diff -ud mediawiki-1.5.5/includes/CategoryPage.php mediawiki-test/includes/CategoryPage.php
--- mediawiki-1.5.5/includes/CategoryPage.php	2005-07-14 08:45:51.000000000 +0300
+++ mediawiki-test/includes/CategoryPage.php	2006-01-17 01:15:07.000000000 +0200
@@ -115,6 +115,11 @@
 			
 			$title = Title::makeTitle( $x->page_namespace, $x->page_title );
 			
+			# If this page is inside a restricted namespace, skip the result...
+			if(!$wgUser->canAccessNamespace($title->getNamespace())) {
+				continue;
+			}
+
 			if( $title->getNamespace() == NS_CATEGORY ) {
 				// Subcategory; strip the 'Category' namespace from the link text.
 				array_push( $children, $sk->makeKnownLinkObj( $title, $wgContLang->convertHtml( $title->getText() ) ) );
diff -ud mediawiki-1.5.5/includes/DefaultSettings.php mediawiki-test/includes/DefaultSettings.php
--- mediawiki-1.5.5/includes/DefaultSettings.php	2006-01-06 01:18:53.000000000 +0200
+++ mediawiki-test/includes/DefaultSettings.php	2006-01-17 01:15:07.000000000 +0200
@@ -1354,6 +1354,96 @@
 #	      );
 $wgExtraNamespaces = NULL;
 
+ /**
+ * Hidden namespaces. If you include a namespace in this array, only users with
+ * the matching priviledges will be able to see and edit pages in this
+ * namespace.
+ * 
+ * The form is " namespace => 'priviledge' " e.g.
+ *
+ * $wgRestrictedNamespaces =
+ *	array(100 => 'coolguy',
+ *		 101 => 'coolguy'
+ *	        );
+ *
+ * where 100 is the namespace id and 'coolguy' is the priviledge.
+ *
+ * Each priv. is a string in an array, you can add as many as you like 
+ * in the $wgGroupPermitions array e.g.
+ *
+ *$wgGroupPermissions['allowed']['coolguy'] = true;
+ *
+ * In this example you asigned the 'coolguy' priviledge to the 'allowed' group.
+ *
+ */
+$wgRestrictedNamespaces = NULL;
+
+/**
+ * In case you want only to deny the edit right on a namespace, you may put it
+ * in this array. You also need to asign the 'roread' right to the usergroup you 
+ * want to be able to read and the 'roedit' right to the usergroup you want to be
+ * able to edit. Read only namespaces are not hiden (nor their logs etc).
+ *
+ * Example: $wgReadOnlyNSes = array(100,101);
+ *
+ */
+$wgReadOnlyNSes = NULL;
+
+/**
+ * In case you have categories of pages located on a restricted namespaces
+ * those categories will appear empty and might be comfusing. Setting this
+ * var to true, (all) categories will be hidden in the Recent changes.
+ */
+$wgHideCategoriesinRC = false;
+
+/**
+ * Logs in Recent Changes are treated all the same, so normaly users will be able
+ * to see moves, protects and deletes of pages in restricted namespaces. Setting
+ * this var to true will hide all logs in Recent Changes and only those for restricted
+ * namespaces in Special:Log.
+ */
+$wgHideLogs = false;
+
+/**
+ * In case you want to customize what logs the user can see both in Recent Changes
+ * and Special:Log, modify this array to include the log types you want to hide. This is
+ * overriden by $wgHideLogs for Recent Changes and those logs for restricted
+ * namespaces in Special:Log. This feature lets you hide also the 'block' and 'rights'
+ * log types that are namespace independed in Special:Log, or show them in RC while
+ * hiding the rest.
+ * 
+ * This example shows how to hide all log types in RC, and (block/rights) in Special:Log
+ * (the others in Special:Log are  are filtered based on namespace access rights so they
+ * apply only for restricted namespaces).
+ *
+ *$wgHidenLogs = array('block','protect', 'rights', 'delete','upload', 'move');
+ */
+$wgHidenLogs = NULL;
+
+/**
+ * In case some user tries to create a link from some namespace to an other restricted
+ * namespace, while the page gets parsed, instead of the link, a warning message will appear
+ * ('restrlink') to let the user know. If the link is in the same namespace as the edited page,
+ * no check will be done.
+ */
+$wgLinkWarn = true;
+
+/**
+ * In case you want to hide logs about User Talk pages (namespace 3) fromnrecent changes
+ * set this to true.
+ *
+ */
+$wgHideUtalk = false;
+
+/**
+ * You can use this array to alter wiki's upper left logo depending on the namespace 
+ * you are in.
+ *
+ * Example:
+ * $wgNamespaceLogos = array ( 100 => '/url_path_to/logo.gif');
+**/
+$wgNamespaceLogos = NULL;
+
 /**
  * Limit images on image description pages to a user-selectable limit. In order
  * to reduce disk usage, limits can only be selected from a list. This is the
diff -ud mediawiki-1.5.5/includes/GlobalFunctions.php mediawiki-test/includes/GlobalFunctions.php
--- mediawiki-1.5.5/includes/GlobalFunctions.php	2005-10-28 12:40:10.000000000 +0300
+++ mediawiki-test/includes/GlobalFunctions.php	2006-01-17 01:15:07.000000000 +0200
@@ -1226,14 +1226,15 @@
  * @return Html string containing the namespace selector
  */
 function &HTMLnamespaceselector($selected = '', $allnamespaces = null) {
-	global $wgContLang;
+	global $wgContLang, $wgUser;
 	$s = "<select name='namespace' class='namespaceselector'>\n";
 	$arr = $wgContLang->getFormattedNamespaces();
 	if( !is_null($allnamespaces) ) {
 		$arr = array($allnamespaces => wfMsgHtml('namespacesall')) + $arr;
 	}
 	foreach ($arr as $index => $name) {
-		if ($index < NS_MAIN) continue;
+		# Skip Media, Special and restricted namespaces. 
+		if ($index < NS_MAIN || !$wgUser->canAccessNamespace( $index )) continue;
 
