1123 'moodle/site:viewparticipants' => array( 1124 1125 'captype' => 'read', 1126 'contextlevel' => CONTEXT_SYSTEM, 1127 'archetypes' => array( 1128 'manager' => CAP_ALLOW 1129 ) 1130 ), 1131 1132 'moodle/course:isincompletionreports' => array( 1133 'captype' => 'read', 1134 'contextlevel' => CONTEXT_COURSE, 1135 'archetypes' => array( 1136 'student' => CAP_ALLOW, 1137 ), 1138 ), 1139 1140 'moodle/course:viewscales' => array( 1141 1142 'captype' => 'read', 1143 'contextlevel' => CONTEXT_COURSE, 1144 'archetypes' => array( 1145 'student' => CAP_ALLOW, 1146 'teacher' => CAP_ALLOW, 1147 'editingteacher' => CAP_ALLOW, 1148 'manager' => CAP_ALLOW 1149 ) 1150 ), 1151 1152 'moodle/course:managescales' => array( 1153 1154 'captype' => 'write', 1155 'contextlevel' => CONTEXT_COURSE, 1156 'archetypes' => array( 1157 'editingteacher' => CAP_ALLOW, 1158 'manager' => CAP_ALLOW 1159 ) 1160 ), 1161 1162 'moodle/course:managegroups' => array( 1163 'riskbitmask' => RISK_XSS, 1164 1165 'captype' => 'write', 1166 'contextlevel' => CONTEXT_COURSE, 1167 'archetypes' => array( 1168 'editingteacher' => CAP_ALLOW, 1169 'manager' => CAP_ALLOW 1170 ) 1171 ), 1172 1173 'moodle/course:viewhiddengroups' => array( 1174 'riskbitmask' => RISK_PERSONAL, 1175 'captype' => 'READ', 1176 'contextlevel' => CONTEXT_COURSE, 1177 'archetypes' => array( 1178 'teacher' => CAP_ALLOW, 1179 'editingteacher' => CAP_ALLOW, 1180 'manager' => CAP_ALLOW 1181 ) 1182 ), 1183 1184 'moodle/course:reset' => array( 1185 1186 'riskbitmask' => RISK_DATALOSS, 1187 1188 'captype' => 'write', 1189 'contextlevel' => CONTEXT_COURSE, 1190 'archetypes' => array( 1191 'editingteacher' => CAP_ALLOW, 1192 'manager' => CAP_ALLOW 1193 ) 1194 ), 1195 1196 'moodle/course:viewsuspendedusers' => array( 1197 1198 'captype' => 'read', 1199 'contextlevel' => CONTEXT_COURSE, 1200 'archetypes' => array( 1201 'editingteacher' => CAP_ALLOW, 1202 'manager' => CAP_ALLOW 1203 ) 1204 ), 1205 1206 'moodle/course:tag' => array( 1207 'riskbitmask' => RISK_SPAM, 1208 'captype' => 'write', 1209 'contextlevel' => CONTEXT_COURSE, 1210 'archetypes' => array( 1211 'manager' => CAP_ALLOW, 1212 'editingteacher' => CAP_ALLOW, 1213 ), 1214 'clonepermissionsfrom' => 'moodle/course:update' 1215 ), 1216 1217 'moodle/blog:view' => array( 1218 1219 'captype' => 'read', 1220 'contextlevel' => CONTEXT_SYSTEM, 1221 'archetypes' => array( 1222 'guest' => CAP_ALLOW, 1223 'user' => CAP_ALLOW, 1224 'student' => CAP_ALLOW, 1225 'teacher' => CAP_ALLOW, 1226 'editingteacher' => CAP_ALLOW, 1227 'manager' => CAP_ALLOW 1228 ) 1229 ), 1230 1231 'moodle/blog:search' => array( 1232 'captype' => 'read', 1233 'contextlevel' => CONTEXT_SYSTEM, 1234 'archetypes' => array( 1235 'guest' => CAP_ALLOW, 1236 'user' => CAP_ALLOW, 1237 'student' => CAP_ALLOW, 1238 'teacher' => CAP_ALLOW, 1239 'editingteacher' => CAP_ALLOW, 1240 'manager' => CAP_ALLOW 1241 ) 1242 ), 1243 1244 'moodle/blog:viewdrafts' => array( 1245 1246 'riskbitmask' => RISK_PERSONAL, 1247 'captype' => 'read', 1248 'contextlevel' => CONTEXT_SYSTEM, 1249 'archetypes' => array( 1250 'manager' => CAP_ALLOW 1251 ) 1252 ), 1253 1254 'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only 1255 1256 'riskbitmask' => RISK_SPAM, 1257 1258 'captype' => 'write', 1259 'contextlevel' => CONTEXT_SYSTEM, 1260 'archetypes' => array( 1261 'user' => CAP_ALLOW, 1262 'manager' => CAP_ALLOW 1263 ) 1264 ), 1265 1266 'moodle/blog:manageentries' => array( 1267 1268 'riskbitmask' => RISK_SPAM, 1269 1270 'captype' => 'write', 1271 'contextlevel' => CONTEXT_SYSTEM, 1272 'archetypes' => array( 1273 'teacher' => CAP_ALLOW, 1274 'editingteacher' => CAP_ALLOW, 1275 'manager' => CAP_ALLOW 1276 ) 1277 ), 1278 1279 'moodle/blog:manageexternal' => array( 1280 1281 'riskbitmask' => RISK_SPAM, 1282 1283 'captype' => 'write', 1284 'contextlevel' => CONTEXT_SYSTEM, 1285 'archetypes' => array( 1286 'student' => CAP_ALLOW, 1287 'user' => CAP_ALLOW, 1288 'teacher' => CAP_ALLOW, 1289 'editingteacher' => CAP_ALLOW, 1290 'manager' => CAP_ALLOW 1291 ) 1292 ), 1293 1294 'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only 1295 1296 'riskbitmask' => RISK_SPAM, 1297 1298 'captype' => 'write', 1299 'contextlevel' => CONTEXT_COURSE, 1300 'archetypes' => array( 1301 'user' => CAP_ALLOW, 1302 'manager' => CAP_ALLOW 1303 ) 1304 ), 1305 1306 'moodle/calendar:managegroupentries' => array( 1307 1308 'riskbitmask' => RISK_SPAM, 1309 1310 'captype' => 'write', 1311 'contextlevel' => CONTEXT_COURSE, 1312 'archetypes' => array( 1313 'teacher' => CAP_ALLOW, 1314 'editingteacher' => CAP_ALLOW, 1315 'manager' => CAP_ALLOW 1316 ) 1317 ), 1318 1319 'moodle/calendar:manageentries' => array( 1320 1321 'riskbitmask' => RISK_SPAM, 1322 1323 'captype' => 'write', 1324 'contextlevel' => CONTEXT_COURSE, 1325 'archetypes' => array( 1326 'teacher' => CAP_ALLOW, 1327 'editingteacher' => CAP_ALLOW, 1328 'manager' => CAP_ALLOW 1329 ) 1330 ), 1331 1332 'moodle/user:editprofile' => array( 1333 1334 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1335 1336 'captype' => 'write', 1337 'contextlevel' => CONTEXT_USER, 1338 'archetypes' => array( 1339 'manager' => CAP_ALLOW 1340 ) 1341 ), 1342 1343 'moodle/user:editownprofile' => array( 1344 1345 'riskbitmask' => RISK_SPAM, 1346 1347 'captype' => 'write', 1348 'contextlevel' => CONTEXT_SYSTEM, 1349 'archetypes' => array( 1350 'guest' => CAP_PROHIBIT, 1351 'user' => CAP_ALLOW, 1352 