TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/exelearning/mod_exelearning/llms.txt
Use this file to discover all available pages before exploring further.
mod_exelearning plugin exposes 8 external functions across 7 classes, all declared in db/services.php. Every class in classes/external/ is wired to at least one function, and every declared function maps to an existing class method — there are zero orphans. Functions are split into two groups with distinct security postures: six mobile/external functions accessible to the Moodle App and token clients, and two AJAX-only admin editor functions restricted to the system context.
Function groups
Mobile / external client functions (6 functions)
These six functions are members ofMOODLE_OFFICIAL_MOBILE_SERVICE, making them accessible to the official Moodle App and any external client that holds a valid token. Each function enforces context validation, login checks, and capability checks in code.
| Function | Class::method |
|---|---|
mod_exelearning_get_exelearnings_by_courses | get_exelearnings_by_courses::execute |
mod_exelearning_view_exelearning | view_exelearning::execute |
mod_exelearning_get_exelearning_access_information | get_exelearning_access_information::execute |
mod_exelearning_get_user_attempts | get_user_attempts::execute |
mod_exelearning_get_user_grades | get_user_grades::execute |
mod_exelearning_save_track | save_track::execute |
Admin AJAX functions (2 functions)
mod_exelearning_manage_embedded_editor_action and mod_exelearning_manage_embedded_editor_status are declared with 'ajax' => true and belong to no service. They are called exclusively by the in-settings editor admin widget over AJAX and are never exposed to external token clients. Both require both moodle/site:config and mod/exelearning:manageembeddededitor in the system context, enforced in code.
Function summary
| Function | Type | Capability | Purpose |
|---|---|---|---|
mod_exelearning_get_exelearnings_by_courses | read | mod/exelearning:view | List instances in courses |
mod_exelearning_view_exelearning | write | mod/exelearning:view | Log a view (event + completion) |
mod_exelearning_get_exelearning_access_information | read | (none — intentional) | User capability flags |
mod_exelearning_get_user_attempts | read | :view (own); :viewreport (others) | User’s attempts |
mod_exelearning_get_user_grades | read | :view (own); :viewreport (others) | User’s per-iDevice grades |
mod_exelearning_save_track | write | mod/exelearning:savetrack | Submit per-iDevice scores |
Authentication
All functions use Moodle’s standard token authentication. Generate a token at Site administration → Server → Web services → Manage tokens. Pass it in every request:wstoken parameter identifies and authenticates the caller. All authorisation decisions (capabilities, context) are made server-side based on the user the token belongs to.
Common security model
Every mobile/external function follows the same server-side security posture:validate_parameters()— type-checks and sanitises all inputs before any DB access.validate_context()— establishes the module context and verifies the session is valid.require_capability()— enforces the declared capability (e.g.mod/exelearning:view) against the module context.core_user::require_active_user()—get_user_attemptsandget_user_gradesadditionally call this before reading a target user, and gate access to another user’s data behindmod/exelearning:viewreport.
moodle/site:config and mod/exelearning:manageembeddededitor.
About the empty capability on get_exelearning_access_information
db/services.php declares an empty capabilities string for mod_exelearning_get_exelearning_access_information — by design, not by omission. The function’s purpose is to report the calling user’s capabilities, so gating it on any single capability would prevent it from returning useful data for unprivileged users (a vector of false flags is the correct and expected answer). validate_context() is still enforced; there is simply no require_capability() call.
Function pages
get_exelearnings_by_courses
List mod_exelearning instances in specified courses
view_exelearning
Trigger the course_module_viewed event and update completion
get_access_information
Return the caller’s per-capability boolean flags
get_user_attempts
Return a user’s attempt history
get_user_grades
Return a user’s per-iDevice gradebook grades
save_track
Submit per-iDevice SCORM scores for the current user