Feature Request: Questionlibrary.php for external questions

[Mat-Ge]

The new question library is a very useful innovation. In addition to the official STACK question library, there are more and more public STACK question collections available. Can we expand questionlibrary.php so that it can be used also for external questions?
In my case, I am Moodle admin, but I do not have access to the file system. Otherwise, I could copy external questions into the stacklibrary directory to use the nice form to have a look and possibly import external STACK questions. For this, questionlibrary.php could be modified, so that also local directories could be selected and not only the stacklibrary directory on the server.
This customization could be made available via the current method (New question -> STACK question library) or just via a link in the Admin UI.
However, I am unsure about the security of these approaches. Would this approach be a security vulnerability, if questionlibrary.php would be accessible to arbitrary xml files?

[sangwinc]

Thanks for raising this @Mat-Ge, it's on my plans to do this. My current thinking is to use moodle's "data" directory on the server. STACK already has a sub-directory for plots. That mitigates security risks to look only in directories Moodle current has read/write access to. It's also clearly defined. If we have a "stacklibrary" subdirectory there we can expand the current stacklibary code to look in there as well and list questions to users. I'm very open to specific suggestions from users. Let's keep it as simple as possible! I'm not excited about complex access controls allowing different moodle users different access etc.!

We plan to release the whole of the HELM materials as a separate git repro (using the new gitsync plugin). HELM will be a large, and valuable collection of materials I hope others will help to maintain and improve. Once we have that out, it will be time to make it very easy for people to access it.

[sangwinc]

@Mat-Ge, as you can probably see by looking in the "dev" branch @EJMFarrow has made major progress in adding support for (1) uploading whole folders and (2) uploading basic quizzes (from a JSON description).

Do you have specific proposals for how to import external questions?

One option would be for the server maintainer to place a directory structure inside the moodle data directory. That is inside $CFG->dataroot of the moodle config.php file. We already write a directory there for STACK, and we could add in a stacklibrary to that directory, for example.

For most users it would be much better to have files on their local machine, of course. I'm not sure how we could use a browser open on a STACK page, to look at local files, and then upload them. That sounds like a security headache! So, do you have very specific proposals?

Of course, the new gitsync project is designed to let users upload question .xml files on their local machine to moodle.

Indeed, does anyone else have concrete proposals of how to address this issue?

[Mat-Ge]

Thank you, @sangwinc and @EJMFarrow, for all your work.
I don't have a solution for the security aspect. My need is to get an overview of which questions are suitable for import from an XML with a lot of STACK questions. The STACK library form would be ideal for this.
Unfortunately, I haven't had a chance to study gitsync yet. Perhaps this, together with the STACK library form, would be the solution to the problem.

[sangwinc]

No problem @Mat-Ge. Gitsync will help an admin pull a repository of questions onto the server (perhaps into the "library" in the data directory), or onto your local machine. We still have to think about how this interacts with the PHP scripts, and JS in your browser, with the stacklibrary.

I can see this feature request is very useful. Of course, again it's not really a "stack thing". That is, people will want this feature for all question types.....