'manager' => CAP_ALLOW 1353 ) 1354 ), 1355 1356 'moodle/user:changeownpassword' => array( 1357 1358 'captype' => 'write', 1359 'contextlevel' => CONTEXT_SYSTEM, 1360 'archetypes' => array( 1361 'guest' => CAP_PROHIBIT, 1362 'user' => CAP_ALLOW, 1363 'manager' => CAP_ALLOW 1364 ) 1365 ), 1366 1367 // The next 3 might make no sense for some roles, e.g teacher, etc. 1368 // since the next level up is site. These are more for the parent role 1369 'moodle/user:readuserposts' => array( 1370 1371 'captype' => 'read', 1372 'contextlevel' => CONTEXT_USER, 1373 'archetypes' => array( 1374 'student' => CAP_ALLOW, 1375 'teacher' => CAP_ALLOW, 1376 'editingteacher' => CAP_ALLOW, 1377 'manager' => CAP_ALLOW 1378 ) 1379 ), 1380 1381 'moodle/user:readuserblogs' => array( 1382 1383 'captype' => 'read', 1384 'contextlevel' => CONTEXT_USER, 1385 'archetypes' => array( 1386 'student' => CAP_ALLOW, 1387 'teacher' => CAP_ALLOW, 1388 'editingteacher' => CAP_ALLOW, 1389 'manager' => CAP_ALLOW 1390 ) 1391 ), 1392 1393 // designed for parent role - not used in legacy roles 1394 'moodle/user:viewuseractivitiesreport' => array( 1395 'riskbitmask' => RISK_PERSONAL, 1396 1397 'captype' => 'read', 1398 'contextlevel' => CONTEXT_USER, 1399 'archetypes' => array( 1400 ) 1401 ), 1402 1403 //capabilities designed for the new message system configuration 1404 'moodle/user:editmessageprofile' => array( 1405 1406 'riskbitmask' => RISK_SPAM, 1407 1408 'captype' => 'write', 1409 'contextlevel' => CONTEXT_USER, 1410 'archetypes' => array( 1411 'manager' => CAP_ALLOW 1412 ) 1413 ), 1414 1415 'moodle/user:editownmessageprofile' => array( 1416 1417 'captype' => 'write', 1418 'contextlevel' => CONTEXT_SYSTEM, 1419 'archetypes' => array( 1420 'guest' => CAP_PROHIBIT, 1421 'user' => CAP_ALLOW, 1422 'manager' => CAP_ALLOW 1423 ) 1424 ), 1425 1426 'moodle/question:managecategory' => array( 1427 'riskbitmask' => RISK_SPAM | RISK_XSS, 1428 'captype' => 'write', 1429 'contextlevel' => CONTEXT_COURSE, 1430 'archetypes' => array( 1431 'editingteacher' => CAP_ALLOW, 1432 'manager' => CAP_ALLOW 1433 ) 1434 ), 1435 1436 //new in moodle 1.9 1437 'moodle/question:add' => array( 1438 'riskbitmask' => RISK_SPAM | RISK_XSS, 1439 'captype' => 'write', 1440 'contextlevel' => CONTEXT_COURSE, 1441 'archetypes' => array( 1442 'editingteacher' => CAP_ALLOW, 1443 'manager' => CAP_ALLOW 1444 ), 1445 'clonepermissionsfrom' => 'moodle/question:manage' 1446 ), 1447 'moodle/question:editmine' => array( 1448 'riskbitmask' => RISK_SPAM | RISK_XSS, 1449 'captype' => 'write', 1450 'contextlevel' => CONTEXT_COURSE, 1451 'archetypes' => array( 1452 'editingteacher' => CAP_ALLOW, 1453 'manager' => CAP_ALLOW 1454 ), 1455 'clonepermissionsfrom' => 'moodle/question:manage' 1456 ), 1457 'moodle/question:editall' => array( 1458 'riskbitmask' => RISK_SPAM | RISK_XSS, 1459 'captype' => 'write', 1460 'contextlevel' => CONTEXT_COURSE, 1461 'archetypes' => array( 1462 'editingteacher' => CAP_ALLOW, 1463 'manager' => CAP_ALLOW 1464 ), 1465 'clonepermissionsfrom' => 'moodle/question:manage' 1466 ), 1467 'moodle/question:viewmine' => array( 1468 'captype' => 'read', 1469 'contextlevel' => CONTEXT_COURSE, 1470 'archetypes' => array( 1471 'editingteacher' => CAP_ALLOW, 1472 'manager' => CAP_ALLOW 1473 ), 1474 'clonepermissionsfrom' => 'moodle/question:manage' 1475 ), 1476 'moodle/question:viewall' => array( 1477 'captype' => 'read', 1478 'contextlevel' => CONTEXT_COURSE, 1479 'archetypes' => array( 1480 'editingteacher' => CAP_ALLOW, 1481 'manager' => CAP_ALLOW 1482 ), 1483 'clonepermissionsfrom' => 'moodle/question:manage' 1484 ), 1485 'moodle/question:usemine' => array( 1486 'captype' => 'read', 1487 'contextlevel' => CONTEXT_COURSE, 1488 'archetypes' => array( 1489 'editingteacher' => CAP_ALLOW, 1490 'manager' => CAP_ALLOW 1491 ), 1492 'clonepermissionsfrom' => 'moodle/question:manage' 1493 ), 1494 'moodle/question:useall' => array( 1495 'captype' => 'read', 1496 'contextlevel' => CONTEXT_COURSE, 1497 'archetypes' => array( 1498 'editingteacher' => CAP_ALLOW, 1499 'manager' => CAP_ALLOW 1500 ), 1501 'clonepermissionsfrom' => 'moodle/question:manage' 1502 ), 1503 'moodle/question:movemine' => array( 1504 'captype' => 'write', 1505 'contextlevel' => CONTEXT_COURSE, 1506 'archetypes' => array( 1507 'editingteacher' => CAP_ALLOW, 1508 'manager' => CAP_ALLOW 1509 ), 1510 'clonepermissionsfrom' => 'moodle/question:manage' 1511 ), 1512 'moodle/question:moveall' => array( 1513 'captype' => 'write', 1514 'contextlevel' => CONTEXT_COURSE, 1515 'archetypes' => array( 1516 'editingteacher' => CAP_ALLOW, 1517 'manager' => CAP_ALLOW 1518 ), 1519 'clonepermissionsfrom' => 'moodle/question:manage' 1520 ), 1521 //END new in moodle 1.9 1522 1523 // Configure the installed question types. 1524 'moodle/question:config' => array( 1525 'riskbitmask' => RISK_CONFIG, 1526 'captype' => 'write', 1527 'contextlevel' => CONTEXT_SYSTEM, 1528 'archetypes' => array( 1529 'manager' => CAP_ALLOW 1530 ) 1531 ), 1532 1533 // While attempting questions, the ability to flag particular questions for later reference. 1534 'moodle/question:flag' => array( 1535 'captype' => 'write', 1536 'contextlevel' => CONTEXT_COURSE, 1537 'archetypes' => array( 1538 'student' => CAP_ALLOW, 1539 'teacher' => CAP_ALLOW, 1540 'editingteacher' => CAP_ALLOW, 1541 'manager' => CAP_ALLOW 1542 ) 1543 ), 1544 1545 // Controls whether the user can tag his own questions. 1546 'moodle/question:tagmine' => array( 1547 'captype' => 'write', 1548 'contextlevel' => CONTEXT_COURSE, 1549 'archetypes' => array( 1550 'editingteacher' => CAP_ALLOW, 1551 'manager' => CAP_ALLOW 1552 ), 1553 'clonepermissionsfrom' => 'moodle/question:editmine' 1554 ), 1555 1556 // Controls whether the user can tag all questions. 1557 'moodle/question:tagall' => array( 1558 'captype' => 'write', 1559 'contextlevel' => CONTEXT_COURSE, 1560 'archetypes' => array( 1561 'editingteacher' => CAP_ALLOW, 1562 'manager' => CAP_ALLOW 1563 ), 1564 'clonepermissionsfrom' => 'moodle/question:editall' 1565 ), 1566 1567 'moodle/site:doclinks' => array( 1568 'captype' => 'read', 1569 'contextlevel' => CONTEXT_SYSTEM, 1570 'archetypes' => array( 1571 'teacher' => CAP_ALLOW, 1572 'editingteacher' => CAP_ALLOW, 1573 'manager' => CAP_ALLOW 1574 ) 1575 ), 1576 1577 'moodle/course:sectionvisibility' => array( 1578 1579 'captype' => 'write', 1580 'contextlevel' => CONTEXT_COURSE, 1581 'archetypes' => array( 1582 'editingteacher' => CAP_ALLOW, 1583 'manager' => CAP_ALLOW 1584 ) 1585 ), 1586 1587 'moodle/course:useremail' => array( 1588 1589 'captype' => 'write', 1590 'contextlevel' => CONTEXT_COURSE, 1591 'archetypes' => array( 1592 'editingteacher' => CAP_ALLOW, 1593 'manager' => CAP_ALLOW 1594 ) 1595 ), 1596 1597 'moodle/course:viewhiddensections' => array( 1598 1599 'captype' => 'read', 1600 'contextlevel' => CONTEXT_COURSE, 1601 'archetypes' => array( 1602 'editingteacher' => CAP_ALLOW, 1603 'manager' => CAP_ALLOW 1604 ) 1605 ), 1606 1607 'moodle/course:setcurrentsection' => array( 1608 1609 'captype' => 'write', 1610 'contextlevel' => CONTEXT_COURSE, 1611 'archetypes' => array( 1612 'editingteacher' => CAP_ALLOW, 1613 'manager' => CAP_ALLOW 1614 ) 1615 ), 1616 1617 'moodle/course:movesections' => array( 1618 1619 'captype' => 'write', 1620 'contextlevel' => CONTEXT_COURSE, 1621 'archetypes' => array( 1622 'editingteacher' => CAP_ALLOW, 1623 'manager' => CAP_ALLOW 1624 ), 1625 'clonepermissionsfrom' => 'moodle/course:update' 1626 ), 1627 1628 'moodle/site:mnetlogintoremote' => array( 1629 1630 'captype' => 'read', 1631 'contextlevel' => CONTEXT_SYSTEM, 1632 'archetypes' => array( 1633 ) 1634 ), 1635 1636 'moodle/grade:viewall' => array( 1637 'riskbitmask' => RISK_PERSONAL, 1638 'captype' => 'read', 1639 'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER 1640 'archetypes' => array( 1641 'teacher' => CAP_ALLOW, 1642 'editingteacher' => CAP_ALLOW, 1643 'manager' => CAP_ALLOW 1644 ), 1645 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' 1646 ), 1647 1648 'moodle/grade:view' => array( 1649 'captype' => 'read', 1650 'contextlevel' => CONTEXT_COURSE, 1651 'archetypes' => array( 1652 'student' => CAP_ALLOW 1653 ) 1654 ), 1655 1656 'moodle/grade:viewhidden' => array( 1657 'riskbitmask' => RISK_PERSONAL, 1658 'captype' => 'read', 1659 'contextlevel' => CONTEXT_COURSE, 1660 'archetypes' => array( 1661 'teacher' => CAP_ALLOW, 1662 'editingteacher' => CAP_ALLOW, 1663 'manager' => CAP_ALLOW 1664 ), 1665 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' 1666 ), 1667 1668 'moodle/grade:import' => array( 1669 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1670 'captype' => 'write', 1671 'contextlevel' => CONTEXT_COURSE, 1672 'archetypes' => array( 1673 'editingteacher' => CAP_ALLOW, 1674 'manager' => CAP_ALLOW 1675 ), 1676 'clonepermissionsfrom' => 'moodle/course:managegrades' 1677 ), 1678 1679 'moodle/grade:export' => array( 1680 'riskbitmask' => RISK_PERSONAL, 1681 'captype' => 'read', 1682 'contextlevel' => CONTEXT_COURSE, 1683 'archetypes' => array( 1684 'teacher' => CAP_ALLOW, 1685 'editingteacher' => CAP_ALLOW, 1686 'manager' => CAP_ALLOW 1687 ), 1688 'clonepermissionsfrom' => 'moodle/course:managegrades' 1689 ), 1690 1691 'moodle/grade:manage' => array( 1692 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1693 'captype' => 'write', 1694 'contextlevel' => CONTEXT_COURSE, 1695 'archetypes' => array( 1696 'editingteacher' => CAP_ALLOW, 1697 'manager' => CAP_ALLOW 1698 ), 1699 'clonepermissionsfrom' => 'moodle/course:managegrades' 1700 ), 1701 1702 'moodle/grade:edit' => array( 1703 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1704 'captype' => 'write', 1705 'contextlevel' => CONTEXT_COURSE, 1706 'archetypes' => array( 1707 'editingteacher' => CAP_ALLOW, 1708 'manager' => CAP_ALLOW 1709 ), 1710 'clonepermissionsfrom' => 'moodle/course:managegrades' 1711 ), 1712 1713 // ability to define advanced grading forms in activities either from scratch 1714 // or from a shared template 1715 'moodle/grade:managegradingforms' => array( 1716 'riskbitmask' => RISK_PERSONAL | RISK_XSS, 1717 'captype' => 'write', 1718 'contextlevel' => CONTEXT_COURSE, 1719 'archetypes' => array( 1720 'editingteacher' => CAP_ALLOW, 1721 'manager' => CAP_ALLOW 1722 ), 1723 'clonepermissionsfrom' => 'moodle/course:managegrades' 1724 ), 1725 1726 // ability to save a grading form as a new shared template and eventually edit 1727 // and remove own templates (templates originally shared by that user) 1728 'moodle/grade:sharegradingforms' => array( 1729 'riskbitmask' => RISK_XSS, 1730 'captype' => 'write', 1731 'contextlevel' => CONTEXT_SYSTEM, 1732 'archetypes' => array( 1733 'manager' => CAP_ALLOW 1734 ), 1735 ), 1736 1737 // ability to edit and remove any shared template, even those originally shared 1738 // by