start_html($user, "UC Medicine QA", "Manage Facilities", $_REQUEST['status'], $_REQUEST['class']); try { $facility = new Facility($database, intval($_REQUEST['id'])); } catch (Exception $e) { display_error("Error: Invalid facility ID", "Please check the facility ID and try again."); display_footer(); exit; } switch ($_REQUEST['action']) { case 'new': //ensure that user has sufficient privileges to add a facility. if (!$user->isAdmin()) { display_error("Error: Insufficient privileges", "You must be an administrator to add facilities."); break; } $facility->displayEditForm("Add a facility"); break; case 'edit': if (intval($_REQUEST['id']) != $user->facility['id'] || !$user->isAdmin()) { display_error("Error: Insufficient privileges", "You are not allowed to modify this facility."); break; } $facility->displayEditForm("Modify a facility"); break; case 'show': $facility->displayProfile($user); break; default: case 'index': echo "<h1>Facilities</h1>\n"; display_facilities($user);