notifications: untangle notification access check This removes a broken permission check when viewing notifications (the HasRepoPermissionAny object was created, but never actually called with a repo_name argument as required). It would be non-trivial to actually implement the check, as notifications don't track their repository relationship explicitly, and even then, it's unclear why it would make sense to allow a repository admin to see notifications to other users. It was never a vulnerability, due to a subsequent (and much stricter) ownership check, which remains but has been untangled for readability. In short, this changeset is a pure refactoring, except that specifying a non-existent notification ID will now produce error 404, not 403.

[tox]
minversion = 1.8
envlist = py{26,27}-pytest

[testenv]
setenv =
    PYTHONHASHSEED = 0
deps =
    pytest: pytest
commands =
    pytest: py.test {posargs}