Fully customized login system in Django?

I am currently writing an application which I plan to sell as SaaS. Without giving away "secrets," I can say that it is basically a "document editing system" in which many users will be submitting documents.

The basic heirarchy is this:

• Institution
• Individual
• Document
• 开发者_C百科Sub-document

So each Individual should be able to BROWSE all documents that were submitted by anybody in their institution, but should only be able to EDIT documents that they created.

No individual should even be aware of the existence of another Institution--that should all be completely hidden.

I have written a Django/Python class that would facilitate this, but every document regarding authentication that I have read requires that I use the User object. Is this just a limitation of Django, or is there a way to do this?

If there is a way, how can I get my own "Individual" class details attached to the "request" objects so I can validate the things I should be showing the users?

What you're looking for is authorization, not authentication. Django's built-in authorization system is fairly crude, as you've discovered. You'll need something like django-authority if you want a more complete solution.

The auth module is typically used to cover authentication cases. Gives you groups (Institutions), Users (Individuals) and permissions. Using these features you can perform checking if a user is a member of a group or owns a doc before allowing them to see or edit the doc.

http://docs.djangoproject.com/en/dev/topics/auth/

If you need to go beyond the typical use case, supporting LDAP for example, then you can look at writing your own authentication backend.

http://docs.djangoproject.com/en/dev/topics/auth/#other-authentication-sources

In general, if you need to attach more information to the builtin User model, you would create new model which subclasses models.Model (not User), and identify it in settings as AUTH_PROFILE_MODULE. You can get the appropriate instance of your model from a user by calling user.get_profile(). (see http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users).

This is generally useful for adding extra fields to User such as address, contact information, etc. While it would be possible to use this for your authentication needs, you'd most likely be better off using the built in groups, or a more comprehensive solution like django-authority as others have mentioned. I've included this answer only because it seems to be what you were asking for (a way to attach a class to User), but not really what you need (authorization).