I have just added a new D7 OG module to take a stab at group level create permissions.
http://drupal.org/project/og_create_perms
Create permissions are tricky, because you don't always know the group context at create time. I have worked around this by requiring the group context to be specified in the node/add url. (see og README.txt)
eg: node/add/group-content?gids_node[]=4