This weekend I worked on the permissions and have implemented most of the internal functionality. In order to make the menus more flexible, and to be able to add permissions and dynamic menus in, I moved the menu items to the database.
Each menu item has a list of permissions associated with it, and if your role contains any of those permissions, then you can see that menu item. This makes it easier for extensions later on to be able to add menu items and permissions to the system, and makes Project HQ that little more flexible. Thanks to SQLAlchemy, implementing this was a cinch.
I also updated the websetup.py file to add 2 roles and another new user, in addition to the list of permissions. The new user is a guest user, with read-only permissions. The roles are "Administrator" and "Guest". Now, when you initially set up the application, it will create a whole bunch of permissions, create an Administrator role, a Guest role, an Administrator user and a Guest user, and assign the various permissions to the roles and the roles to the corresponding users.
When you login now, only the menus associated with your user's role(s) will appear. The next step is to drill down into each page, and show/hide the various links.
I've committed everything to the subversion repository.
