From bc4d77917a321f357b1ed6454ab35c1faad59866 Mon Sep 17 00:00:00 2001
From: Andrew Nikitin <andrew.nikitin@dsr-corporation.com>
Date: Fri, 1 Feb 2019 12:05:05 +0300
Subject: [PATCH] [INDY-1963] devide owner erros by txn type

Signed-off-by: Andrew Nikitin <andrew.nikitin@dsr-corporation.com>
---
 indy_common/authorize/authorizer.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/indy_common/authorize/authorizer.py b/indy_common/authorize/authorizer.py
index 0715459c3..b02e60e32 100644
--- a/indy_common/authorize/authorizer.py
+++ b/indy_common/authorize/authorizer.py
@@ -4,6 +4,7 @@
 from indy_common.authorize.auth_constraints import AbstractAuthConstraint, AuthConstraint, ROLE_CONSTRAINT_ID, \
     AuthConstraintAnd
 from indy_common.authorize.helper import get_named_role
+from indy_common.constants import NYM, CLAIM_DEF
 from indy_common.types import Request
 from indy_node.persistence.idr_cache import IdrCache
 
@@ -81,8 +82,13 @@ def authorize(self,
         if not self.is_sig_count_accepted(request, auth_constraint):
             return False, "Not enough signatures"
         if not self.is_owner_accepted(auth_constraint, auth_action):
-            return False, "{} can not touch verkey field since only the owner can modify it".\
-                format(self.get_named_role_from_req(request))
+            if auth_action.txn_type == NYM:
+                return False, "{} can not touch verkey field since only the owner can modify it".\
+                    format(self.get_named_role_from_req(request))
+            if auth_action.txn_type == CLAIM_DEF:
+                return False, "{} can not edit CLAIM_DEF txn since only owner can modify it".\
+                    format(self.get_named_role_from_req(request))
+            return "Actor must be owner"
         return True, ""