First of great plugin, this and the admin menu variant are both staples of many of my WordPress sites.
For my current project i am using the popular "Role Scoper" plugin to restrict user access to pages. i am only giving edit permission to specific pages, and they cannot publish new posts.
This works well with your plugins with regards to editing. The correct links are shown/hidden/greyed-out.
The issue is that the plugins assume publishing permissions and provided the add buttons if they have edit permissions. similarly the Ajax function doesn't check permissions.
Would it be possible to make the permissions a little more granular, with separate permission flags each with a filter hook for 'edit', 'add-inside' and 'add-after'. the add flags can default to true if they can edit as in a standard setup this is a safe assumption. So no current functionality would be effected.
but the filters would let me run my own permission checks and conditionally show/hide the 'add' features.
the same filters could be used in the ajax functions to confirm permissions.
I could hack this in but would prefer to be able to update your plugins in future, and feel this would be a great enhancement particularly for custom post types where permissions are more likely to be different.
Would be happy to submit a patch.