Refactor access level checks into middleware

[baileytincher]

Notebook access level checks are duplicated across the body of handlers. This can be consolidated into a middleware where the handler wrapper accepts an access threshold that is permissible.