Hey,

I am currently writing an application which I plan to sell as SaaS. Without giving away "secrets," I can say that it is basically a "document editing system" in which many users will be submitting documents.

The basic heirarchy is this:

• Institution
• Individual
• Document
• Sub-document

So each Individual should be able to BROWSE all documents that were submitted by anybody in their institution, but should only be able to EDIT documents that they created.

No individual should even be aware of the existence of another Institution--that should all be completely hidden.

I have written a Django/Python class that would facilitate this, but every document regarding authentication that I have read requires that I use the User object. Is this just a limitation of Django, or is there a way to do this?

If there is a way, how can I get my own "Individual" class details attached to the "request" objects so I can validate the things I should be showing the users?