Yesterday I wanted to start full conversion of modules to new roles, mainly remove isteacher(), isguest(), iseditingteacher() and isstudent(). I stopped sooner than expected. Here is the list of problems we should solve before going ahead with roles conversion.

Guest access

Originally we used require_login() and isguest() combination. require_login() to be discussed later.

Access without login

moodle/site:doanything capability trouble

moodle/site:doanything was supposed to allow admin to do anything. The problem is that we have also negative capabilities - for example moodle/legacy:guest prevents people from doing something.

Possible solutions

1. remove moodle/site:doanything and set sensible defaults for admin role, this might need other changes in code (big change)
2. make all roles positive - moodle/site:nonguest? (maintenance problems in future)
3. add positive/negative marker to each role and change doanything overriding to check it
4. sprinkle the code with or hascapability('moodle/site:doanything')
5. did I forget anything?