Skip to content

docs: clarify capability contextlevel guidance#1615

Open
ded-furby wants to merge 1 commit into
moodle:mainfrom
ded-furby:docs/contextlevel-guidance-1339
Open

docs: clarify capability contextlevel guidance#1615
ded-furby wants to merge 1 commit into
moodle:mainfrom
ded-furby:docs/contextlevel-guidance-1339

Conversation

@ded-furby

@ded-furby ded-furby commented Jun 13, 2026

Copy link
Copy Markdown

Summary

  • explain that contextlevel should match the highest context where a capability is checked and overridden
  • add the override-screen example for moodle/site:config
  • backport the clarification to the current docs plus versions 4.5, 5.0, 5.1, and 5.2

Closes #1339

Validation

  • corepack yarn mdlint docs/apis/subsystems/access.md versioned_docs/version-4.5/apis/subsystems/access.md versioned_docs/version-5.0/apis/subsystems/access.md versioned_docs/version-5.1/apis/subsystems/access.md versioned_docs/version-5.2/apis/subsystems/access.md
  • repository lint-staged hook (markdownlint-cli2 --fix and cspell --no-must-find-files --no-progress) ran during commit

@netlify

netlify Bot commented Jun 13, 2026

Copy link
Copy Markdown

Deploy Preview for moodledevdocs ready!

Built without sensitive environment variables

Name Link
🔨 Latest commit 73d063d
🔍 Latest deploy log https://app.netlify.com/projects/moodledevdocs/deploys/6a2da67b3841b20008ef6e78
😎 Deploy Preview https://deploy-preview-1615--moodledevdocs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

| `archetypes` | specifies defaults for roles with standard archetypes, this is used in installs, upgrades and when resetting roles (it is recommended to use only CAP_ALLOW here). Archetypes are defined in mdl_role table. See also [Role archetypes](https://docs.moodle.org/dev/Role_archetypes). |
| `clonepermissionsfrom` | when you are adding a new capability, you can tell Moodle to copy the permissions for each role from the current settings for another capability. This may give better defaults than just using archetypes for administrators who have heavily customised their roles configuration. The full syntax is: `clonepermissionsfrom` => `moodle/quiz:attempt` |

When choosing `contextlevel`, pick the highest context where the capability is expected to be checked and overridden. Moodle can still check the capability in lower contexts, but it only appears in override screens where changing it can affect the result. For example, `moodle/site:config` uses `CONTEXT_SYSTEM`, so it is not shown in course or activity overrides because changing it there would have no effect when the capability is checked at system context.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By highest, do you mean "largest number"? Initially, I thought of "highest point, hierarchically", where CONTEXT_SYSTEM is the top of the pyramid and each "lower" level has more items (and thus more width).

Here is an idea that I had (it's not perfect, but I hope it is helpful):

When choosing contextlevel, use the most specific level where the capability can be overridden. A permission can only be managed at the chosen level or levels with a more general scope. For example, moodle/site:config uses CONTEXT_SYSTEM, so it can only be set or overridden at the system context (the widest scope). Moodle intentionally hides the capability from override screens that have a more specific scope.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[docs] Improve documentation around capability contextlevel in the docs

2 participants