When resetting the password, the user document XWiki.<username> is saved as superadmin.
By creating a macro on the user document before resetting the document, it will be executed with superadmin privileges. Thus it is possible to run, for example, a groovy script as a normal user.
- Create an unprivileged user.
- Add a XWiki.WikiMacroClass object with a groovy script.
- Do a password reset request for this user.
- Use the macro in any document.
Many variants can be used depending on how the user profile is configured.
Other types of objects can also be used to hold the script.