WordPress: [concept] Protect users in one role from users in another

gistfile1.aw

<?php

//Plugin Name: [concept] Protect users in one role from users in another
//Description: Users in custom faux-admin role 'site administrator' cannot modify default admins


	add_filter( 'map_meta_cap', 'prevent_edit_of_primary_user', 10, 4 );
	function prevent_edit_of_primary_user( $caps, $cap, $user_id, $args ) {

		if ( ! is_user_logged_in() ) return $caps;

 		//if current user is admin
 		if ( in_array( 'site_administrator', get_userdata( $user_id )->roles ) ) {

			//$args has user ids the cap is checked against
			foreach ($args as $id ) {
				
				//see if cap is being check against an administrator
				$is_administrator = in_array( 'administrator', get_userdata( $id )->roles ) ? true : false;

				//disallow certain caps when used on admins
				if ( 'edit_user' == $cap && $is_administrator )
					return false;
				if ( 'delete_users' == $cap && $is_administrator )
					return false;

			}
		}

		return $caps;			
	}

	//create our faux-admin
	add_action('init', function() {
	
				$member = add_role( 'site_administrator','Site Adminstrator', 
					array(
						'add_users' => true,
						'create_users' => true,
						'edit_users' => true,
						'edit_user' => true,
						'delete_users' => true,
						'list_users' => true,
						'edit_posts' => true,
						'publish_posts' => true,
						'delete_posts' => true,						
						'read' => true,						
					)
				);
	
	});