diff --git a/admin/roles/explainhascapabiltiy.php b/admin/roles/explainhascapabiltiy.php
new file mode 100644
index 00000000000..6af2c13e06f
--- /dev/null
+++ b/admin/roles/explainhascapabiltiy.php
@@ -0,0 +1,172 @@
+id);
+$contexts = array();
+foreach ($contextids as $contextid) {
+ $contexts[$contextid] = get_context_instance_by_id($contextid);
+ $contexts[$contextid]->name = print_context_name($contexts[$contextid], true, true);
+}
+
+// Validate the user id.
+if ($userid) {
+ $user = $DB->get_record('user', array('id' => $userid));
+ if (!$user) {
+ print_error('nosuchuser');
+ }
+} else {
+ $frontpagecontext = get_context_instance(CONTEXT_COURSE, SITEID);
+ if (!empty($CFG->forcelogin) ||
+ ($context->contextlevel >= CONTEXT_COURSE && !in_array($frontpagecontext->id, $contextids))) {
+ print_error('cannotgetherewithoutloggingin', 'role');
+ }
+}
+
+// Check access permissions.
+require_login();
+if (!has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride',
+ 'moodle/role:override', 'moodle/role:assign'), $context)) {
+ print_error('nopermissions', '', get_string('explainpermissions'));
+}
+
+// This duplicates code in load_all_capabilities and has_capability.
+$systempath = '/' . SYSCONTEXTID;
+if ($userid == 0) {
+ if (!empty($CFG->notloggedinroleid)) {
+ $accessdata = get_role_access($CFG->notloggedinroleid);
+ $accessdata['ra'][$systempath] = array($CFG->notloggedinroleid);
+ } else {
+ $accessdata = array();
+ $accessdata['ra'] = array();
+ $accessdata['rdef'] = array();
+ $accessdata['loaded'] = array();
+ }
+} else if (isguestuser($user)) {
+ $guestrole = get_guest_role();
+ $accessdata = get_role_access($guestrole->id);
+ $accessdata['ra'][$systempath] = array($guestrole->id);
+} else {
+ load_user_accessdata($userid);
+ $accessdata = $ACCESS[$userid];
+}
+if ($context->contextlevel > CONTEXT_COURSE && !path_inaccessdata($context->path, $accessdata)) {
+ load_subcontext($userid, $context, $accessdata);
+}
+
+// Load the roles we need.
+$roleids = array();
+foreach ($accessdata['ra'] as $roleassignments) {
+ $roleids = array_merge($roleassignments, $roleids);
+}
+$roles = $DB->get_records_list('role', 'id', $roleids);
+$rolenames = array();
+foreach ($roles as $role) {
+ $rolenames[$role->id] = $role->name;
+}
+$rolenames = role_fix_names($rolenames, $context);
+
+// Make a fake role to simplify rendering the table below.
+$rolenames[0] = get_string('none');
+
+// Prepare some arrays of strings.
+$cssclasses = array(
+ CAP_INHERIT => 'inherit',
+ CAP_ALLOW => 'allow',
+ CAP_PREVENT => 'prevent',
+ CAP_PROHIBIT => 'prohibit',
+ '' => ''
+);
+$strperm = array(
+ CAP_INHERIT => get_string('inherit', 'role'),
+ CAP_ALLOW => get_string('allow', 'role'),
+ CAP_PREVENT => get_string('prevent', 'role'),
+ CAP_PROHIBIT => get_string('prohibit', 'role'),
+ '' => ''
+);
+
+// Start the output.
+print_header(get_string('explainpermissions', 'role'));
+print_heading(get_string('explainpermissions', 'role'));
+
+// Print a summary of what we are doing.
+$a = new stdClass;
+if ($userid) {
+ $a->fullname = fullname($user);
+} else {
+ $a->fullname = get_string('nobody');
+}
+$a->context = reset($contexts)->name;
+$a->capability = $capability;
+echo '' . get_string('explainpermissionsdetails', 'role', $a) . '
';
+
+// Print the table header rows.
+echo '';
+echo '';
+foreach ($contexts as $con) {
+ echo '';
+}
+echo '
';
+echo '|
';
+echo '';
+
+// Now print the bulk of the table.
+foreach ($contexts as $con) {
+ if (!empty($accessdata['ra'][$con->path])) {
+ $ras = $accessdata['ra'][$con->path];
+ } else {
+ $ras = array(0);
+ }
+ $firstcell = '' . $con->id . ' ' . $con->name . ' | ';
+ $rowclass = ' class="newcontext"';
+ foreach ($ras as $roleid) {
+ $extraclass = '';
+ if (!$roleid) {
+ $extraclass = ' noroles';
+ }
+ echo '' . $firstcell . '';
+ foreach ($contexts as $ocon) {
+ if ($roleid == 0) {
+ $perm = '';
+ } else {
+ if (isset($accessdata['rdef'][$ocon->path . ':' . $roleid][$capability])) {
+ $perm = $accessdata['rdef'][$ocon->path . ':' . $roleid][$capability];
+ } else {
+ $perm = CAP_INHERIT;
+ }
+ }
+ if ($perm === CAP_INHERIT && $ocon->id == SYSCONTEXTID) {
+ $permission = get_string('notset', 'role');
+ } else {
+ $permission = $strperm[$perm];
+ }
+ echo '' . $permission . ' | ';
+ }
+ echo '';
+ $firstcell = '';
+ $rowclass = '';
+ }
+}
+echo '
';
+
+// Finish the page.
+echo get_string('explainpermissionsinfo', 'role');
+if ($userid && $capability != 'moodle/site:doanything' &&
+ has_capability('moodle/site:doanything', $context, $userid) &&
+ !has_capability($capability, $context, $userid, false)) {
+ echo '' . get_string('explainpermissionsdoanything', 'role', $capability) . '
';
+}
+close_window_button();
+print_footer('empty');
+?>
\ No newline at end of file
diff --git a/theme/standard/styles_layout.css b/theme/standard/styles_layout.css
index fea7b495197..cd09216f8ea 100644
--- a/theme/standard/styles_layout.css
+++ b/theme/standard/styles_layout.css
@@ -1040,6 +1040,43 @@ table.rolecap .hiddenrow {
text-align:center;
}
+table.explainpermissions {
+ border: 1px solid black;
+}
+table.explainpermissions .cell {
+ border-bottom: none;
+}
+table.explainpermissions th.header,
+table.explainpermissions th.cell,
+table.explainpermissions td.cell {
+ border-left: 1px solid black;
+ border-right: 1px solid black;
+}
+table.explainpermissions .newcontext .cell,
+table.explainpermissions th.header.rolename {
+ border-top: 1px solid black;
+}
+table.explainpermissions .cell.inherit,
+table.explainpermissions .cell.noroles {
+ color: grey;
+}
+table.explainpermissions th.assignmentcontext,
+table.explainpermissions th.rolename {
+ text-align: left;
+ padding-left: 0.5em;
+}
+table.explainpermissions th.overridecontextheader {
+ text-align: right;
+ padding-right: 0.5em;
+}
+table.explainpermissions .cell.prohibit {
+ font-weight: bold;
+}
+table.explainpermissions .cell {
+ padding: 0.2em 0.5em;
+ text-align: center;
+}
+
#admin-lang .generalbox {
text-align:center;
margin:auto;