Moodle uses a system of "roles", "capabilities", and "contexts" to decide these things. In short, a Moodle site is divided into a number of "contexts" (one for the site as a whole, one for each course category, for each course, for each activity, etc). Each user is assigned a "role" in each of these contexts (i.e. guest, student, teacher, administrator). And each role has a number of "capabilities" assigned to it, which are the things that role is allowed to do (i.e. view a page, edit a user, create an activity, etc).
So when a user tries to view a page, Moodle looks up the page's context, determines the user's role and capabilities in that context, and then the page performs a check to make sure the user has the required capabilities before it displays anything to them.
For more info check out the documentation pages: