Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Quiz web services

From MoodleDocs
Revision as of 12:07, 24 July 2008 by Jordi Boggiano (talk | contribs) (New page: == Summary / Purpose == The Quiz web services would allow an external application to retrieve some quiz's questions (and attempt(s) optionally) for an user. The original idea behind this ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Summary / Purpose

The Quiz web services would allow an external application to retrieve some quiz's questions (and attempt(s) optionally) for an user. The original idea behind this is to be able to build a flash application that would build the quiz dynamically depending on what data moodle sends it, however it might have other applications, since it would allow any application to request questions from moodle in any export format available.

API

get_questions(format, quiz_id [, user_id [, attempt_id ]])

Examples

get_questions(xml, 3)

Returns all questions for quiz#3 and no attempts, or the latest attempt of the user making the request (if we can authenticate him)

get_questions(xml, 3, 0)

Returns all questions for quiz#3 and no attempt

get_questions(xml, 3, 2)

Returns all questions for quiz#3 and the latest attempt for user#2

get_questions(xml, 3, 2, 4)

Returns all questions for quiz#3 and the attempt#4 for user#2

get_questions(xml, 3, 2, -3)

Returns all questions for quiz#3 and the 3 last attempts of user#2

get_questions(xml, 3, 2, 0)

Returns all questions for quiz#3 and all attempts of user#2

  • Note: I am not sure how important are the other attempts (apart from the last one), but since they are saved I assume they have some relevance to someone so having a way to access them can't hurt.

Security Concerns

Access to answers should be restricted to the current user, otherwise someone could gain access to answers of other people, which would allow cheating and possible access to answers that contain private data.

Therefore, unless someone can be authenticated as an admin, he probably shouldn't have access to any attempt except his, and if the user has no authentication whatsoever, I am not sure what should happen ? Is it okay to send the question data ? I guess that depends on the context.

I am not certain how authentication is handled at the moment in other web services, I guess it can be a problem depending on where the request is coming from.. I know that with flash it is not a problem because if the browser has a cookie for your domain, it will send it with the request and moodle can authentify the user with that.

Implementation Details

  • I am not sure whether this should reside within /mod/quiz or /questions, since it uses a bit of both.
  • The export format, which is a parameter in the API, would ideally be one of the various export format that questions support. In our case we need AMS QTI2, and that standard can handle "attempts" data, but I'm not sure about other formats, nor if we should re-use the questions's export formats or just build new ones from scratch to support all of this, since the question stuff doesn't support attempts and we can't really modify it to do so because questions are exported without attempts data in moodle's admin section.
Retrieved from "https://docs.moodle.org/dev/index.php?title=Quiz_web_services&oldid=10239"
Powered by MediaWiki