other users 1739 'moodle/grade:managesharedforms' => array( 1740 'riskbitmask' => RISK_XSS, 1741 'captype' => 'write', 1742 'contextlevel' => CONTEXT_SYSTEM, 1743 'archetypes' => array( 1744 'manager' => CAP_ALLOW 1745 ), 1746 ), 1747 1748 'moodle/grade:manageoutcomes' => array( 1749 'captype' => 'write', 1750 'contextlevel' => CONTEXT_COURSE, 1751 'archetypes' => array( 1752 'editingteacher' => CAP_ALLOW, 1753 'manager' => CAP_ALLOW 1754 ), 1755 'clonepermissionsfrom' => 'moodle/course:managegrades' 1756 ), 1757 1758 'moodle/grade:manageletters' => array( 1759 'captype' => 'write', 1760 'contextlevel' => CONTEXT_COURSE, 1761 'archetypes' => array( 1762 'editingteacher' => CAP_ALLOW, 1763 'manager' => CAP_ALLOW 1764 ), 1765 'clonepermissionsfrom' => 'moodle/course:managegrades' 1766 ), 1767 1768 'moodle/grade:hide' => array( 1769 'captype' => 'write', 1770 'contextlevel' => CONTEXT_COURSE, 1771 'archetypes' => array( 1772 'editingteacher' => CAP_ALLOW, 1773 'manager' => CAP_ALLOW 1774 ) 1775 ), 1776 1777 'moodle/grade:lock' => array( 1778 'captype' => 'write', 1779 'contextlevel' => CONTEXT_COURSE, 1780 'archetypes' => array( 1781 'editingteacher' => CAP_ALLOW, 1782 'manager' => CAP_ALLOW 1783 ) 1784 ), 1785 1786 'moodle/grade:unlock' => array( 1787 'captype' => 'write', 1788 'contextlevel' => CONTEXT_COURSE, 1789 'archetypes' => array( 1790 'editingteacher' => CAP_ALLOW, 1791 'manager' => CAP_ALLOW 1792 ) 1793 ), 1794 1795 'moodle/my:manageblocks' => array( 1796 'captype' => 'write', 1797 'contextlevel' => CONTEXT_SYSTEM, 1798 'archetypes' => array( 1799 'user' => CAP_ALLOW 1800 ) 1801 ), 1802 1803 'moodle/notes:view' => array( 1804 'captype' => 'read', 1805 'contextlevel' => CONTEXT_COURSE, 1806 'archetypes' => array( 1807 'teacher' => CAP_ALLOW, 1808 'editingteacher' => CAP_ALLOW, 1809 'manager' => CAP_ALLOW 1810 ) 1811 ), 1812 1813 'moodle/notes:manage' => array( 1814 'riskbitmask' => RISK_SPAM, 1815 1816 'captype' => 'write', 1817 'contextlevel' => CONTEXT_COURSE, 1818 'archetypes' => array( 1819 'teacher' => CAP_ALLOW, 1820 'editingteacher' => CAP_ALLOW, 1821 'manager' => CAP_ALLOW 1822 ) 1823 ), 1824 1825 'moodle/tag:manage' => array( 1826 'riskbitmask' => RISK_SPAM, 1827 1828 'captype' => 'write', 1829 'contextlevel' => CONTEXT_SYSTEM, 1830 'archetypes' => array( 1831 'manager' => CAP_ALLOW 1832 ) 1833 ), 1834 1835 'moodle/tag:edit' => array( 1836 'riskbitmask' => RISK_SPAM, 1837 1838 'captype' => 'write', 1839 'contextlevel' => CONTEXT_SYSTEM, 1840 'archetypes' => array( 1841 'manager' => CAP_ALLOW 1842 ) 1843 ), 1844 1845 'moodle/tag:flag' => array( 1846 'riskbitmask' => RISK_SPAM, 1847 1848 'captype' => 'write', 1849 'contextlevel' => CONTEXT_SYSTEM, 1850 'archetypes' => array( 1851 'user' => CAP_ALLOW 1852 ) 1853 ), 1854 1855 'moodle/tag:editblocks' => array( 1856 'captype' => 'write', 1857 'contextlevel' => CONTEXT_SYSTEM, 1858 'archetypes' => array( 1859 'teacher' => CAP_ALLOW, 1860 'editingteacher' => CAP_ALLOW, 1861 'manager' => CAP_ALLOW 1862 ) 1863 ), 1864 1865 'moodle/block:view' => array( 1866 'captype' => 'read', 1867 'contextlevel' => CONTEXT_BLOCK, 1868 'archetypes' => array( 1869 'guest' => CAP_ALLOW, 1870 'user' => CAP_ALLOW, 1871 'student' => CAP_ALLOW, 1872 'teacher' => CAP_ALLOW, 1873 'editingteacher' => CAP_ALLOW, 1874 ) 1875 ), 1876 1877 'moodle/block:edit' => array( 1878 'riskbitmask' => RISK_SPAM | RISK_XSS, 1879 1880 'captype' => 'write', 1881 'contextlevel' => CONTEXT_BLOCK, 1882 'archetypes' => array( 1883 'editingteacher' => CAP_ALLOW, 1884 'manager' => CAP_ALLOW 1885 ) 1886 ), 1887 1888 'moodle/portfolio:export' => array( 1889 'captype' => 'read', 1890 'contextlevel' => CONTEXT_SYSTEM, 1891 'archetypes' => array( 1892 'user' => CAP_ALLOW, 1893 'student' => CAP_ALLOW, 1894 'teacher' => CAP_ALLOW, 1895 'editingteacher' => CAP_ALLOW, 1896 ) 1897 ), 1898 'moodle/comment:view' => array( 1899 'captype' => 'read', 1900 'contextlevel' => CONTEXT_COURSE, 1901 'archetypes' => array( 1902 'frontpage' => CAP_ALLOW, 1903 'guest' => CAP_ALLOW, 1904 'user' => CAP_ALLOW, 1905 'student' => CAP_ALLOW, 1906 'teacher' => CAP_ALLOW, 1907 'editingteacher' => CAP_ALLOW, 1908 'manager' => CAP_ALLOW 1909 ) 1910 ), 1911 'moodle/comment:post' => array( 1912 1913 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1914 'captype' => 'write', 1915 'contextlevel' => CONTEXT_COURSE, 1916 'archetypes' => array( 1917 'user' => CAP_ALLOW, 1918 'student' => CAP_ALLOW, 1919 'teacher' => CAP_ALLOW, 1920 'editingteacher' => CAP_ALLOW, 1921 'manager' => CAP_ALLOW 1922 ) 1923 ), 1924 'moodle/comment:delete' => array( 1925 1926 'riskbitmask' => RISK_DATALOSS, 1927 'captype' => 'write', 1928 'contextlevel' => CONTEXT_COURSE, 1929 'archetypes' => array( 1930 'editingteacher' => CAP_ALLOW, 1931 'manager' => CAP_ALLOW 1932 ) 1933 ), 1934 'moodle/webservice:createtoken' => array( 1935 1936 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS, 1937 'captype' => 'write', 1938 'contextlevel' => CONTEXT_SYSTEM, 1939 'archetypes' => array( 1940 'manager' => CAP_ALLOW 1941 ) 1942 ), 1943 'moodle/webservice:managealltokens' => array( 1944 1945 'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_PERSONAL, 1946 'captype' => 'write', 1947 'contextlevel' => CONTEXT_SYSTEM, 1948 'archetypes' => array() 1949 ), 1950 'moodle/webservice:createmobiletoken' => array( 1951 1952 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, 