Hi,
We've accomplished this requirement using a pre-update data partition on the Workflow_Task object.
This constraint restricts users from approving workflow not assigned to them, unless the assignee is null OR they are part of the group assigned to the task.
Here's a constraint that should work for your requirement.
assignee = @root.id OR assignee IS NULL OR (group.[group]group_list.member IN @root.id)