notebook is a lib and should not be blocked, as a user without notebook perm won't be able to use any editors.
It would be recommended to validate if the user has the notebook perm on the notebook view itself on https://github.com/cloudera/hue/blob/master/desktop/libs/notebook/src/notebook/views.py#L69
HUE-8087 [notebook] User with least privileges can access notebook app via URL
Review Request #12660 - Created March 16, 2018 and submitted
|enricoberti, jgauthier, johan, ranade, romain, weixia, yingc|
commit dfbf75907ade6272a78f816c2c2d2988182ed1db Author: Roohi <firstname.lastname@example.org> Date: Fri Mar 16 12:08:08 2018 -0700 HUE-8087 [notebook] User with least privileges can access notebook app via URL :100644 100644 23b6b93536... fd2bc158f7... M desktop/core/src/desktop/middleware.py