1953 'captype' => 'write', 1954 'contextlevel' => CONTEXT_SYSTEM, 1955 'archetypes' => array( 1956 'user' => CAP_ALLOW 1957 ) 1958 ), 1959 'moodle/rating:view' => array( 1960 1961 'captype' => 'read', 1962 'contextlevel' => CONTEXT_COURSE, 1963 'archetypes' => array( 1964 'user' => CAP_ALLOW, 1965 'student' => CAP_ALLOW, 1966 'teacher' => CAP_ALLOW, 1967 'editingteacher' => CAP_ALLOW, 1968 'manager' => CAP_ALLOW 1969 ) 1970 ), 1971 'moodle/rating:viewany' => array( 1972 1973 'riskbitmask' => RISK_PERSONAL, 1974 'captype' => 'read', 1975 'contextlevel' => CONTEXT_COURSE, 1976 'archetypes' => array( 1977 'user' => CAP_ALLOW, 1978 'student' => CAP_ALLOW, 1979 'teacher' => CAP_ALLOW, 1980 'editingteacher' => CAP_ALLOW, 1981 'manager' => CAP_ALLOW 1982 ) 1983 ), 1984 'moodle/rating:viewall' => array( 1985 1986 'riskbitmask' => RISK_PERSONAL, 1987 'captype' => 'read', 1988 'contextlevel' => CONTEXT_COURSE, 1989 'archetypes' => array( 1990 'user' => CAP_ALLOW, 1991 'student' => CAP_ALLOW, 1992 'teacher' => CAP_ALLOW, 1993 'editingteacher' => CAP_ALLOW, 1994 'manager' => CAP_ALLOW 1995 ) 1996 ), 1997 'moodle/rating:rate' => array( 1998 1999 'captype' => 'write', 2000 'contextlevel' => CONTEXT_COURSE, 2001 'archetypes' => array( 2002 'user' => CAP_ALLOW, 2003 'student' => CAP_ALLOW, 2004 'teacher' => CAP_ALLOW, 2005 'editingteacher' => CAP_ALLOW, 2006 'manager' => CAP_ALLOW 2007 ) 2008 ), 2009 'moodle/course:markcomplete' => array( 2010 'captype' => 'write', 2011 'contextlevel' => CONTEXT_COURSE, 2012 'archetypes' => array( 2013 'teacher' => CAP_ALLOW, 2014 'editingteacher' => CAP_ALLOW, 2015 'manager' => CAP_ALLOW 2016 ) 2017 ), 2018 'moodle/course:overridecompletion' => array( 2019 'captype' => 'write', 2020 'contextlevel' => CONTEXT_COURSE, 2021 'archetypes' => array( 2022 'teacher' => CAP_ALLOW, 2023 'editingteacher' => CAP_ALLOW, 2024 'manager' => CAP_ALLOW 2025 ) 2026 ), 2027 2028 // Badges. 2029 'moodle/badges:manageglobalsettings' => array( 2030 'riskbitmask' => RISK_DATALOSS | RISK_CONFIG, 2031 'captype' => 'write', 2032 'contextlevel' => CONTEXT_SYSTEM, 2033 'archetypes' => array( 2034 'manager' => CAP_ALLOW, 2035 ) 2036 ), 2037 2038 // View available badges without earning them. 2039 'moodle/badges:viewbadges' => array( 2040 'captype' => 'read', 2041 'contextlevel' => CONTEXT_COURSE, 2042 'archetypes' => array( 2043 'user' => CAP_ALLOW, 2044 ) 2045 ), 2046 2047 // Manage badges on own private badges page. 2048 'moodle/badges:manageownbadges' => array( 2049 'riskbitmap' => RISK_SPAM, 2050 'captype' => 'write', 2051 'contextlevel' => CONTEXT_USER, 2052 'archetypes' => array( 2053 'user' => CAP_ALLOW 2054 ) 2055 ), 2056 2057 // View public badges in other users' profiles. 2058 'moodle/badges:viewotherbadges' => array( 2059 'riskbitmap' => RISK_PERSONAL, 2060 'captype' => 'read', 2061 'contextlevel' => CONTEXT_USER, 2062 'archetypes' => array( 2063 'user' => CAP_ALLOW 2064 ) 2065 ), 2066 2067 // Earn badge. 2068 'moodle/badges:earnbadge' => array( 2069 'captype' => 'write', 2070 'contextlevel' => CONTEXT_COURSE, 2071 'archetypes' => array( 2072 'user' => CAP_ALLOW, 2073 ) 2074 ), 2075 2076 // Create/duplicate badges. 2077 'moodle/badges:createbadge' => array( 2078 'riskbitmask' => RISK_SPAM, 2079 'captype' => 'write', 2080 'contextlevel' => CONTEXT_COURSE, 2081 'archetypes' => array( 2082 'manager' => CAP_ALLOW, 2083 'editingteacher' => CAP_ALLOW, 2084 ) 2085 ), 2086 2087 // Delete badges. 2088 'moodle/badges:deletebadge' => array( 2089 'riskbitmask' => RISK_DATALOSS, 2090 'captype' => 'write', 2091 'contextlevel' => CONTEXT_COURSE, 2092 'archetypes' => array( 2093 'manager' => CAP_ALLOW, 2094 'editingteacher' => CAP_ALLOW, 2095 ) 2096 ), 2097 2098 // Set up/edit badge details. 2099 'moodle/badges:configuredetails' => array( 2100 'riskbitmask' => RISK_SPAM, 2101 'captype' => 'write', 2102 'contextlevel' => CONTEXT_COURSE, 2103 'archetypes' => array( 2104 'manager' => CAP_ALLOW, 2105 'editingteacher' => CAP_ALLOW, 2106 ) 2107 ), 2108 2109 // Set up/edit criteria of earning a badge. 2110 'moodle/badges:configurecriteria' => array( 2111 'riskbitmask' => RISK_XSS, 2112 'captype' => 'write', 2113 'contextlevel' => CONTEXT_COURSE, 2114 'archetypes' => array( 2115 'manager' => CAP_ALLOW, 2116 'editingteacher' => CAP_ALLOW, 2117 ) 2118 ), 2119 2120 // Configure badge messages. 2121 'moodle/badges:configuremessages' => array( 2122 'riskbitmask' => RISK_SPAM, 2123 'captype' => 'write', 2124 'contextlevel' => CONTEXT_COURSE, 2125 'archetypes' => array( 2126 'manager' => CAP_ALLOW, 2127 'editingteacher' => CAP_ALLOW, 2128 ) 2129 ), 2130 2131 // Award badge to a user. 2132 'moodle/badges:awardbadge' => array( 2133 'riskbitmask' => RISK_SPAM, 2134 'captype' => 'write', 2135 'contextlevel' => CONTEXT_COURSE, 2136 'archetypes' => array( 2137 'manager' => CAP_ALLOW, 2138 'teacher' => CAP_ALLOW, 2139 'editingteacher' => CAP_ALLOW, 2140 ) 2141 ), 2142 2143 // Revoke badge from a user. 2144 'moodle/badges:revokebadge' => array( 2145 'riskbitmask' => RISK_SPAM, 2146 'captype' => 'write', 2147 'contextlevel' => CONTEXT_COURSE, 2148 'archetypes' => array( 2149 'manager' => CAP_ALLOW, 2150 'teacher' => CAP_ALLOW, 2151 'editingteacher' => CAP_ALLOW, 2152 ) 2153 ), 2154 2155 // View users who earned a specific badge without being able to award a badge. 