ROLES AND PERMISSIONS - FIRST CHECK-IN

======================================= WARNING: DEV IS CURRENTLY VERY UNSTABLE. This is a mega-checkin of the new Roles system. A lot of changes have been made in core and modules. Currently there are a lot of rough edges and known problems. We are working hard on these .. .the reason for getting this into HEAD at this stage is enable us to move faster (our branch was diverging from HEAD too much). Please keep an eye on http://docs.moodle.org/en/Roles for current status and information for developers on how to use the new Roles system.
2025-08-10 19:36:41 +02:00 · 2006-08-08 05:13:06 +00:00 · 2006-08-08 05:13:06 +00:00 · bbbf2d4015
commit bbbf2d4015
parent 394577c3e4
139 changed files with 40452 additions and 2001 deletions
--- a/mod/data/db/access.php
+++ b/mod/data/db/access.php
@ -0,0 +1,150 @@
+<?php
+//
+// Capability definitions for the data module.
+//
+// The capabilities are loaded into the database table when the module is
+// installed or updated. Whenever the capability definitions are updated,
+// the module version number should be bumped up.
+//
+// The system has four possible values for a capability:
+// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
+//
+//
+// CAPABILITY NAMING CONVENTION
+//
+// It is important that capability names are unique. The naming convention
+// for capabilities that are specific to modules and blocks is as follows:
+//   [mod/block]/<component_name>:<capabilityname>
+//
+// component_name should be the same as the directory name of the mod or block.
+//
+// Core moodle capabilities are defined thus:
+//    moodle/<capabilityclass>:<capabilityname>
+//
+// Examples: mod/forum:viewpost
+//           block/recent_activity:view
+//           moodle/site:deleteuser
+//
+// The variable name for the capability definitions array follows the format
+//   $<componenttype>_<component_name>_capabilities
+//
+// For the core capabilities, the variable is $moodle_capabilities.
+
+
+$mod_data_capabilities = array(
+    
+    'mod/data:readentry' => array(
+    
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
+    'mod/data:writeentry' => array(
+    
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
+    'mod/data:comment' => array(
+    
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
+    'mod/data:rate' => array(
+    
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
+    'mod/data:approve' => array(
+    
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
+    'mod/data:manageentries' => array(
+    
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
+    'mod/data:managecomments' => array(
+    
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
+    'mod/data:managetemplates' => array(
+    
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    )
+    
+);
+
+?>
--- a/mod/data/db/postgres7.sql
+++ b/mod/data/db/postgres7.sql
@ -92,6 +92,56 @@ CREATE TABLE prefix_data_ratings (
  rating integer NOT NULL default '0'
 );

+# Roles tables
+
+CREATE TABLE prefix_roles (
+  `id` SERIAL PRIMARY KEY,
+  `name` varchar(255) NOT NULL default '',
+  `description` text NOT NULL default '',
+  `priority` decimal(2,2) NOT NULL default '0',
+);
+
+CREATE TABLE prefix_contexts (
+  `id` SERIAL PRIMARY KEY,
+  `system` int(1) NOT NULL default '0',
+  `metacourseid` int(10) NOT NULL default '0',
+  `coursecatid` int(10) NOT NULL default '0',
+  `courseid` int(10) NOT NULL default '0',
+  `moduleinstance` int(10) NOT NULL default '0',
+  `userid` int(10) NOT NULL default '0',
+);
+
+CREATE TABLE prefix_role_assignments (
+  `id` SERIAL PRIMARY KEY,
+  `roldid` int(10) NOT NULL default '0',
+  `contextid` int(10) NOT NULL default '0',
+  `userid` int(10) NOT NULL default '0',
+  `groupid` int(10) NOT NULL default '0',
+  `timestart` int(10) NOT NULL default '0',
+  `timeend` int(10) NOT NULL default '0',
+  `timemodified` int(10) NOT NULL default '0',
+  `modifierid` int(10) NOT NULL default '0',
+);
+
+CREATE TABLE prefix_capability_overrides (
+  `id` SERIAL PRIMARY KEY,
+  `contextid` int(10) NOT NULL default '0',
+  `roleid` int(10) NOT NULL default '0',
+  `module` varchar(255) NOT NULL default '',
+  `capability` varchar(255) NOT NULL default '',
+  `allow` int(1) NOT NULL default '0',
+  `priority` double(2,2) NOT NULL default '0',
+  `timemodified` int(10) NOT NULL default '0',
+  `modifierid` int(10) NOT NULL default '0',
+);
+
+CREATE TABLE prefix_role_capabilities (
+  `id` SERIAL PRIMARY KEY,
+  `module` varchar(255) NOT NULL default '',
+  `capability` varchar(255) NOT NULL default '',
+  `allow` int(1) NOT NULL default '0',
+);
+
 INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'view', 'data', 'name');
 INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'add', 'data', 'name');
 INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'update', 'data', 'name');