Why permission must be str or Enum?

[AlexanderMartynoff]

What if more complex cases are needed?

[asvetlov]

Please describe your case

[AlexanderMartynoff]

Ok. What if I want to check for multiple privileges? For example:

@has_permission([Permission.WRITE, Permission.DELETE], context)
def do(request):
    ...

Or maybe even more complex needs - not a set of privileges, but a predicate (which can have any type). Because it may be necessary to combine privileges with AND or OR.

[asvetlov]

It is another problem.
Passing predicate to query unknown storage looks weird. Also, it overcomplicates code reading and debugging.

Django checks for single permission only: https://docs.djangoproject.com/en/2.0/topics/auth/default/#default-permissions
Pyramid does the same: https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#pyramid.request.Request.has_permission

Why aiohttp-security should overcomplicate its API?

[AlexanderMartynoff]

It will not be necessary to complicate the API - only removing the restriction on the type of permissions.

Under the predicate, I meant something like this:

@has_permission (WRITE || READ, context)
def do (request):
     ...

or

@has_permission (WRITE & DELETE, context)
def do (request):
     ...

Where:

READ, WRITE, DELETE - instances of some type (for example, Predicate), combinations using the &, || they are also predicates.

This is what I would like to do in my project, and I'm stopped only by the restriction on the type of the first argument to the has_permission function.

[asvetlov]

WRITE ^ DELETE? I feel it makes a mess.

[AlexanderMartynoff]

Sorry for long time answer. I will not argue. But I wanted to know what the mess you mean?