2156 'moodle/badges:viewawarded' => array( 2157 'riskbitmask' => RISK_PERSONAL, 2158 'captype' => 'read', 2159 'contextlevel' => CONTEXT_COURSE, 2160 'archetypes' => array( 2161 'manager' => CAP_ALLOW, 2162 'teacher' => CAP_ALLOW, 2163 'editingteacher' => CAP_ALLOW, 2164 ) 2165 ), 2166 2167 'moodle/site:forcelanguage' => array( 2168 'captype' => 'read', 2169 'contextlevel' => CONTEXT_SYSTEM, 2170 'archetypes' => array( 2171 ) 2172 ), 2173 2174 // Perform site-wide search queries through the search API. 2175 'moodle/search:query' => array( 2176 'captype' => 'read', 2177 'contextlevel' => CONTEXT_SYSTEM, 2178 'archetypes' => array( 2179 'guest' => CAP_ALLOW, 2180 'user' => CAP_ALLOW, 2181 'student' => CAP_ALLOW, 2182 'teacher' => CAP_ALLOW, 2183 'editingteacher' => CAP_ALLOW, 2184 'manager' => CAP_ALLOW 2185 ) 2186 ), 2187 2188 // Competencies. 2189 'moodle/competency:competencymanage' => array( 2190 'captype' => 'write', 2191 'contextlevel' => CONTEXT_COURSECAT, 2192 'archetypes' => array( 2193 'manager' => CAP_ALLOW 2194 ) 2195 ), 2196 'moodle/competency:competencyview' => array( 2197 'captype' => 'read', 2198 'contextlevel' => CONTEXT_COURSECAT, 2199 'archetypes' => array( 2200 'user' => CAP_ALLOW 2201 ), 2202 ), 2203 'moodle/competency:competencygrade' => array( 2204 'captype' => 'write', 2205 'contextlevel' => CONTEXT_COURSE, // And CONTEXT_USER. 2206 'archetypes' => array( 2207 'editingteacher' => CAP_ALLOW, 2208 'teacher' => CAP_ALLOW, 2209 'manager' => CAP_ALLOW 2210 ), 2211 ), 2212 // Course competencies. 2213 'moodle/competency:coursecompetencymanage' => array( 2214 'captype' => 'write', 2215 'contextlevel' => CONTEXT_COURSE, 2216 'archetypes' => array( 2217 'editingteacher' => CAP_ALLOW, 2218 'manager' => CAP_ALLOW 2219 ), 2220 ), 2221 'moodle/competency:coursecompetencyconfigure' => array( 2222 'captype' => 'write', 2223 'contextlevel' => CONTEXT_MODULE, 2224 'archetypes' => array( 2225 'manager' => CAP_ALLOW 2226 ), 2227 ), 2228 'moodle/competency:coursecompetencygradable' => array( 2229 'captype' => 'read', 2230 'contextlevel' => CONTEXT_COURSE, 2231 'archetypes' => array( 2232 'student' => CAP_ALLOW 2233 ), 2234 'clonepermissionsfrom' => 'moodle/course:isincompletionreports' 2235 ), 2236 'moodle/competency:coursecompetencyview' => array( 2237 'captype' => 'read', 2238 'contextlevel' => CONTEXT_COURSE, 2239 'archetypes' => array( 2240 'user' => CAP_ALLOW 2241 ), 2242 ), 2243 // Evidence. 2244 'moodle/competency:evidencedelete' => array( 2245 'captype' => 'write', 2246 'contextlevel' => CONTEXT_USER, 2247 'archetypes' => array( 2248 ), 2249 'clonepermissionsfrom' => 'moodle/site:config' 2250 ), 2251 // User plans. 2252 'moodle/competency:planmanage' => array( 2253 'captype' => 'write', 2254 'contextlevel' => CONTEXT_USER, 2255 'archetypes' => array( 2256 'manager' => CAP_ALLOW 2257 ), 2258 ), 2259 'moodle/competency:planmanagedraft' => array( 2260 'captype' => 'write', 2261 'contextlevel' => CONTEXT_USER, 2262 'archetypes' => array( 2263 'manager' => CAP_ALLOW 2264 ), 2265 ), 2266 'moodle/competency:planmanageown' => array( 2267 'captype' => 'write', 2268 'contextlevel' => CONTEXT_USER, 2269 'archetypes' => array( 2270 ), 2271 ), 2272 'moodle/competency:planmanageowndraft' => array( 2273 'captype' => 'write', 2274 'contextlevel' => CONTEXT_USER, 2275 'archetypes' => array( 2276 ), 2277 ), 2278 'moodle/competency:planview' => array( 2279 'captype' => 'read', 2280 'contextlevel' => CONTEXT_USER, 2281 'archetypes' => array( 2282 'manager' => CAP_ALLOW 2283 ), 2284 ), 2285 'moodle/competency:planviewdraft' => array( 2286 'captype' => 'read', 2287 'contextlevel' => CONTEXT_USER, 2288 'archetypes' => array( 2289 'manager' => CAP_ALLOW 2290 ), 2291 ), 2292 'moodle/competency:planviewown' => array( 2293 'captype' => 'read', 2294 'contextlevel' => CONTEXT_USER, 2295 'archetypes' => array( 2296 'user' => CAP_ALLOW 2297 ), 2298 ), 2299 'moodle/competency:planviewowndraft' => array( 2300 'captype' => 'read', 2301 'contextlevel' => CONTEXT_USER, 2302 'archetypes' => array( 2303 ), 2304 ), 2305 'moodle/competency:planrequestreview' => array( 2306 'captype' => 'write', 2307 'contextlevel' => CONTEXT_USER, 2308 'archetypes' => array( 2309 'manager' => CAP_ALLOW 2310 ) 2311 ), 2312 'moodle/competency:planrequestreviewown' => array( 2313 'captype' => 'write', 2314 'contextlevel' => CONTEXT_USER, 2315 'archetypes' => array( 2316 'user' => CAP_ALLOW 2317 ) 2318 ), 2319 'moodle/competency:planreview' => array( 2320 'captype' => 'write', 2321 'contextlevel' => CONTEXT_USER, 2322 'archetypes' => array( 2323 'manager' => CAP_ALLOW 2324 ), 2325 ), 2326 'moodle/competency:plancomment' => array( 2327 'captype' => 'write', 2328 'contextlevel' => CONTEXT_USER, 2329 'archetypes' => array( 2330 'manager' => CAP_ALLOW 2331 ), 2332 ), 2333 'moodle/competency:plancommentown' => array( 2334 'captype' => 'write', 2335 'contextlevel' => CONTEXT_USER, 2336 'archetypes' => array( 2337 'user' => CAP_ALLOW 2338 ), 2339 ), 2340 // User competencies. 2341 'moodle/competency:usercompetencyview' => array( 2342 'captype' => 'read', 2343 'contextlevel' => CONTEXT_USER, // And CONTEXT_COURSE. 