Privacy: Limit export and erasure to super admins on Multisite.

Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.

Built from https://develop.svn.wordpress.org/trunk@43085


git-svn-id: http://core.svn.wordpress.org/trunk@42914 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/capabilities.php

@@ -555,6 +555,10 @@ function map_meta_cap( $cap, $user_id ) {
 				$caps[] = 'update_core';
 			}
 			break;
+		case 'export_others_personal_data':
+		case 'erase_others_personal_data':
+			$caps[] = is_multisite() ? 'manage_network' : 'manage_options';
+			break;
 		default:
 			// Handle meta capabilities for custom post types.
 			global $post_type_meta_caps;