 		$name = $index !== 0 ? $name : wfMsgHtml('blanknamespace');
 
diff -ud mediawiki-1.5.5/includes/Parser.php mediawiki-test/includes/Parser.php
--- mediawiki-1.5.5/includes/Parser.php	2005-12-21 18:18:31.000000000 +0200
+++ mediawiki-test/includes/Parser.php	2006-01-17 01:15:07.000000000 +0200
@@ -1329,6 +1329,16 @@
 			$ns = $nt->getNamespace();
 			$iw = $nt->getInterWiki();
 
+			#If the link points to a restricted namespace outside the
+			#parent namespace warn the user.
+			global $wgRestrictedNamespaces, $wgLinkWarn ;
+			if( $wgLinkWarn && is_array( $wgRestrictedNamespaces )) {
+				if( array_key_exists( $ns, $wgRestrictedNamespaces ) &&  ($this->mTitle->getNamespace() != $ns)) {
+					$s .=wfMsg( 'restrlink' ). $trail;
+					continue;
+				}
+			}
+
 			if ($might_be_img) { # if this is actually an invalid link
 				if ($ns == NS_IMAGE && $noforce) { #but might be an image
 					$found = false;
@@ -2060,7 +2070,7 @@
 	 * @access private
 	 */
 	function braceSubstitution( $matches ) {
-		global $wgLinkCache, $wgContLang;
+		global $wgLinkCache, $wgContLang, $wgRestrictedNamespaces;
 		$fname = 'Parser::braceSubstitution';
 		wfProfileIn( $fname );
 
