Because aiohttp discourages the use of global singletons and encourages that such values be stored within the application or request themselves, I've got a bit of trouble with the current implementations of AbstractAuthorizationPolicy.permits and AbstractAuthorizationPolicy.authorized_userid. Neither provide access to the request or application scope, which I need because I'm creating/storing within the application, on startup, a connection object to my database. When those functions are called, I need to be able to access my connector in order to validate the user and check their permissions.

I could submit a pull request with changes so that those function's would receive request as their first argument, but that would break compatibility with anyone who has implemented an AbstractAuthorizationPolicy.

Can we discuss this?

Thanks.

On second thought, I see the db_auth example is passing the database connection into init, which is what I'm currently doing to work around not having access to the request/app. I'll just go with that.