2344 'archetypes' => array( 2345 'manager' => CAP_ALLOW, 2346 'editingteacher' => CAP_ALLOW, 2347 'teacher' => CAP_ALLOW 2348 ) 2349 ), 2350 'moodle/competency:usercompetencyrequestreview' => array( 2351 'captype' => 'write', 2352 'contextlevel' => CONTEXT_USER, 2353 'archetypes' => array( 2354 'manager' => CAP_ALLOW 2355 ) 2356 ), 2357 'moodle/competency:usercompetencyrequestreviewown' => array( 2358 'captype' => 'write', 2359 'contextlevel' => CONTEXT_USER, 2360 'archetypes' => array( 2361 'user' => CAP_ALLOW 2362 ) 2363 ), 2364 'moodle/competency:usercompetencyreview' => array( 2365 'captype' => 'write', 2366 'contextlevel' => CONTEXT_USER, 2367 'archetypes' => array( 2368 'manager' => CAP_ALLOW 2369 ), 2370 ), 2371 'moodle/competency:usercompetencycomment' => array( 2372 'captype' => 'write', 2373 'contextlevel' => CONTEXT_USER, 2374 'archetypes' => array( 2375 'manager' => CAP_ALLOW 2376 ), 2377 ), 2378 'moodle/competency:usercompetencycommentown' => array( 2379 'captype' => 'write', 2380 'contextlevel' => CONTEXT_USER, 2381 'archetypes' => array( 2382 'user' => CAP_ALLOW 2383 ), 2384 ), 2385 // Template. 2386 'moodle/competency:templatemanage' => array( 2387 'captype' => 'write', 2388 'contextlevel' => CONTEXT_COURSECAT, 2389 'archetypes' => array( 2390 'manager' => CAP_ALLOW 2391 ), 2392 ), 2393 'moodle/analytics:listinsights' => array( 2394 'riskbitmask' => RISK_PERSONAL, 2395 'captype' => 'read', 2396 'contextlevel' => CONTEXT_COURSE, 2397 'archetypes' => array( 2398 'teacher' => CAP_ALLOW, 2399 'editingteacher' => CAP_ALLOW, 2400 'manager' => CAP_ALLOW 2401 ) 2402 ), 2403 'moodle/analytics:managemodels' => array( 2404 'riskbitmask' => RISK_CONFIG, 2405 'captype' => 'write', 2406 'contextlevel' => CONTEXT_SYSTEM, 2407 'archetypes' => array( 2408 'manager' => CAP_ALLOW 2409 ), 2410 ), 2411 'moodle/competency:templateview' => array( 2412 'captype' => 'read', 2413 'contextlevel' => CONTEXT_COURSECAT, 2414 'archetypes' => array( 2415 'manager' => CAP_ALLOW 2416 ), 2417 ), 2418 // User evidence. 2419 'moodle/competency:userevidencemanage' => array( 2420 'captype' => 'write', 2421 'contextlevel' => CONTEXT_USER, 2422 'archetypes' => array( 2423 'manager' => CAP_ALLOW 2424 ), 2425 ), 2426 'moodle/competency:userevidencemanageown' => array( 2427 'captype' => 'write', 2428 'contextlevel' => CONTEXT_USER, 2429 'archetypes' => array( 2430 'user' => CAP_ALLOW 2431 ), 2432 ), 2433 'moodle/competency:userevidenceview' => array( 2434 'captype' => 'read', 2435 'contextlevel' => CONTEXT_USER, 2436 'archetypes' => array( 2437 'manager' => CAP_ALLOW 2438 ), 2439 ), 2440 'moodle/site:maintenanceaccess' => array( 2441 'captype' => 'write', 2442 'contextlevel' => CONTEXT_SYSTEM, 2443 'archetypes' => array( 2444 ) 2445 ), 2446 // Allow message any user, regardlesss of the privacy preferences for messaging. 2447 'moodle/site:messageanyuser' => array( 2448 'riskbitmask' => RISK_SPAM, 2449 'captype' => 'write', 2450 'contextlevel' => CONTEXT_SYSTEM, 2451 'archetypes' => array( 2452 'teacher' => CAP_ALLOW, 2453 'editingteacher' => CAP_ALLOW, 2454 'manager' => CAP_ALLOW 2455 ) 2456 ), 2457 2458 // Context locking/unlocking. 2459 'moodle/site:managecontextlocks' => [ 2460 'captype' => 'write', 2461 'contextlevel' => CONTEXT_MODULE, 2462 'archetypes' => [ 2463 ], 2464 ], 2465 2466 // Manual completion toggling. 2467 'moodle/course:togglecompletion' => [ 2468 'captype' => 'write', 2469 'contextlevel' => CONTEXT_MODULE, 2470 'archetypes' => [ 2471 'user' => CAP_ALLOW, 2472 ], 2473 ], 2474 2475 'moodle/analytics:listowninsights' => array( 2476 'captype' => 'read', 2477 'contextlevel' => CONTEXT_SYSTEM, 2478 'archetypes' => array( 2479 'user' => CAP_ALLOW 2480 ) 2481 ), 2482 2483 // Set display option buttons to an H5P content. 2484 'moodle/h5p:setdisplayoptions' => array( 2485 'captype' => 'write', 2486 'contextlevel' => CONTEXT_MODULE, 2487 'archetypes' => array( 2488 'editingteacher' => CAP_ALLOW, 2489 ) 2490 ), 2491 2492 // Allow to deploy H5P content. 2493 'moodle/h5p:deploy' => array( 2494 'riskbitmask' => RISK_XSS, 2495 'captype' => 'write', 2496 'contextlevel' => CONTEXT_MODULE, 2497 'archetypes' => array( 2498 'manager' => CAP_ALLOW, 2499 'editingteacher' => CAP_ALLOW, 2500 ) 2501 ), 2502 2503 // Allow to update H5P content-type libraries. 2504 'moodle/h5p:updatelibraries' => [ 2505 'riskbitmask' => RISK_XSS, 2506 'captype' => 'write', 2507 'contextlevel' => CONTEXT_MODULE, 2508 'archetypes' => [ 2509 'manager' => CAP_ALLOW, 2510 ] 2511 ], 2512 2513 // Allow users to recommend activities in the activity chooser. 2514 'moodle/course:recommendactivity' => [ 2515 'captype' => 'write', 2516 'contextlevel' => CONTEXT_SYSTEM, 2517 'archetypes' => [ 2518 'manager' => CAP_ALLOW, 2519 ] 2520 ], 2521 2522 // Content bank capabilities. 2523 'moodle/contentbank:access' => array( 2524 'captype' => 'read', 2525 'contextlevel' => CONTEXT_COURSE, 2526 'archetypes' => array( 2527 'manager' => CAP_ALLOW, 2528 'coursecreator' => CAP_ALLOW, 2529 'editingteacher' => CAP_ALLOW, 2530 ) 2531 ), 2532 2533 'moodle/contentbank:upload' => array( 2534 'riskbitmask' => RISK_SPAM, 2535 'captype' => 'write', 2536 'contextlevel' => CONTEXT_COURSE, 2537 'archetypes' => array( 2538 'manager' => CAP_ALLOW, 2539 'coursecreator' => CAP_ALLOW, 2540 'editingteacher' => CAP_ALLOW, 2541 ) 2542 ), 2543 2544 // Delete any content from the content bank. 2545 'moodle/contentbank:deleteanycontent' => [ 2546 'riskbitmask' => RISK_DATALOSS, 2547 'captype' => 'write', 2548 'contextlevel' => CONTEXT_COURSE, 2549 'archetypes' => [ 2550 'manager' => CAP_ALLOW, 2551 'coursecreator' => CAP_ALLOW, 2552 ] 2553 ], 2554 2555 // Delete content created by yourself. 