diff --git a/frontend/src/components/common/notification.js b/frontend/src/components/common/notification.js
index 0551a11042..378087f5ba 100644
--- a/frontend/src/components/common/notification.js
+++ b/frontend/src/components/common/notification.js
@@ -158,10 +158,7 @@ class Notification extends React.Component {
           </NotificationPopover>
         }
         {this.state.isShowNotificationDialog &&
-          <UserNotificationsDialog
-            onNotificationDialogToggle={this.onNotificationDialogToggle}
-            tabItemClick={this.tabItemClick}
-          />
+          <UserNotificationsDialog onNotificationDialogToggle={this.onNotificationDialogToggle} />
         }
       </div>
     );
diff --git a/frontend/src/user-notifications.js b/frontend/src/user-notifications.js
index c2d669e967..1b05e8197b 100644
--- a/frontend/src/user-notifications.js
+++ b/frontend/src/user-notifications.js
@@ -1,16 +1,6 @@
 import React, { Fragment } from 'react';
 import PropTypes from 'prop-types';
-import {
-  Modal,
-  ModalHeader,
-  ModalBody,
-  Dropdown,
-  DropdownToggle,
-  DropdownMenu,
-  DropdownItem,
-  TabPane,
-  Nav, NavItem, NavLink, TabContent
-} from 'reactstrap';
+import { Modal, ModalHeader, ModalBody, Dropdown, DropdownToggle, DropdownMenu, DropdownItem, TabPane, Nav, NavItem, NavLink, TabContent } from 'reactstrap';
 import { Utils } from './utils/utils';
 import { gettext } from './utils/constants';
 import { seafileAPI } from './utils/seafile-api';
@@ -311,8 +301,7 @@ class UserNotificationsDialog extends React.Component {
 }
 
 UserNotificationsDialog.propTypes = {
-  onNotificationDialogToggle: PropTypes.func.isRequired,
-  tabItemClick: PropTypes.func.isRequired,
+  onNotificationDialogToggle: PropTypes.func.isRequired
 };
 
 export default UserNotificationsDialog;
diff --git a/seahub/api2/endpoints/notifications.py b/seahub/api2/endpoints/notifications.py
index dcabbabfea..2a389107f2 100644
--- a/seahub/api2/endpoints/notifications.py
+++ b/seahub/api2/endpoints/notifications.py
@@ -168,6 +168,11 @@ class NotificationView(APIView):
 
 
 class SdocNotificationsView(APIView):
+
+    authentication_classes = (TokenAuthentication, SessionAuthentication)
+    permission_classes = (IsAuthenticated,)
+    throttle_classes = (UserRateThrottle,)
+
     def get(self, request):
         """ used for get sdoc notifications
 
@@ -175,7 +180,6 @@ class SdocNotificationsView(APIView):
         1. login user.
         """
         result = {}
-
         username = request.user.username
 
         try:
@@ -185,10 +189,14 @@ class SdocNotificationsView(APIView):
             per_page = 25
             page = 1
 
+        if page < 1:
+            error_msg = 'page invalid'
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+        
         start = (page - 1) * per_page
         end = page * per_page
 
-        notice_list = SeadocNotification.objects.list_all_by_user(username, start, end)
+        notice_list = SeadocNotification.objects.list_all_by_user(username)[start:end]
         result_notices = update_sdoc_notice_detail(request, notice_list)
         notification_list = []
         for i in result_notices:
@@ -220,12 +228,6 @@ class SdocNotificationsView(APIView):
         return Response(result)
     
     def put(self, request):
-        """ currently only used for mark all notifications seen
-
-        Permission checking:
-        1. login user.
-        """
-
         username = request.user.username
         unseen_notices = SeadocNotification.objects.filter(username=username, seen=False)
         for notice in unseen_notices:
@@ -328,19 +330,22 @@ class AllNotificationsView(APIView):
             per_page = 25
             page = 1
 
+        if page < 1:
+            error_msg = 'page invalid'
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+        
         start = (page - 1) * per_page
         end = page * per_page
 
-        notice_list = UserNotification.objects.get_user_notifications(username)[start:end]
-        sdoc_notice_list = SeadocNotification.objects.list_all_by_user(username, start, end)
+        general_notice_list = UserNotification.objects.get_user_notifications(username)[start:end]
+        sdoc_notice_list = SeadocNotification.objects.list_all_by_user(username)[start:end]
 
-        result_notices = update_notice_detail(request, notice_list)
+        general_result_notices = update_notice_detail(request, general_notice_list)
         sdoc_result_notices = update_sdoc_notice_detail(request, sdoc_notice_list)
 
         notification_list = []
         sdoc_notification_list = []
-
-        for i in result_notices:
+        for i in general_result_notices:
             if i.detail is not None:
                 notice = {}
                 notice['id'] = i.id
diff --git a/seahub/seadoc/models.py b/seahub/seadoc/models.py
index 7e0f96bf14..9a304b4ec8 100644
--- a/seahub/seadoc/models.py
+++ b/seahub/seadoc/models.py
@@ -270,8 +270,8 @@ class SeadocNotificationManager(models.Manager):
     def delete_by_ids(self, doc_uuid, username, ids):
         return self.filter(doc_uuid=doc_uuid, username=username, id__in=ids).delete()
     
-    def list_all_by_user(self, username, start, end):
-        return self.filter(username=username).order_by('-created_at')[start: end]
+    def list_all_by_user(self, username):
+        return self.filter(username=username).order_by('-created_at')
     
     def remove_user_notifications(self, username):
         """"Remove all user notifications."""