Scenario:

• Send an OPTIONS request to /group/{id}/members

Expected:

• Correct list of available operations for the members resource

Observed:

• A result similar to this example from the documentation

  {"links":[
      {"method":"GET","href":"http://localhost:8080/camunda/api/engine/engine/default/group/sales/members","rel":"self"},
      {"method":"DELETE","href":"http://localhost:8080/camunda/api/engine/engine/default/group/sales/members","rel":"delete"},
      {"method":"PUT","href":"http://localhost:8080/camunda/api/engine/engine/default/group/sales/members","rel":"create"}]
  }

  is returned. Crucially, it includes a GET method that actually does not exist. Calling it will result in 

  {"type":"NotAllowedException","message":"RESTEASY003650: No resource method found for GET, return 405 with Allow header"}

Hints:

• There are three endpoints with this issue:

  group/{id}/members
  tenant/{id}/group-members
  tenant/{id}/user-members
  

• The inclusion of GET seems to be a mistake, there appears to be no underling code to execute a GET request. 
• This could be fixed by removing GET from the response, or actually creating a GET operation for the members resource. The frontend currently has to use this request to find out which users are in a specific group: 

  user?memberOfGroup=sales&firstResult=0&maxResults=25&sortBy=userId&sortOrder=asc