class ReviewController < ApplicationController
  before_action :authorize_reviewer, except: [:login, :auth]

  def index
    @candidates = Candidate.where(completed: true).includes(:recruiter)
  end

  def view
    @candidate = Candidate.find_by(test_hash: params[:test_hash])
    @quiz = @candidate.my_quiz
    @status = QuizStatus.new(@candidate)
  end

  def login
    redirect_to review_path unless current_reviewer.nil?
  end

  def auth
    reviewer = User.find_by(email: auth_params[:email], role: %w(admin reviewer))

    if reviewer && reviewer.authenticate(auth_params[:password])
      session[:user] = reviewer.to_i
      redirect_to review_path
    else
      redirect_to review_login_path, flash: { error: "Sorry, incorrect email or password. Please try again." }
    end
  end

  def logout
    reset_session
    redirect_to review_login_path
  end
end