class HomeController < ApplicationController skip_before_action :authenticate, only: [:index, :show, :create, :update, :destroy] def index @employees = Employee.all.order("name asc") @login_form = LoginForm.new() end def show @login_form = LoginForm.new() @login_form.emp_id = params[:emp_id] end def update @login_form = LoginForm.new() @login_form.emp_id = params[:emp_id] @login_form.password = params[:login_form][:password] @employee = Employee.login(@login_form.emp_id, @login_form.password) if @employee != nil session[:session_token] = @employee.token_session redirect_to origami_root_path else render :show, flash[:notice] => "Invalid PIN for Employee. Please try again!" end end def create @login_form = LoginForm.new() @login_form.emp_id = params[:login_form][:emp_id] @login_form.password = params[:login_form][:password] @employee = Employee.login(@login_form.emp_id, @login_form.password) if @employee != nil if @employee.role == "administrator" session[:session_token] = @employee.token_session redirect_to dashboard_path elsif @employee.role == "cashier" session[:session_token] = @employee.token_session redirect_to origami_root_path elsif @employee.role == "manager" session[:session_token] = @employee.token_session redirect_to dashboard_path elsif @employee.role == "accountant" session[:session_token] = @employee.token_session redirect_to dashboard_path else render :index end else redirect_to origami_root_path, :notice => "Username and Password dosn't match!" end end def dashboard # if @employee && @employee.role == "cashier" # # elsif @employee && @employee.role == "waiter" # elsif @employee && @employee.role == "administrator" # elsif @employee && @employee.role == "manager" # elsif @employee && @employee.role == "supervisour" # redirect_to dashboard_path # end end def destroy session[:session_token] = nil redirect_to root_path end private # Never trust parameters from the scary internet, only allow the white list through. def settings_home_params params.require(:login_form).permit(:emp_id, :password) end end