class RecruiterController < ApplicationController
  before_action :authorize_recruiter, except: [:login, :auth]

  def index
    @candidates = current_recruiter.candidates
  end

  def new
    @candidate = Candidate.new
    render :form
  end

  def create
    @candidate = Candidate.create(candidate_params.merge(recruiter_id: current_recruiter.id))

    if @candidate.persisted?
      CandidateMailer.welcome(@candidate).deliver_now
      RecruiterMailer.candidate_created(@candidate).deliver_now
      redirect_to recruiter_path, flash: { notice: "Sucessfully created candidate #{@candidate.name}" }
    else
      flash[:error] = "Failed to save candidate."
      render :form
    end
  end

  def login
    redirect_to recruiter_path unless current_recruiter.nil?
  end

  def auth
    recruiter = User.find_by(email: auth_params[:email], role: %w(admin recruiter))

    if recruiter && recruiter.authenticate(auth_params[:password])
      session[:user] = recruiter.to_i
      redirect_to recruiter_path
    else
      redirect_to recruiter_login_path, flash: { error: "Sorry, incorrect email or password. Please try again." }
    end
  end

  def logout
    reset_session
    redirect_to recruiter_login_path
  end

  private

    def candidate_params
      params.require(:candidate).permit(:name, :email, :experience, :quiz_id)
    end
end