I agree with Walter, I think the API should be as simple as possible and verfiying that the user exists or the user is in the candidate group should be the application/caller's responsibility not the API's.
If you throw an exception for any kind of "wrong" assignment of a task the application layer has to implement some kind of additional logic to catch this exception, it is probably the same amount of code you need to check beforehand if the assignment is valid...
But this are just my 2c...