class HomeController < ApplicationController
  skip_before_action :authenticate, only: [:index, :create, :destroy]

  def index
    @login_form = LoginForm.new()
  end

  def create
    @login_form = LoginForm.new()
    @login_form.emp_id = params[:login_form][:emp_id]
    @login_form.password = params[:login_form][:password]
    @employee = Employee.login(@login_form.emp_id, @login_form.password)

    if @employee != nil
      if @employee.role == "administrator"
        session[:session_token] = @employee.token_session
        redirect_to dashboard_path
      elsif @employee.role == "cashier"
        session[:session_token] = @employee.token_session
        redirect_to origami_root_path
      elsif @employee.role == "manager"
        session[:session_token] = @employee.token_session
        redirect_to dashboard_path
      elsif @employee.role == "accountant"
        session[:session_token] = @employee.token_session
        redirect_to dashboard_path
      else
         render :index
      end
    else 
      redirect_to origami_root_path, :notice => "Username and Password dosn't match!"
    end 

  end

  def dashboard
    # if @employee && @employee.role == "cashier"
    #
    # elsif  @employee && @employee.role == "waiter"
    # elsif  @employee && @employee.role == "administrator"
    # elsif  @employee && @employee.role == "manager"
    # elsif  @employee && @employee.role == "supervisour"
    #   redirect_to dashboard_path
    # end
  end

  def destroy
    session[:session_token] = nil
    redirect_to root_path
  end

  private
  # Never trust parameters from the scary internet, only allow the white list through.
  def settings_home_params
    params.require(:login_form).permit(:emp_id, :password)
  end
end