Currently, a customer implements a stateless microservice that is responsible to get task information and to complete tasks by using these rest endpoints:
- GET /task with additional query parameters (assignee, candidateGroups, etc)
- GET /task/{id}
- POST /task/{id}/complete
The microservice itself has only the following task-related data available for each task:
- taskId
- assignee
- candidateGroups
The microservice does not know, if the given user with their associated candidateGroups has the necessary permissions to view or complete the task. The micorservice is stateless, i.e. it does not hold sessions for the users containing assigned tasks or working queues.
Therefore, we would require the following functionality.
If the microservice calls GET /user/{userId}/assigned-tasks/{taskId} Camunda would respond
- with the requested Task data object if the requested task is assigned to the user
- Alternatively, a resource-link to /task/
{taskId} could be returned
* or with http status code 404, if the task is not assigned to the user
If the microservice calls GET /user/{userId}/assignable-tasks/{taskId}
* with the requested Task data object if the requested task is available to the user, based on the user's candidate groups
** Alternatively, a resource-link to /task/{taskId}could be returned
- Alternatively, a resource-link to /task/
{taskId} could be returned
- with http status code 401, if the task is not available to the user
- with http status code 404, if the task with the given taskId does not exist
Furthermore, if the microservice calls POST /user/{userId}/assigned-tasks/{taskId}/complete camunda would complete the task or would respond with http status code 404 , if the task is not assigned to this user.