Issue Summary

As a user I see a notification on the PR inbox however clicking on the inbox icon shows no new messages neither under "Reviewing" nor "Created".

Expected Results

The notification should no longer be displayed

Actual Results

Notifications are displayed for PRs the user has no access to

Steps to Reproduce

1. Added a few users to Bitbucket.
2. Granted access to these users into a repo.
3. Created a PR from that repo and made sure that these users are added as participants.
4. Users should see the notification icon and go to PR.
5. Revoked the access permission for those users at the repository level.
6. Confirmed that users are still able to view the PR notifications but nothing shows up under the "Reviewing" or "Created" tab.

Notes

This basically happens because this user was set as a participant in a PR and he no more have permission to access that repository.

Workaround

The following query can be used to list all participants in pull requests, later it is just needed to filter by the username then validate which project the user has permission to access. It is not a straightforward approach but it should help:

SELECT
  pro1.project_key AS from_proj_key,
  pro1.name    AS from_proj_name,
  rep1.name    AS from_repo_name,
  rep1.slug    AS from_repo_slug,
  pro2.project_key AS to_proj_key,
  pro2.name    AS to_proj_name,
  rep2.name    AS to_repo_name,
  rep2.slug    AS to_repo_slug,
  pr.id      AS pull_request_id,
  pr.title     AS pull_request_title,
  usr.name     AS participant_name
FROM sta_pr_participant part
INNER JOIN sta_pull_request AS pr  ON part.pr_id = pr.id
INNER JOIN sta_normal_user AS usr ON part.user_id = usr.user_id
INNER JOIN repository    AS rep1 ON pr.from_repository_id = rep1.id
INNER JOIN repository    AS rep2 ON pr.to_repository_id = rep2.id
INNER JOIN project     AS pro1 ON rep1.project_id = pro1.id
INNER JOIN project     AS pro2 ON rep2.project_id = pro2.id limit 3;