class Usuarios::SessionsController < Devise::SessionsController
	layout 'login'
# before_action :configure_sign_in_params, only: [:create]

	# GET /resource/sign_in
	# def new
	#   super
	# end

	# POST /resource/sign_in
	def create
		begin
			cookies[:poder] = params["usuario"]["poder"]
			usuario = Usuario.find_by(cpf: params["usuario"]["login"])
			usuario.poder = cookies[:poder] if cookies[:poder].present?
			self.resource = warden.authenticate!(auth_options)

			if usuario.tem_permisao_ao_poder? || usuario.desenvolvedor?
				set_flash_message!(:info, :signed_in)
				sign_in(resource_name, resource)
				yield resource if block_given?
				respond_with resource, location: after_sign_in_path_for(resource)
			else
				if cookies[:poder].blank? || usuario.poder.blank?
					cookies[:cpf] = params["usuario"]["login"] if params[:usuario][:login].present?
					sign_out(usuario)
					redirect_to new_usuario_session_path, alert: 'Poder inválido.'
				else
					cookies[:cpf] = params["usuario"]["login"] if params[:usuario][:login].present?
					sign_out(usuario)
					redirect_to new_usuario_session_path, alert: 'Usuário não possui nenhuma unidade com essa permissão'
				end
			end
		rescue => e
			redirect_to new_usuario_session_path, alert: 'CPF, senha ou poder inválidos.'
		end

	end

	# DELETE /resource/sign_out
	def destroy
		super
		session.clear
	end

	# protected

	# If you have extra params to permit, append them to the sanitizer.
	# def configure_sign_in_params
	#   devise_parameter_sanitizer.for(:sign_in) << :attribute
	# end
end