From 43bfa1a30092aee8f00b31338374edb6c63a2f55 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 7 Jan 2010 04:05:53 +0000
Subject: [PATCH] Remove certain caps for non super admins when running
 multisite. see #11644

git-svn-id: http://svn.automattic.com/wordpress/trunk@12630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/capabilities.php | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index f01f0659b..af01ec53f 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -949,11 +949,25 @@ function map_meta_cap( $cap, $user_id ) {
 			$caps[] = 'read_private_pages';
 		break;
 	case 'unfiltered_upload':
-		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true )
+		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true && ( !is_multisite() || is_super_admin() )  )
 			$caps[] = $cap;
 		else
 			$caps[] = 'do_not_allow';
 		break;
+	case 'unfiltered_html':
+	case 'update_plugins':
+	case 'delete_plugins':
+	case 'install_plugins':
+	case 'edit_plugins':
+	case 'update_themes':
+	case 'install_themes':
+	case 'edit_themes':
+		// If multisite these caps are allowed only for super admins.
+		if ( is_multisite() && !is_super_admin() )
+			$caps[] = 'do_not_allow';
+		else
+			$caps[] = $cap;
+		break;
 	default:
 		// If no meta caps match, return the original cap.
 		$caps[] = $cap;