Index: openacs-4/packages/notifications/tcl/notifications-security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/notifications/tcl/notifications-security-procs.tcl,v
diff -u -N -r1.9 -r1.9.2.1
--- openacs-4/packages/notifications/tcl/notifications-security-procs.tcl	17 Aug 2018 13:02:43 -0000	1.9
+++ openacs-4/packages/notifications/tcl/notifications-security-procs.tcl	11 Jul 2022 12:56:05 -0000	1.9.2.1
@@ -78,11 +78,11 @@
         if {[acs_user::site_wide_admin_p -user_id $user_id]} {
             set allowed 1
         } else {
-            set sql "select user_id from notification_requests where object_id = :request_id"
-            set owner_id [db_string get_user_id $sql -default ""]
-            if {$owner_id eq $user_id} {
-                set allowed 1
-            }
+            set allowed [db_0or1row check_owner {
+                select 1 from notification_requests
+                where request_id = :request_id
+                  and user_id = :user_id
+            }]
         }
         return $allowed
     }
Index: openacs-4/packages/notifications/tcl/test/notifications-test-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/notifications/tcl/test/Attic/notifications-test-procs.tcl,v
diff -u -N -r1.1.2.13 -r1.1.2.14
--- openacs-4/packages/notifications/tcl/test/notifications-test-procs.tcl	11 Jul 2022 12:49:06 -0000	1.1.2.13
+++ openacs-4/packages/notifications/tcl/test/notifications-test-procs.tcl	11 Jul 2022 12:56:05 -0000	1.1.2.14
@@ -675,7 +675,7 @@
                      -request_id $request_id]
             aa_false "The other user '$user_id_2' cannot manage the subscription" \
                 [notification::security::can_admin_request_p \
-                     -user_id $user_id \
+                     -user_id $user_id_2 \
                      -request_id $request_id]
 
             aa_section "Can subscribe to object '$object_id'?"
@@ -741,30 +741,39 @@
 
 
         } finally {
+            aa_section "Cleanup"
             try {
                 ns_unregister_op GET __notification_security_require_admin_request
                 ns_unregister_op GET __notification_security_require_notify_object
             } on error {errmsg} {
                 aa_log "Cannot unregister test endpoints: $errmsg"
+            } on ok {d} {
+                aa_log "Removed test endpoints"
             }
             try {
                 acs::test::user::delete -user_id $user_id -delete_created_acs_objects
                 acs::test::user::delete -user_id $user_id_2 -delete_created_acs_objects
                 acs::test::user::delete -user_id $admin_id -delete_created_acs_objects
             } on error {errmsg} {
                 aa_log "Cannot delete test users: $errmsg"
+            } on ok {d} {
+                aa_log "Deleted test users"
             }
             try {
                 notification::type::delete -short_name $short_name
             } on error {errmsg} {
                 aa_log "Cannot drop notification type: $errmsg"
+            } on ok {d} {
+                aa_log "Dropped notification type"
             }
             try {
                 set contract_name "NotificationType"
                 set impl_name "notifications_test_notif_type"
                 acs_sc::impl::delete -contract_name $contract_name -impl_name $impl_name
             } on error {errmsg} {
                 aa_log "Cannot drop service contract implementation: $errmsg"
+            } on ok {d} {
+                aa_log "Deleted service contract implementation"
             }
         }
     }