Forget HATEOAS (the usual "that's not REST" objection), the problem is more fundamental -- it uses HTTP syntax but not HTTP semantics. All of those operations are not safe (in the sense of RFC 2616 Sec. 9.1.1), and some (honk horn!) are not idempotent; following HTTP semantics, none of them should be GET. And "I understood what you are asking for but won't/can't do it" is not within the meaning of the HTTP 200 response code, that's 403 or 409.
Forget HATEOAS (the usual "that's not REST" objection), the problem is more fundamental -- it uses HTTP syntax but not HTTP semantics. All of those operations are not safe (in the sense of RFC 2616 Sec. 9.1.1), and some (honk horn!) are not idempotent; following HTTP semantics, none of them should be GET. And "I understood what you are asking for but won't/can't do it" is not within the meaning of the HTTP 200 response code, that's 403 or 409.