You’re correct in that you should be checking for a capability. However, manage options is only given to administrators by default. You should check against a capability that both editors and administrators have such as delete_others_posts.
function restrict_admin(){
//if not administrator, kill WordPress execution and provide a message
if ( ! current_user_can( 'delete_others_posts' ) ) {
wp_die( __('You are not allowed to access this part of the site') );
}
}
add_action( 'admin_init', 'restrict_admin', 1 );
See roles and capabilities from the codex.