--- a/Allura/allura/model/notification.py
+++ b/Allura/allura/model/notification.py
@@ -17,6 +17,7 @@
 '''
 
 import logging
+from bson import ObjectId
 from datetime import datetime, timedelta
 from collections import defaultdict
 from webhelpers import feedgenerator as FG
@@ -31,6 +32,7 @@
 from ming.orm.declarative import MappedClass
 
 from allura.lib import helpers as h
+from allura.lib import security
 import allura.tasks.mail_tasks
 
 from .session import main_orm_session, project_orm_session
@@ -207,6 +209,14 @@
             prefix=config.get('forgemail.url', 'https://sourceforge.net')))
 
     def send_direct(self, user_id):
+        user = User.query.get(_id=ObjectId(user_id))
+        artifact = self.ref.artifact
+        # Don't send if user doesn't have read perms to the artifact
+        if user and artifact and \
+                not security.has_access(artifact, 'read', user)():
+            log.debug("Skipping notification - User %s doesn't have read "
+                      "access to artifact %s" % (user_id, str(self.ref_id)))
+            return
         allura.tasks.mail_tasks.sendmail.post(
             destinations=[str(user_id)],
             fromaddr=self.from_address,
@@ -220,6 +230,15 @@
     def send_digest(self, user_id, from_address, subject, notifications,
                     reply_to_address=None):
         if not notifications: return
+        # Filter out notifications for which the user doesn't have read
+        # permissions to the artifact.
+        user = User.query.get(_id=ObjectId(user_id))
+        artifact = self.ref.artifact
+        def perm_check(notification):
+            return not (user and artifact) or \
+                    security.has_access(artifact, 'read', user)()
+        notifications = filter(perm_check, notifications)
+
         if reply_to_address is None:
             reply_to_address = from_address
         text = [ 'Digest of %s' % subject ]