From 38dec0544a68bd2128f290082d7bb8e4a40a7acd Mon Sep 17 00:00:00 2001
From: Andrew Nikitin <andrew.nikitin@dsr-corporation.com>
Date: Wed, 9 Jan 2019 18:27:39 +0300
Subject: [PATCH] [INDY-1916] trustee can add NYM with role NETWORK_MONITOR

Signed-off-by: Andrew Nikitin <andrew.nikitin@dsr-corporation.com>
---
 indy_common/authorize/auth_map.py                        | 6 ++++--
 indy_common/test/auth/test_auth_nym_with_new_auth_map.py | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/indy_common/authorize/auth_map.py b/indy_common/authorize/auth_map.py
index 19bcfb9a5..1506d3945 100644
--- a/indy_common/authorize/auth_map.py
+++ b/indy_common/authorize/auth_map.py
@@ -184,14 +184,16 @@
            addNewSteward.get_action_id(): AuthConstraint(TRUSTEE, 1),
            addNewTrustAnchor.get_action_id(): AuthConstraintOr([AuthConstraint(TRUSTEE, 1),
                                                                 AuthConstraint(STEWARD, 1)]),
-           addNewNetworkMonitor.get_action_id(): AuthConstraint(STEWARD, 1),
+           addNewNetworkMonitor.get_action_id(): AuthConstraintOr([AuthConstraint(STEWARD, 1),
+                                                                   AuthConstraint(TRUSTEE, 1)]),
            addNewIdentityOwner.get_action_id(): AuthConstraintOr([AuthConstraint(TRUSTEE, 1),
                                                                   AuthConstraint(STEWARD, 1),
                                                                   AuthConstraint(TRUST_ANCHOR, 1)]),
            blacklistingTrustee.get_action_id(): AuthConstraint(TRUSTEE, 1),
            blacklistingSteward.get_action_id(): AuthConstraint(TRUSTEE, 1),
            blacklistingTrustAnchor.get_action_id(): AuthConstraint(TRUSTEE, 1),
-           blacklistingNetworkMonitor.get_action_id(): AuthConstraint(STEWARD, 1),
+           blacklistingNetworkMonitor.get_action_id(): AuthConstraintOr([AuthConstraint(STEWARD, 1),
+                                                                         AuthConstraint(TRUSTEE, 1)]),
            sameRoleTrustee.get_action_id(): AuthConstraint(role='*',
                                                            sig_count=1,
                                                            need_to_be_owner=True),
diff --git a/indy_common/test/auth/test_auth_nym_with_new_auth_map.py b/indy_common/test/auth/test_auth_nym_with_new_auth_map.py
index 2eab8678f..65b970769 100644
--- a/indy_common/test/auth/test_auth_nym_with_new_auth_map.py
+++ b/indy_common/test/auth/test_auth_nym_with_new_auth_map.py
@@ -38,7 +38,7 @@ def test_make_trust_anchor(write_request_validation, req, is_owner):
 
 
 def test_make_network_monitor(write_request_validation, req, is_owner):
-    authorized = (req.identifier == "steward_identifier")
+    authorized = req.identifier in ("trustee_identifier", "steward_identifier")
     assert authorized == write_request_validation(req,
                                                   [AuthActionAdd(txn_type=NYM,
                                                                  field=ROLE,
@@ -77,7 +77,7 @@ def test_remove_trust_anchor(write_request_validation, req, is_owner):
 
 
 def test_remove_network_monitor(write_request_validation, req, is_owner):
-    authorized = (req.identifier == "steward_identifier")
+    authorized = req.identifier in ("trustee_identifier", "steward_identifier")
     assert authorized == write_request_validation(req,
                                                   [AuthActionEdit(txn_type=NYM,
                                                                   field=ROLE,