Instead of assuming that the context resource in get_entities() view has
an "etype" attribute (which won't be true anymore in next changeset), we
delegate permission check to the resource object in the form of an
has_perm() method. This is step towards defining abstract interfaces for
resource classes.