All of the students in our schools have Chromebooks. I have created what Google calls a kiosk Chrome app, which doesn't allow other tabs or screenshots. So if students start a test from the app they will have a reduced ability to cheat. I am now thinking about how to best implement this option so teachers know that students are using the secure app. I could make a visual element on the chrome app so that as the teacher walks around the room she will see clearly that the students are accessing the test securely. Once that has been established the teacher won't have to worry about closely monitoring the students' browser activity (mostly teachers are concerned about surreptitious tab opening to look for info).
Another option is that I can set a custom user agent string for the app. Perhaps then I could have the Moodle quiz module check the user agent before allowing an attempt. If I do that I would want to allow teachers to create "un-secure" quizzes which can be accessed through any browser and "secure" quizzes which need to be using the app. What would be the best way to create this secure quiz option? I could hack the exisitng quiz module or I could spin off a copy of the quiz module and call it "SecureQuiz".
Any other ideas?
You don't need to clone the quiz module, or hack it.
We have a sub-plugin type for exactly this sort of thing: Quiz access rules.
In core, there is a very crude one in mod/quiz/accessrule/safebrowser (that should probably be removed now). That just does a user-agent check.
A better one is here: https://github.com/moodleou/moodle-quizaccess_safeexambrowser. That does a more sophisticated check using a custom HTTP header, that has to match a hash of the requested URL.
Alternatively how do I determine the browser key? My "secure" browser is just Chrome inside a <webview> on a Chromebook in kiosk mode.
I was suggesting that you wounld need to make a new plugin, like the examples I gave, but specifically for your browser.
I see. So the existing safebrowser accessrule in core is a stub without any functionality, but if I take your git code I could modify it and make a plugin for my browser.
No, the core one is not a stub.
For historical reasons, the core accessrule plugins are not fully independent plugins. They store their data in the mdl_quiz table, since the data has always been stored there. Real plugins need to make their own DB table and my plugin on github is a good example of that.
However, if what you are doing is stimple, then the one in core might be a better model. It is a fully featured plugin. The magic is all in the get_browser_security_choices method: https://github.com/moodle/moodle/blob/master/mod/quiz/accessrule/safebrowser/rule.php#L82 (note the $CFG setting it relies on. You probably have not turned that on.)
Ahh. The setting was under experimental (I should remember to search admin settings instead of just using the menu tree). I have our Moodle set up to work with our secure browser app now.
I have to say that it is amazing that as our use of Moodle has increased and the demands/expectations that our teachers and students have for what Moodle can do have increased, Moodle continues to grow to meet all of their needs. The quiz and question modules are amazingly powerful (perhaps the most complete online assessment tool that exists).
In addition, the ability (privilege) to directly discuss and troubleshoot with you, a Core developer, is remarkable. Especially in contrast to Google Apps tech support which is random front line tech support phone jockeys looking at FAQs.
I have a blog post detailing the steps I used to get this set up for our school. Feel free to contact me for assistance if you get stuck.