2556 'moodle/contentbank:deleteowncontent' => [ 2557 'captype' => 'write', 2558 'contextlevel' => CONTEXT_COURSE, 2559 'archetypes' => [ 2560 'user' => CAP_ALLOW, 2561 ] 2562 ], 2563 2564 // Manage (rename, move, publish, share, etc.) any content from the content bank. 2565 'moodle/contentbank:manageanycontent' => [ 2566 'riskbitmask' => RISK_DATALOSS, 2567 'captype' => 'write', 2568 'contextlevel' => CONTEXT_COURSE, 2569 'archetypes' => array( 2570 'manager' => CAP_ALLOW, 2571 'coursecreator' => CAP_ALLOW, 2572 ) 2573 ], 2574 2575 // Manage (rename, move, publish, share, etc.) content created by yourself. 2576 'moodle/contentbank:manageowncontent' => [ 2577 'captype' => 'write', 2578 'contextlevel' => CONTEXT_COURSE, 2579 'archetypes' => array( 2580 'manager' => CAP_ALLOW, 2581 'coursecreator' => CAP_ALLOW, 2582 'editingteacher' => CAP_ALLOW, 2583 ) 2584 ], 2585 2586 // Allow users to create/edit content within the content bank. 2587 'moodle/contentbank:useeditor' => [ 2588 'riskbitmask' => RISK_SPAM, 2589 'captype' => 'write', 2590 'contextlevel' => CONTEXT_COURSE, 2591 'archetypes' => array( 2592 'manager' => CAP_ALLOW, 2593 'coursecreator' => CAP_ALLOW, 2594 'editingteacher' => CAP_ALLOW, 2595 ) 2596 ], 2597 2598 // Allow users to download content. 2599 'moodle/contentbank:downloadcontent' => [ 2600 'captype' => 'read', 2601 'contextlevel' => CONTEXT_COURSE, 2602 'archetypes' => [ 2603 'manager' => CAP_ALLOW, 2604 'coursecreator' => CAP_ALLOW, 2605 'editingteacher' => CAP_ALLOW, 2606 ] 2607 ], 2608 2609 // Allow users to copy content. 2610 'moodle/contentbank:copyanycontent' => [ 2611 'riskbitmask' => RISK_SPAM, 2612 'captype' => 'write', 2613 'contextlevel' => CONTEXT_COURSE, 2614 'archetypes' => [ 2615 'manager' => CAP_ALLOW, 2616 'coursecreator' => CAP_ALLOW, 2617 ] 2618 ], 2619 2620 // Allow users to copy content. 2621 'moodle/contentbank:copycontent' => [ 2622 'riskbitmask' => RISK_SPAM, 2623 'captype' => 'write', 2624 'contextlevel' => CONTEXT_COURSE, 2625 'archetypes' => [ 2626 'manager' => CAP_ALLOW, 2627 'coursecreator' => CAP_ALLOW, 2628 'editingteacher' => CAP_ALLOW, 2629 ] 2630 ], 2631 2632 // Allow users to download course content. 2633 'moodle/course:downloadcoursecontent' => [ 2634 'captype' => 'read', 2635 'contextlevel' => CONTEXT_COURSE, 2636 'archetypes' => array( 2637 'student' => CAP_ALLOW, 2638 'teacher' => CAP_ALLOW, 2639 'editingteacher' => CAP_ALLOW, 2640 'manager' => CAP_ALLOW 2641 ) 2642 ], 2643 2644 // Allow users to configure download course content functionality within a course, if the feature is available. 2645 'moodle/course:configuredownloadcontent' => [ 2646 'captype' => 'write', 2647 'contextlevel' => CONTEXT_COURSE, 2648 'archetypes' => array( 2649 'editingteacher' => CAP_ALLOW, 2650 'manager' => CAP_ALLOW 2651 ), 2652 ], 2653 2654 // Allow to manage payment accounts. 2655 'moodle/payment:manageaccounts' => [ 2656 'captype' => 'write', 2657 'riskbitmask' => RISK_PERSONAL | RISK_CONFIG | RISK_DATALOSS, 2658 'contextlevel' => CONTEXT_COURSE, 2659 'archetypes' => [], 2660 ], 2661 2662 // Allow to view payments. 2663 'moodle/payment:viewpayments' => [ 2664 'captype' => 'read', 2665 'riskbitmask' => RISK_PERSONAL, 2666 'contextlevel' => CONTEXT_COURSE, 2667 'archetypes' => [], 2668 ], 2669 2670 // Allow users to view hidden content. 2671 'moodle/contentbank:viewunlistedcontent' => [ 2672 'captype' => 'read', 2673 'contextlevel' => CONTEXT_COURSE, 2674 'archetypes' => [ 2675 'manager' => CAP_ALLOW, 2676 'coursecreator' => CAP_ALLOW, 2677 ] 2678 ], 2679 2680 // Allow users to view custom reports. 2681 'moodle/reportbuilder:view' => [ 2682 'captype' => 'read', 2683 'contextlevel' => CONTEXT_SYSTEM, 2684 'archetypes' => [ 2685 'user' => CAP_ALLOW, 2686 ], 2687 ], 2688 2689 // Allow users to create/edit their own custom reports. 2690 'moodle/reportbuilder:edit' => [ 2691 'captype' => 'write', 2692 'riskbitmap' => RISK_PERSONAL, 2693 'contextlevel' => CONTEXT_SYSTEM, 2694 'archetypes' => [ 2695 'manager' => CAP_ALLOW, 2696 ], 2697 ], 2698 2699 // Allow users to create/edit all custom reports. 2700 'moodle/reportbuilder:editall' => [ 2701 'captype' => 'write', 2702 'riskbitmap' => RISK_PERSONAL, 2703 'contextlevel' => CONTEXT_SYSTEM, 2704 'archetypes' => [], 2705 ], 2706 2707 // Allow users to schedule reports as other users. 2708 'moodle/reportbuilder:scheduleviewas' => [ 2709 'captype' => 'read', 2710 'riskbitmap' => RISK_PERSONAL, 2711 'contextlevel' => CONTEXT_SYSTEM, 2712 'archetypes' => [], 2713 ], 2714 2715 // Allow users to share activities to MoodleNet. 2716 'moodle/moodlenet:shareactivity' => [ 2717 'captype' => 'read', 2718 'contextlevel' => CONTEXT_COURSE, 2719 'archetypes' => [ 2720 'editingteacher' => CAP_ALLOW, 2721 'manager' => CAP_ALLOW, 2722 ] 2723 ], 2724 2725 // Allow users to configure course communication rooms. 2726 'moodle/course:configurecoursecommunication' => [ 2727 'captype' => 'write', 2728 'contextlevel' => CONTEXT_COURSE, 2729 'archetypes' => [ 2730 'editingteacher' => CAP_ALLOW, 2731 'manager' => CAP_ALLOW, 2732 ] 2733 ], 2734 2735 // Allow users to share courses to MoodleNet. 2736 'moodle/moodlenet:sharecourse' => [ 2737 'captype' => 'read', 2738 'contextlevel' => CONTEXT_COURSE, 2739 'archetypes' => [ 2740 'editingteacher' => CAP_ALLOW, 2741 'manager' => CAP_ALLOW, 2742 ] 2743 ], 2744 );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
