Tasklist API ClaimTask - User doesn't have the permission to assign another user to this task

joe_schmo · May 31, 2022, 8:16pm

Hi there,

Trying to use the mutation for claim task and assign it to another user and I receive the following response.

{
    "errors": [
        {
            "message": "User doesn't have the permission to assign another user to this task",
            "locations": [
                {
                    "line": 1,
                    "column": 10
                }
            ],
            "path": [
                "claimTask"
            ],
            "extensions": {
                "type": "TasklistRuntimeException",
                "classification": "DataFetchingException"
            }
        }
    ],
    "data": null
}

my request is

{"query": "mutation{claimTask(taskId:\"2251799813685273\", assignee:\"A.Random.User\"){name,id}}"}

I am using the pre configured demo user to authenticate to the Tasklist API with my client on the docker-compose self hosted solution. Looking at the permissions in Identity Demo should have full permissions.

What am I missing here? Is it possible to claim a task for another (assign the task) with platform 8?

davidgs · June 2, 2022, 8:06pm

HI @joe_schmo,

Just to verify, the user you are attempting to assign the task to actually exists, right?

dg

joe_schmo · June 3, 2022, 10:23am

Actually @davidgs the user does not exist, what I am doing is taking a solution that worked on C7 and migrating to C8. Worked fine in C7. I will go ahead and create the user and try again but if that was indeed the issue I would have expected to see a different error message to “User doesn’t have the permission to assign another user to this task”

joe_schmo · June 3, 2022, 11:38am

Confirming adding the user to keycloak and using identity to assign full access on the tasklist does not make any difference, still seeing the same error message.

Is this a bug? Should it be possible to delegate a task by one user to another, rather than having users claim their own tasks(which I know works)

davidgs · June 3, 2022, 1:11pm

This could be a bug, but having Keycloak in the mix with self-hosted C8 is likely a problem. Let me see if I can find an answer (or someone that can answer) for you!

Thanks!
dg

davidgs · June 3, 2022, 2:38pm

ok @joe_schmo, I’ve asked around, and the answer I’ve gotten is as follows:

Currently when you authenticate with a User in the GraphQL API we actually verify that you can only claim your own tasks. There is currently no Token-Based authentication in conjunction with Keycloak in Self-Managed. Thats probably the reason why the user gets this reponse. In SaaS this should work if tokens are being used.

Sop unfortunately at the present time you cannot do what you are trying to do. There is work going on to address this but no timeline for when it might be delivered.

dg

joe_schmo · June 5, 2022, 12:23pm

Thanks @davidgs for the feedback. So bearer token auth doesn’t work for self managed with keycloak? (I have actually observed this on another forum item I have logged 2 weeks ago) May I ask what are you guys using then with the SaaS offering that this functionality is actually working, if not keycloak?

For self-managed customers what is the recommendation to use if keycloak integration here with tasklist is the problem?

ralfpuchert · August 22, 2022, 10:01am

Hello @joe_schmo,

In the current implementation it is not allowed for an API user to change the assignee of a task.
I propose to discuss this in our team.

Best regards,
Ralf

system · January 31, 2024, 10:17am