Making ``towel.api`` multitenancy-aware

All you need is a view decorator handling the permissions and a resource
subclass which makes sure that data is only ever shown from one tenant.

from __future__ import absolute_import, unicode_literals

from functools import wraps

from django.http import HttpResponse
from django.utils.six.moves import http_client

from towel import api
from towel.utils import safe_queryset_and

def api_access(minimal):
    Decorator which ensures that the current ``request.access`` model
    provides at least ``minimal`` access.
    def _decorator(func):
        def _fn(request, *args, **kwargs):
            if not request.access:
                return HttpResponse(
                    'No access',

            if request.access.access < minimal:
                return HttpResponse(
                    'Insufficient access',

            return func(request, *args, **kwargs)
        return _fn
    return _decorator

class Resource(api.Resource):
    Resource subclass which automatically applies filtering by
    ``request.access`` to all querysets used.
    def get_query_set(self):
        return safe_queryset_and(
            super(Resource, self).get_query_set(),