From 435053b040741b336334ae64bb3241b06a64c162 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Thu, 7 Jan 2010 04:05:53 +0000
Subject: [PATCH] Remove certain caps for non super admins when running
 multisite. see #11644

git-svn-id: https://develop.svn.wordpress.org/trunk@12630 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/capabilities.php | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index f01f0659bc..af01ec53fc 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -949,11 +949,25 @@ function map_meta_cap( $cap, $user_id ) {
 			$caps[] = 'read_private_pages';
 		break;
 	case 'unfiltered_upload':
-		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true )
+		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true && ( !is_multisite() || is_super_admin() )  )
 			$caps[] = $cap;
 		else
 			$caps[] = 'do_not_allow';
 		break;
+	case 'unfiltered_html':
+	case 'update_plugins':
+	case 'delete_plugins':
+	case 'install_plugins':
+	case 'edit_plugins':
+	case 'update_themes':
+	case 'install_themes':
+	case 'edit_themes':
+		// If multisite these caps are allowed only for super admins.
+		if ( is_multisite() && !is_super_admin() )
+			$caps[] = 'do_not_allow';
+		else
+			$caps[] = $cap;
+		break;
 	default:
 		// If no meta caps match, return the original cap.
 		$caps[] = $cap;