What if more complex cases are needed?

Please describe your case

Ok. What if I want to check for multiple privileges? For example:

@has_permission([Permission.WRITE, Permission.DELETE], context)
def do(request):
    ...

Or maybe even more complex needs - not a set of privileges, but a predicate (which can have any type). Because it may be necessary to combine privileges with AND or OR.

It is another problem.
Passing predicate to query unknown storage looks weird. Also, it overcomplicates code reading and debugging.

Django checks for single permission only: https://docs.djangoproject.com/en/2.0/topics/auth/default/#default-permissions
Pyramid does the same: https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#pyramid.request.Request.has_permission

Why aiohttp-security should overcomplicate its API?

It will not be necessary to complicate the API - only removing the restriction on the type of permissions.

Under the predicate, I meant something like this:

@has_permission (WRITE || READ, context)
def do (request):
     ...

or

@has_permission (WRITE & DELETE, context)
def do (request):
     ...

Where:

READ, WRITE, DELETE - instances of some type (for example, Predicate), combinations using the &, || they are also predicates.

This is what I would like to do in my project, and I'm stopped only by the restriction on the type of the first argument to the has_permission function.

WRITE ^ DELETE? I feel it makes a mess.

Sorry for long time answer. I will not argue. But I wanted to know what the mess you mean?