Can I store lists of permissions from Facebook etc?

I'm building an app, and I want to allow users to integrate it with various social platforms. One of the things users can do is post a link to something they created on our site to their Facebook wall. We want to let them specify who can see whatever they post. I think this can be done but using the Facebook dialog, yes? So they can check the names of people who should be allowed to see the link and then follow it to our site.

However, this is fine from the point of view of seeing it on their wall, but we don't necessarily want other people to stumble onto it by accident, or to share it with other people. For this reason, we want to make sure that the person looking at the stuff on our site is a friend of the person who created it.

My understanding is that we can't store friends IDs if they haven't authorised our app. Can we store the id of the post in a way that lets us figure out the friends IDs from that? E.g. user makes post 5678, and specifies that people A, B and C can see it; we store 5678 and then, as it's needed, we request that post from Facebook, check whether the user trying to view the content is either A, B or C开发者_JS百科 and then act accordingly?

Will that work?

Or is there a better way of doing it?

Thanks!