I think the next steps would be to incorporate eCart for the commerce. When a user makes a purchase that will allow them access you would then update the user record or order so that on the restricted pages you will be able to query the information for the logged in user and check that they have access.
The key to this part is making sure that on a successful purchase you update the db for either the user or the order associated with the user so that you can check to see if they have made the purchase.
Please post back with any specific questions that you have about any part of this.