Tim, I had to tweak only 3 lines in the quiz to "allow" 0 attempts. Moved the 'unlimited' -1, set the num attempts access rule accordingly, and set the confirm start message to pop above 0. So far seems to work as expected. May be worthwhile to add to core some time in the future. After all, between the infinite and the finite there must be something that is neither (or both).
I may be missing something, but why?
Yes, why?
Currently I can see how it may serve businesses which sell access to predefined quizzes. You set the quiz with 0 attempts so visitors can open it to see its description but not attempt. Then you override the number of attempts per user on purchase.
A better way to do that is to just use roles. Give everyone mod/quiz:view, but only give paid-up students mod/quiz:attempt.
Not necessarily better. You see, a user can purchase the same activity more than once on different occasions, which in the quiz is probably best controlled by number of attempts. What is purchased is the attempt and there is no need to muddle with roles. The quiz may offer n free/trial attempts and in some cases this n could be 0.
It's not a big issue because the quiz code already makes the hack fairly easy (thanks!). But IMO it's unnecessary to impose the constraining assumption "I allow attempts/entries therefore I exist" on the quiz and other core modules (such as the database module which could have been a nice example how an activity module could easily be set as a resource by allowing users 0 entries; implemented in the dataform). The respective DB record of the module instance, the designated DB field and the setting's UI are already there, so arguably, there is no need to add more DB records and UI clicks as in setting role permissions to achieve this simple effect.