Only the admin user (sudo) is allowed to send notifications to other
users. The normal users can only send notifications to themselves.
This is to prevent attackers to craft malicious notifications and send
them to other users using RPC.
Correction based on the idea of @hbrunn
- Use the 'session' class of the JS Framework (session no lounger bound
to web client)
- Test change: compare emitted & received messages based on content, not
order. Using string comparison raises false positives.
Fix a check when comparing a user count with items within a mock call.
The previous method was succeeding by pure luck because OCA test
databases contain 2 users, which happens to be the amount of items
within a mock "call_args" (it contains args + kwargs).