That's a good starting point Tim!
What I'm just thinking is a new setting, per activity, that could be included by any activity interested in providing some access rules, those already defined for quiz.
In case of SCORM, the implementation of this setting could mean:
- avoid the access to the main entry to the content, preventing the user to see the TOC of the SCORM course or;
- avoid deliverying the content, allowing users to see the TOC of the SCORM course without having the possibility to see the content, where all the quiz logics are defined - SCORM == HTML app talking with the LMS using a Data Model via JS calls.
While the implementation of the "deny action" is pretty simple regardless the selected option above, it could be "less" easy to provide a new general activity setting to configure the access rules. Spare time permitted I'll dive into the code, maybe to propose something for 2.6.