I am new to handling user authentication, including login-session control using Python. I am using Google App Engine using Python with Webapp2 installed. I need help; please bear with me as I may be bit ignorant on the topic.
Here is what I want to do:
Basically, kind of like "facebook." Users have their list of favorite fruits with corresponding scores and comments in NDB repeated structured list. Say users can become "friends" and the friend's ID is saved in NDB friends StringListProperty, but no need to "accept" friends request, so one-way friendship is possible (i.e. user2 has user1 as friend, but user1 does not have user2 as friend) You can only view your friends' list of fruits.
For example (logically written, not in any language):
user2.favFruits = {'fruit':'apple','score':5,'comment':'always delicious!}
user1.friends = user2id
display user1.friends[1].fruitList
Currently, the URL shows uid as such: www.example.com/ViewFriendsFruits?id=user2id If anyone types that into the URL in the world, you get to user2's list of fruits page. This is what I want to avoid. I only want user1 to be able to view user2's list page since they are friends. User2 should also have the same page view as this is user2's page.
How would I handle something like this and using what? Does user1 need to be logged in? And if so, how do I manage? I don't even know what to search for an answer.
Your input will be greatly appreciated!
