Consistent permission filtering in ACQ search results

Add permission checks to search result objects when calling unified
search in 'idlist' mode, consistent with the existing permission checks
for non-id-list mode.  Without this, different forms of the call return
different sets of results.

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Acq/Search.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Acq/Search.pm
index da594a2..094045f 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Acq/Search.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Acq/Search.pm
@@ -512,14 +512,10 @@ q/order_by clause must be of the long form, like:
     my $results = $e->json_query($query) or return $e->die_event;
     my @id_list = map { $_->{"id"} } (grep { $_->{"id"} } @$results);
 
-    if ($options->{"id_list"}) {
-        $conn->respond($_) foreach @id_list;
-    } else {
-        foreach(@id_list){
-            my $resp = $retriever->($e, $_, $options);
-            next if(ref($resp) ne "Fieldmapper::acq::$ret_type");
-            $conn->respond($resp);
-        }
+    foreach(@id_list){
+        my $resp = $retriever->($e, $_, $options);
+        next if(ref($resp) ne "Fieldmapper::acq::$ret_type");
+        $conn->respond($options->{"id_list"} ? $_ : $resp);
     }
 
     $e->disconnect;