notifications: untangle notification access check This removes a broken permission check when viewing notifications (the HasRepoPermissionAny object was created, but never actually called with a repo_name argument as required). It would be non-trivial to actually implement the check, as notifications don't track their repository relationship explicitly, and even then, it's unclear why it would make sense to allow a repository admin to see notifications to other users. It was never a vulnerability, due to a subsequent (and much stricter) ownership check, which remains but has been untangled for readability. In short, this changeset is a pure refactoring, except that specifying a non-existent notification ID will now produce error 404, not 403.

syntax: glob
*.pyc
*.swp
*.sqlite
*.tox
*.egg-info
*.egg
*.mo
.eggs/
tarballcache/

syntax: regexp
^rcextensions
^build
^dist/
^docs/build/
^docs/_build/
^data$
^kallithea/tests/data$
^sql_dumps/
^\.settings$
^\.project$
^\.pydevproject$
^\.coverage$
^kallithea\.db$
^test\.db$
^Kallithea\.egg-info$
^my\.ini$
^fabfile.py
^\.idea$
^\.cache$