break; } elseif (isset($_POST['sqlState']) && isset($_POST['capturemode']) && $_GET['capturemode'] == 'updatemode') { $extObject = $extractor->reloadData($_POST); $view_controller->reDirect($_GET, $extObject); break; } else { $view_controller->reDirect($_GET); break; } // end of admin module break; case 'hr': $view_controller = new EmpViewController(); if (isset($_POST['delState']) && $_POST['delState'] == 'DeleteMode' && $locRights['delete']) { $arrList[0] = $_POST['chkLocID']; $view_controller->delParser(trim($_GET['reqcode']), $arrList); } if (isset($_GET['VIEW']) && $_GET['VIEW'] == 'MAIN' && $locRights['view']) { if ($_SESSION['isAdmin'] == 'No' && !$_SESSION['isSupervisor']) { die('You are not authorized to view this page'); } $view_controller->viewList($_GET, $_POST); break; } $authorize = new authorize($_SESSION['empID'], $_SESSION['isAdmin']); $supervisor = false; /* Set permission to the employee information view for non admins */ if (isset($_GET['reqcode']) && $_GET['reqcode'] === "EMP" && !$authorize->isAdmin()) { /* Supervisors can only access their subordinates */ if ($authorize->isSupervisor()) { /* Don't allow if trying to view own details or trying to view details of non-subordinate