* Introduce a new configuration variable `ALLOWOP' with a policy flag
for each request type;
* have `BaseRequest.check' ensure that the corresponding policy flag
is set;
* export this policy switch to the template language; and
* only show widgets for the permitted operations in the web interface.
The commands still appear in the userv/SSH interface, which is a bit
gnarly.