dm-4270 relay resource links

[PhilipDeFraties]

JIRA issue link

https://agile6.atlassian.net/browse/DM-4270

Description - what does this code do?

• Adds new endpoint /practice_resources/:id/download to act as relay for innovation resource file downloads, redirects to s3 download via presigned url. These links will now work when saved, however for non-public innovations the user will be required to first authenticate, if not already logged in, and in turn will redirect to a new resource download page (see screenshot) and will simultaneously open a new tab with the file (or in the case of a docx file will initiate the download).
• Edits practice resource file links to utilize new endpoint

Testing done - how did you test it/steps on how can another person can test it

Public Innovations:

1. Locally, as admin, nav to a practice's "Overview" edit page
2. Add files as attachments for "Problem", "Solution", and "Results"
3. Go to the "Implementation" edit page, add files for "Core", "Optional", and "Support" resources
4. View the Innovation show page for the practice
5. Verify the links for all the downloadable files work as expected, opening a new window with the downloadable file for each. Copy the url of one of the links.
6. Make sure the practice is practice.published && practice.enabled && practice.approved && practice.published

Non-public Innovations:

7. Sign out from the user profile, paste in the copied url and verify the file either opens in the browser (pdfs or image files) or sends the file to the browser's downloads (docx).
8. In the rails console, update the practice: practice.update!(is_public: false
9. paste the copied url into the browser again, verify that you are redirected to the authentication page.
10. Log in and you should be redirected to this page in the original tab (see screenshot)
11. Upon render a new tab will open with the file, for docx files the tab will briefly open and the file will download to the browsers downloads folder then close.
12. From the original tab, verify the re-download and innovation page links work as expected.

Non-published Innovations:

13. Update the practice to be un-published: `practice.update!(published: false)
14. Log out from the user profile, paste the url in the browser once more
15. Verify redirect to the home page with an unauthorized content message under the nav bar:
    
16. Log in as an admin paste the url in the browser, verify the file opens in a new tab.
17. Log out and repeat previous step after logging in as the practice user or a practice editor for the given practice.
18. While logged in view the practice page and verify the download links work as expected

Screenshots, Gifs, Videos from application (if applicable)

Link to mock-ups/mock ups (image file if you have it) (if applicable)

Acceptance criteria

• [ ]

Definition of done

• Unit tests written (if applicable)
• e2e/accessibility tests written (if applicable)
• Events are logged appropriately
• Documentation has been updated, if applicable
• A link has been provided to the originating JIRA issue
• No sensitive information (i.e. PII/credentials/internal URLs/etc.) is captured in logging, hardcoded, or specs

[bradjohnson92008]

Working as expected - great job Phil!

[camillevilla]

@PhilipDeFraties This is working well for me. Good job handling the various flavors of permissions involved and restricting attachment access appropriately. I made a small accessibility request re: "Click here" for link text. It looks like one of the practice_resource feature specs is currently failing in CI. Please also rebase in the Rails 6.1 changes from master (and Ruby 3.2.2, depending on the timing!).