GET returns all multidigit IVR Service Key Assignments

Given I am authenticated as Customer K0002
And there is a multidigit IVR Service with service number 123 and max number of digits set to 3

and there is a Phone Extension with ID 1000
and the Key Assignment which assigns 4 to this Phone Extension
and there is another Phone Extension with ID 2000
and the Key Assignment which assigns * to this Phone Extension
and there is another Phone Extension with ID 3000
and the Key Assignment which assigns 103 to this Phone Extension

When I send /api/customers/K0002/targets/ivr-services/123/key-assignments
Then I should receive HTTP/1.1 200 OK
with following body:

{
  "href": "/api/customers/K0002/targets/ivr-services/123/key-assignments?_offset=0&_pagesize=16",
  "offset": 0,
  "total": 3,
  "size": 3,
  "links": [{
    "rel": "availableTargets",
    "href": "/api/customers/K0002/targets/ivr-services/123/key-assignments/target-available-destinations"
  }],
  "items": [{
    "href": "/api/customers/K0002/targets/ivr-services/123/key-assignments/4",
    "links": [],
    "data": [{
      "name": "number",
      "value": "4"
    }, {
      "name": "targetName",
      "value": "Extension #567"
    }]
  }, {
    "href": "/api/customers/K0002/targets/ivr-services/123/key-assignments/asterisk",
    "links": [],
    "data": [{
      "name": "number",
      "value": "*"
    }, {
      "name": "targetName",
      "value": "Extension #888"
    }]
  }, {
    "href": "/api/customers/K0002/targets/ivr-services/123/key-assignments/103",
    "links": [],
    "data": [{
      "name": "number",
      "value": "103"
    }, {
      "name": "targetName",
      "value": "Extension #999"
    }]
  }]
}

Missing Customer

Given I am authenticated as Admin
When I send /api/customers/K404/targets/ivr-services/123/key-assignments
Then I should receive HTTP/1.1 404 Not Found
with following body:

{
  "title": "Customer not found",
  "detail": "Customer with identifier K404 has not been found",
  "described_by": "http://api.nfon.net/probs/customer-not-found"
}

Customer should not be able to GET another Customer's Key Assignment

Given there is an IVR Service with service number 123
and I am authenticated as Customer K0003
When I send /api/customers/K0002/targets/ivr-services/123/key-assignments
Then I should receive HTTP/1.1 403 Forbidden
with following body:

{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0002]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}

System Integrator should not be able to retrieve the list of Key Assignments for Customer, that does not belong to him

Given I am authenticated as System Integrator S0002
When I send /api/customers/K0003/targets/ivr-services/123/key-assignments
Then I should receive HTTP/1.1 403 Forbidden

{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}

Operator should not be able to retrieve the list of Key Assignments for Customer, that does not belong to him

Given I am authenticated as Operator C0002
When I send /api/customers/K0003/targets/ivr-services/123/key-assignments
Then I should receive HTTP/1.1 403 Forbidden

{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}

Service Portal REST API

GET /api/customers/{identifier}/targets/ivr-services/{serviceNumber}/key-assignments