FOUR-17569: Fix users without super admin privileges can reassign tasks

[estebangallego]

Issue & Reproduction Steps

Users without super admin privileges can reassign tasks to any other user in the application, regardless of restrictions.

Steps to Reproduce:

1. Create a process with two tasks (e.g., "First Task" and "Second Task").
2. Set the "Second Task" to allow reassignment.
3. In the assignment type, select “Users/Groups.”
4. Select a single user (non-super admin) for "Assigned Users/Groups" (referred to as User B).
5. Start a new case and route the "First Task" to the "Second Task."
6. In another browser/incognito window, log in as User B (a standard, non-super admin user).
7. Open the recently routed case (in "Second Task").
8. Click on the "Reassign" option on the right side.

Current Behavior:

At this point, User B can reassign the task to any user, regardless of their role or the set assignment restrictions.

Expected Behavior:

• If the user B is the only one assigned to the task, the reassignment button should not appear.
• If multiple users are assigned, the user should only be able to reassign the task to users within the pool of eligible users.
• If a group or groups are assigned, only users within those groups should be eligible for reassignment.
• If no group or users are assigned or if the user is an admin, only then all users will be eligible for reassignment.

Reassignment should respect the set pool of applicable users of groups, ensuring that standard users do not have unrestricted reassignment privileges.

How to Test

Please follow the reproduction steps and make sure that the Expected Behavior is met.

Related Tickets & Packages

• Ticket: FOUR-17569
• ci:release-2024-summer
• ci:deploy

Code Review Checklist

• I have pulled this code locally and tested it on my instance, along with any associated packages.
• This code adheres to ProcessMaker Coding Guidelines.
• This code includes a unit test or an E2E test that tests its functionality, or is covered by an existing test.
• This solution fixes the bug reported in the original ticket.
• This solution does not alter the expected output of a component in a way that would break existing Processes.
• This solution does not implement any breaking changes that would invalidate documentation or cause existing Processes to fail.
• This solution has been tested with enterprise packages that rely on its functionality and does not introduce bugs in those packages.
• This code does not duplicate functionality that already exists in the framework or in ProcessMaker.
• This ticket conforms to the PRD associated with this part of ProcessMaker.

[tokensPM]

QA server K8S was successfully deployed https://ci-b5aa2d16d8.engk8s.processmaker.net

[tokensPM]

QA server K8S was successfully deployed https://ci-b5aa2d16d8.engk8s.processmaker.net

[tokensPM]

QA server K8S was successfully deployed https://ci-b5aa2d16d8.engk8s.processmaker.net

[tokensPM]

QA server K8S was successfully deployed https://ci-b5aa2d16d8.engk8s.processmaker.net

[tokensPM]

QA server K8S was successfully deployed https://ci-b5aa2d16d8.engk8s.processmaker.net