How can I display customizer’s “Additional CSS” to administrators and editors (in multisite)?

In Multisite, Core only allows super admins to edit CSS by default. One of the reasons is that there are some security edge cases, especially in older browsers.

To allow site admins, you’ll need to grant them the edit_css capability. It sounds like you tried to do that with your plugin, but without seeing the code there’s no way to troubleshoot that. You could edit your question to include a minimal reproducible example if you’d like help with that.

Here’s an example of how Jetpack does it:

/**
 * Re-map the Edit CSS capability.
 *
 * Core, by default, restricts this to users that have `unfiltered_html` which
 * would make the feature unusable in multi-site by non-super-admins, due to Core
 * not shipping any solid sanitization.
 *
 * We're expanding who can use it, and then conditionally applying CSSTidy
 * sanitization to users that do not have the `unfiltered_html` capability.
 *
 * @param array  $caps Returns the user's actual capabilities.
 * @param string $cap  Capability name.
 *
 * @return array $caps
 */
public static function map_meta_cap( $caps, $cap ) {
    if ( 'edit_css' === $cap ) {
        $caps = array( 'edit_theme_options' );
    }
    return $caps;
}

To mitigate those security problems, you can sanitize the CSS when it’s saved. An example of that is how WordCamp.org does it. For more details you can see Sanitize User Entered CSS.

Related Posts:

  1. Is there way to rename user role name without plugin?
  2. How to create a clone role in wordpress
  3. How to add a Capability to a User Role?
  4. How can I get a list of users by their role?
  5. How do I make a draft post accessible to everyone?
  6. Reset default roles and capabilities
  7. add_role() run only once?
  8. Allow roles below admin to add subscribers only
  9. Temporarily give ‘manage_options’ capability
  10. Hide specific admin users’ posts
  11. Allow authors to edit only certain users
  12. How to update role capabilities
  13. Do custom user roles have any default capabilities?
  14. How to programmatically add a user to a role?
  15. how to add custom user capabilities using add_user_meta or something else?
  16. Allow user to Publish, but not Edit or Delete
  17. Email notification for editors only
  18. Shold I manually add ‘cap’ to admin role ?
  19. Allow users to publish child pages of the pages they have access to edit
  20. New Roles and Capabilities in WordPress
  21. Why is wp-login redirecting to the home page when I use this function?
  22. Allow contributor to view own scheduled post
  23. How to prevent users with “edit_others_posts” capability from editing admin posts
  24. Author Role – Allow editing of Gallery images
  25. What is the difference between “create_users” and “add_users” capabilities?
  26. How to get all users with Author role capabilities?
  27. How to check if a role has a specific capability
  28. Locking Down WordPress Application Password Permissions / Capabilities
  29. Prevent custom user role to add new pages
  30. Allow user to edit specific user with meta key using map_meta_cap
  31. How to remove sticky post capability for a specific user role?
  32. Let new user role to ‘edit_others_posts’ of other user role, not of its own type
  33. How can I have different groups of editors only allowed to edit certain parent+subpages?
  34. The delete_posts capability?
  35. How to restrict access to specific pages on the back-end?
  36. Capabilites not working [closed]
  37. add_menu_page() for more than one user role
  38. Remove wordpress author’s capability to moderate comments on their own posts
  39. Can you set a role as author?
  40. Prevent Editors from Editing/Deleting Admin Accounts
  41. Where are the WordPress capabilities stored?
  42. Adding Capabilities to a WordPress User Account
  43. Adding an additional role to an Administrator
  44. Custom user roles for access to specific parts of the site
  45. Pending status by default for a specific role
  46. How do I restrict user access to plugins?
  47. My subscriber has the “edit comment” capability but can’t edit comment
  48. Show metabox for a special role
  49. User Role Capabilities for WordPress Gutenberg Blocks
  50. Subscriber (with read permissions) cannot view Private posts
  51. How can I add a custom role capability to use in a custom plugin?
  52. bbPress plugin moderator roles
  53. Allowing user to edit posts based on the post status
  54. Custom capabilities to add, edit, remove users of a particular role only?
  55. Stop users of author role from editing already pending posts
  56. add_role user capability not working
  57. Purpose of Adding Capability to Role But Not Grant?
  58. How can I promote a user to a network administrator?
  59. Reset Roles (or undo role changes on theme change)
  60. How to get a users list by who created them?
  61. Authorize users for specific pages and/or categories
  62. Custom Capabilities for CPT and Problem with current_user_can()
  63. Custom wordpress admin page/url “You do not have sufficient permissions to access this page.”
  64. Hiding custom theme functionality using capabilities
  65. user_can() not working for comment authors
  66. Which capabilities are available in Gravity Forms Salesforce plugin? [closed]
  67. How to write conditions based on user capabilities not on user role?
  68. What Capability is required to let a role RUN code in Edit Theme?
  69. Want to know parameters that can be passed to user_can() for access control by user capabilities
  70. Create sub-administrator role that can do everything except use or see the code editor
  71. Can we hook the Customizer on a post or page on the front of the site?
  72. Let editors view post in admin but not be able to perform a save/edit
  73. Capabilities don’t add
  74. Require Capability to View Woocommerce Product
  75. User role editor – Add download files capability
  76. Why can my subscribers create new posts for review?
  77. How can I check if a visitor can read a post?
  78. How to query users to count all with a custom capability and limit it to a set of roles?
  79. Adding all custom capabilities to admin
  80. User role and capablities only for 1 plugin
  81. How to give plugin access to specific role(s)
  82. current_user_can( ‘edit_user’ ) does not work
  83. How to restrict subscriber editing other posts but read specific posts in backend
  84. Create role that can edit some user details, but not the role
  85. How can I add capability to multiple roles?
  86. Role and Capabilities: How do I allow user role to access theme options without enabling ‘manage_options’?
  87. Custom Gutenberg Block and unfiltered_html capability
  88. Best practices to handle multilpe roles and capabilities?
  89. Enable plugins for a specific user role
  90. Check what capabilitie(s) an action requires
  91. Give a user role capability to create orders for clients
  92. Why does user_can return false for a capability during plugin deactivation?
  93. Force “submit for review” on update?
  94. Users can only save their draft once before saving for revision
  95. Hide user fields based off capability
  96. Author capabilities: Deleting comments on their own published posts
  97. Need to create admin user without capability to create user
  98. How do I make a draft post accessible to everyone?
  99. Grant access to admin menu?
  100. How might I enable a user to view Draft pages from a different Author, without the ability to edit?