[BUG FIX] [MER-4326] Suspended enrollment message - Rework

[simonchoxx]

MER-4326

Summary

This PR prevents suspended learners from being automatically re-enrolled during LMS (LTI) launch.

What changed

• Updated LTI launch enrollment flow in OliWeb.LtiController.enroll_user/3.
• Added an existing-enrollment check (filter_by_status: false) before calling Sections.enroll/3.
• If an enrollment already exists with status: :suspended, launch no longer re-enrolls the learner.
• Added a regression test in lti_controller_test.exs to verify suspended learners remain suspended after a valid LTI launch.

Why

We observed that launching from Canvas could change a suspended enrollment back to :enrolled, allowing access when it should remain blocked.

[github-actions]

Note: risk rules not loaded — micromatch is not a function

Generated by 🚫 dangerJS against 038b55d

[github-actions]

AI Review — performance

No issues found

[github-actions]

AI Review — security

Suspended enrollments are treated as successful access

file: lib/oli_web/controllers/lti_controller.ex
line: 257
Description: The new existing_enrollment branch treats %{status: :suspended} as the success path by falling through to the existing :ok body. In an LTI launch flow, a suspended enrollment should not silently pass authorization, since that can allow a previously suspended learner to continue into the section.
Suggestion: Return an explicit error/forbidden result for suspended enrollments, or perform a deliberate server-side reactivation only after checking the intended policy. For example, change this branch to return {:error, :enrollment_suspended} and handle it with an access-denied response.

[github-actions]

AI Review — elixir

Suspended learners still complete launch

file: lib/oli_web/controllers/lti_controller.ex
line: 258
Description: The new suspended-enrollment branch skips re-enrollment but falls through to the existing :ok body, so a suspended learner can still complete the LTI launch flow. In this codebase, suspended enrollment status should deny access, not just avoid changing the row.
Suggestion: Return an explicit error for the suspended branch, such as {:error, :enrollment_suspended}, and handle that error by rejecting the launch with the appropriate response.

Test does not assert launch rejection

file: test/oli_web/controllers/lti_controller_test.exs
line: 474
Description: The test discards the launch response and only verifies that the enrollment row remains suspended. That would still pass if the controller allows a suspended learner to launch successfully, which is the authorization-sensitive behavior this change affects.
Suggestion: Assert the response outcome from post/3, for example a rejected redirect/error response or flash/message, in addition to asserting the enrollment status remains :suspended.