I am developing a Django web application with a set of steel design tools for structural engineers. There will be an entry database table for each design tool, and each row of each table will correspond to a specific design state that will be "resolved". Users can work exclusively or in groups. Each user must have constant access to their own work so that projects can be refined, copied and adapted, and so that reports can be created when it is convenient, usually at the end of the project, when paper documentation is required. Then the contents of the database should be available for any number of sessions occurring during periods measured in months or even years for a given project project.
When there is a group of users, as a rule, everyone associated with this design bureau is likely to be acceptable to all their shared and mutual access to each other. The application supports ongoing production activities, not innovative work in the field of intellectual property, and confidentiality within the company is in any case not the norm in the industry. However, the work must absolutely be protected from prying eyes outside the group. Ideally, each group will have one or more superusers who are allowed police membership in the group. Probably the main tool they would need would be the ability to remove a member from the group, terminating their access privileges. This will be the superuser of the user group and will not be the same as the superuser on the site side.
For convenient access, each row of each database table will be associated with a pair of project name / project name, which will be unique for the company deploying the user or group of users. Another company can easily select a duplicate project number and even choose a duplicate project name, so the distinction is exactly which database rows belong to this user (or group), you may have to track in a separate linked βlist of ownershipβ table for each user ( or groups).
Ultimately, it is expected that several hundred users (or user groups) associated with different (and often competing) companies will solve tens of thousands of design conditions for thousands of projects using these tools.
So here are my questions:
Firstly, does it make sense to try to save a lot of the Django contrib.auth code? As I understand it, contrib.auth is intended for authentication and access control, which is suitable for the blogosphere and web journalism, but it does not support small-scale access control for "content".
Secondly, is there an available template, template, example, strategy or design advice that I could apply to this problem?