GET retrieves all Customer's Routers

Given I am authenticated as System Integrator S0002
and there is a Router with hostname router01.nfon.net
and there is another Router with hostname router02.nfon.net
When I send /api/customers/K0002/routers
Then I should receive HTTP/1.1 200 OK
with following body:

{
  "href": "/api/customers/K0002/routers?_offset=0&_pagesize=16",
  "offset": 0,
  "total": 2,
  "size": 2,
  "links": [],
  "items": [{
    "href": "/api/customers/K0002/routers/1",
    "links": [],
    "data": [{
      "name": "routerId",
      "value": 1
    }, {
      "name": "hostname",
      "value": "router01.nfon.net"
    }, {
      "name": "type",
      "value": "router type"
    }, {
      "name": "comment",
      "value": "router comment"
    }]
  }, {
    "href": "/api/customers/K0002/routers/2",
    "links": [],
    "data": [{
      "name": "routerId",
      "value": 2
    }, {
      "name": "hostname",
      "value": "router02.nfon.net"
    }, {
      "name": "type",
      "value": "router type"
    }, {
      "name": "comment",
      "value": "router comment"
    }]
  }]
}

GET retrieves filtered Customer's Routers

Filtering is done on fields :

hostname
type
comment

Given I am authenticated as System Integrator S0002
and there is a Router with hostname router01.nfon.net
and there is another Router with hostname router02.nfon.net
When I send /api/customers/K0002/routers?_q=01
Then I should receive HTTP/1.1 200 OK
with following body:

{
  "href": "/api/customers/K0002/routers?_offset=0&_pagesize=16&_q=01",
  "offset": 0,
  "total": 1,
  "size": 1,
  "links": [],
  "items": [{
    "href": "/api/customers/K0002/routers/1",
    "links": [],
    "data": [{
      "name": "routerId",
      "value": 1
    }, {
      "name": "hostname",
      "value": "router01.nfon.net"
    }, {
      "name": "type",
      "value": "router type"
    }, {
      "name": "comment",
      "value": "router comment"
    }]
  }]
}

Customer can't access to Routers

Given I am authenticated as customer K0002
When I ask for my routers /api/customers/K0002/routers
Then I should receive HTTP/1.1 403 Forbidden
And Content-Type header should be
with following body:

{
  "title": "Access forbidden",
  "detail": "Required role is missing",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}

Missing Customer

Given I am authenticated as Admin
When I ask for routers for a customer that does not exist /api/customers/K404/routers
Then I should receive HTTP/1.1 404 Not Found
And Content-Type header should be
with following body:

{
  "title": "Customer not found",
  "detail": "Customer with identifier K404 has not been found",
  "described_by": "http://api.nfon.net/probs/customer-not-found"
}

System Integrator cannot access data of Router that does not belong to his Customer

Given I am authenticated as System Integrator S0002
When I send /api/customers/K0003/routers
Then I should receive HTTP/1.1 403 Forbidden
with following body

{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}

Operator cannot access data of Router that does not belong to his Customer

Given I am authenticated as Operator C0002
When I send /api/customers/K0003/routers
Then I should receive HTTP/1.1 403 Forbidden
with following body

{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}

Service Portal REST API

GET /api/customers/{customer-id}/routers