I'm trying to allow a certain group of "admin" users the ability to release and redirect a worklist item from one user to another via the API and aspx forms. The scenario is a user is out of town or otherwise unavailable, so an "admin" user needs to redirect a worklist item to another user so the process can continue. Currently, my code looks like this:
public static void RedirectWorklistItem(string serialNumber, string assigneeFQN)
{
try
{
using (Connection wfConn = new Connection())
{
wfConn.Open(BlackPearlSettings.WorkflowServerConnectionString);
wfConn.ImpersonateUser(BlackPearl.GetCurrentUser());
WorklistItem worklistItem = wfConn.OpenWorklistItem(serialNumber);
if (worklistItem == null)
{
throw new ArgumentException("Invalid serial number provided.");
}
worklistItem.Release();
worklistItem.Redirect(assigneeFQN);
}
}
catch (Exception ex)
{
_log.Error("BlackPearl.RedirectWorklistItem() failed", ex);
throw new Exception("Could not redirect worklist item", ex);
}
}
Currently, a user can release and redirect their own worklist items but this doesn't do me any good. When an "admin" user runs this code, I get an exception on the worklistItem.Release() call:
26033 Worklist item 379 Not Open for K2:domainuser at
I can release/redirect items through the management console, but I'd rather not give that tool to the "admin" users if I don't have to. Is there a set of process permission or impersonation I can do that will accomplish this?