Since the upgrade to WordPress 3.0 things have been running fairly smoothly, but I been seeing sporadic problems with some themes no longer displaying theme options for web site administrators. The three themes in question are Mandigo, Tarski and Viala and in all cases, the superadmins for the WordPress network are able to access these theme options. That’s why this problem never showed up in our testing; we were logged in as network admins.
After doing some digging, I found the problem: a misunderstanding of the “edit_themes” capability.
Based on this discussion thread it seems that the “edit_themes” capability was intended to be given to site administrators who could actually edit the theme itself via WordPress not to grant them access to theme options.
In a single site WordPress install using the “edit_themes” capability to control theme options access works just fine, because they’re one in the same: the “site administrator” is also the same person who could edit the CSS or HTML of the template in question via the WordPress interface.
In WordPress 3.0 MultiSite however, that won’t work. You can’t let individual site administrators edit the theme files because their changes would affect everything in the network. As a result, site administrators no longer have the “edit_themes” capability; only network superadmins can do that. However themes like Mandigo, Tarski and Viala all depend on the “edit_themes” capability to display their theme options, and since site admins no longer have it, they can’t get to their site options anymore.
I’m assuming this capability change happened as part of the code merge with WP 3.0 and WP 3.0 MU, since the theme options were still accessible under 2.9.
Based on Andrea_R’s response to the thread, the fix is to change the logic so that it uses the “manage_options” capability (which site admins have) instead of “edit_themes”. Andrew Nacin, responding to my post on the wp-edu list, suggested using edit_theme_options instead. The “edit_theme_options” capability is assigned to administrators, but it offers a bit more granularity because you can assign it without giving someone acceses “manage_options”, which would allow the user to switch the site’s theme.