fix: update permissions for institutional managers

src/Services/PermissionsManager.php

@@ -197,6 +197,11 @@ private function currentUserHasAccess(string $currentPageParam, array $allowedBo
             }
         }
 
+        // Prevent institutional managers from editing pages on the root site
+        if ($currentBlogId === 1 && ($pagenow === 'edit.php' || $pagenow === 'post.php')) {
+            $isAccessAllowed = false;
+        }
+
         return $isAccessAllowed;
     }
 }

src/Support/helpers.php

@@ -69,7 +69,8 @@ function get_allowed_pages(): array
         'users.php',
         'export-personal-data.php',
         'erase-personal-data.php',
-        'options-privacy.php'
+        'options-privacy.php',
+        'site-new.php'
     ];
 }