--- a/rhodecode/controllers/admin/notifications.py	Sat Mar 02 20:25:14 2013 +0100
+++ b/rhodecode/controllers/admin/notifications.py	Sat Mar 02 20:35:49 2013 +0100
@@ -28,7 +28,7 @@
 
 from pylons import request
 from pylons import tmpl_context as c, url
-from pylons.controllers.util import redirect
+from pylons.controllers.util import redirect, abort
 
 from webhelpers.paginate import Page
 
@@ -117,7 +117,7 @@
                     Session().commit()
                     return 'ok'
         except Exception:
-            Session.rollback()
+            Session().rollback()
             log.error(traceback.format_exc())
         return 'fail'
 
@@ -139,7 +139,7 @@
                     Session().commit()
                     return 'ok'
         except Exception:
-            Session.rollback()
+            Session().rollback()
             log.error(traceback.format_exc())
         return 'fail'
 
@@ -149,8 +149,9 @@
         c.user = self.rhodecode_user
         no = Notification.get(notification_id)
 
-        owner = all(un.user.user_id == c.rhodecode_user.user_id
+        owner = any(un.user.user_id == c.rhodecode_user.user_id
                     for un in no.notifications_to_users)
+
         if no and (h.HasPermissionAny('hg.admin', 'repository.admin')() or owner):
             unotification = NotificationModel()\
                             .get_user_notification(c.user.user_id, no)
@@ -165,7 +166,7 @@
 
                 return render('admin/notifications/show_notification.html')
 
-        return redirect(url('notifications'))
+        return abort(403)
 
     def edit(self, notification_id, format='html'):
         """GET /_admin/notifications/id/edit: Form to edit an existing item"""