Re: [xwiki-users] Bug: create/delete wiki rights from account not named "Admin"

Hi Trevor, On Mon, Aug 24, 2009 at 5:06 PM, Trevor <tr.wiki(a)telus.net> wrote: That's most probably due to a programming rights issue. In XWiki, certain pieces of code (namely Groovy code) can be executed only if the last user to have saved the document where such code is stored has programming rights. This is to prevent arbitrary code execution and privilege escalation in the wiki. If I'm correct, all you need to do after deleting the "Admin" account is to save the page where the Groovy code is stored with one of your other admins, after making sure that admin has the programming right set as true at the global level of your farm. We're aware that the way this mechanism works is not ideal in cases such as yours and we'll fix its logic at one point, but for the time being that's how things work. So it's not quite a bug but I agree there's room for improvement. As for discussing issues on the mailing lists before posting on JIRA, well, the discussion will take place in JIRA comments if it has to anyway ;-) Thanks for your feedback, Guillaume -- Guillaume Lerouge Product Manager - XWiki Skype: wikibc Twitter: glerouge http://guillaumelerouge.com/