@@ -2131,6 +2141,10 @@
 		if ( !$found ) {
 			# Check for NS: (namespace expansion)
 			$mwNs = MagicWord::get( MAG_NS );
+                        if ( $part1 == 'ns' ) {
+                                $text = $linestart . $wgContLang->getNsText( $this->mTitle->getNamespace() );
+                                $found = true;
+                        }
 			if ( $mwNs->matchStartAndRemove( $part1 ) ) {
 				if ( intval( $part1 ) ) {
 					$text = $linestart . $wgContLang->getNsText( intval( $part1 ) );
@@ -2224,6 +2238,15 @@
 				# Check for excessive inclusion
 				$dbk = $title->getPrefixedDBkey();
 				if ( $this->incrementIncludeCount( $dbk ) ) {
+					# Articles from restricted namespaces can't be used in templates.
+					# They would appear or disappear based on the rights of the user
+					# that refreshes the cache...
+					if( is_array( $wgRestrictedNamespaces ) ) {
+						if( array_key_exists( $title->getNamespace(), $wgRestrictedNamespaces ) ) {
+							$found = true;
+							$text = $linestart . wfMsg( 'templatenotincluded' );
+						}
+					}
 					if ( $title->getNamespace() == NS_SPECIAL && $this->mOptions->getAllowSpecialInclusion() ) {
 						# Capture special page output
 						$text = SpecialPage::capturePath( $title );
diff -ud mediawiki-1.5.5/includes/SearchEngine.php mediawiki-test/includes/SearchEngine.php
--- mediawiki-1.5.5/includes/SearchEngine.php	2005-07-13 09:47:17.000000000 +0300
+++ mediawiki-test/includes/SearchEngine.php	2006-01-17 01:15:07.000000000 +0200
@@ -150,10 +150,10 @@
 	 * @access public
 	 */
 	function searchableNamespaces() {
-		global $wgContLang;
+		global $wgContLang, $wgUser;
 		$arr = array();
 		foreach( $wgContLang->getNamespaces() as $ns => $name ) {
-			if( $ns >= NS_MAIN ) {
+			if( $ns >= NS_MAIN && $wgUser->canAccessNamespace( $ns )) {
 				$arr[$ns] = $name;
 			}
 		}
diff -ud mediawiki-1.5.5/includes/SpecialAllpages.php mediawiki-test/includes/SpecialAllpages.php
--- mediawiki-1.5.5/includes/SpecialAllpages.php	2005-08-02 14:08:19.000000000 +0300
+++ mediawiki-test/includes/SpecialAllpages.php	2006-01-17 01:15:07.000000000 +0200
@@ -9,7 +9,7 @@
  * @param string $par Becomes "FOO" when called like Special:Allpages/FOO (default NULL)
  */
 function wfSpecialAllpages( $par=NULL, $specialPage ) {
-	global $indexMaxperpage, $toplevelMaxperpage, $wgRequest, $wgOut, $wgContLang;
+	global $indexMaxperpage, $toplevelMaxperpage, $wgRequest, $wgOut, $wgContLang, $wgUser;
 	# Config
 	$indexMaxperpage = 960;
 	$toplevelMaxperpage = 50;
@@ -19,7 +19,9 @@
 	
 	$namespaces = $wgContLang->getNamespaces();
 
-	if( !in_array($namespace, array_keys($namespaces)) )
+	#If namespace does not exist or the user is not allowed to access it
+	#return him to the main namespace.
+	if( !in_array($namespace, array_keys($namespaces)) || !$wgUser->canAccessNamespace( $namespace))
 		$namespace = 0;
 
 	$wgOut->setPagetitle( $namespace > 0 ?
diff -ud mediawiki-1.5.5/includes/SpecialContributions.php mediawiki-test/includes/SpecialContributions.php
--- mediawiki-1.5.5/includes/SpecialContributions.php	2005-11-27 16:57:04.000000000 +0200
+++ mediawiki-test/includes/SpecialContributions.php	2006-01-17 01:15:07.000000000 +0200
@@ -16,7 +16,14 @@
 	}
 
 	function set_namespace($ns) {
-		$this->namespace = $ns;
+		global $wgUser;
+		# If the namespace asked is restricted return 
+		# to the main namespace.
+		if($wgUser->canAccessNamespace($ns)) {
+			$this->namespace = $ns;
+		}else{
+			$this->namespace = 0;
+		}
 	}
 
 	function set_limit($limit) {
@@ -69,9 +76,13 @@
 	}
 
 	function get_namespace_cond() {
-		if ($this->namespace !== false)
+		global $wgUser;
+		# Include the namespace in the querry only if it's not restricted to the user.
+		if (($this->namespace !== false) && ($wgUser->canAccessNamespace($this->namespace))) {
 			return " AND page_namespace = " . (int)$this->namespace;
-		return "";
+		}else{
+			return "";
+		}
 	}
 
 	function get_previous_offset_for_paging() {
@@ -123,6 +134,16 @@
 			$offsetQuery = "AND rev_timestamp <= '{$this->offset}'";
 
 		$nscond = $this->get_namespace_cond();
+		# Exclude all namespaces that are restricted to this user
+		global $wgRestrictedNamespaces;
+		global $wgUser;
+		if( is_array( $wgRestrictedNamespaces )) {
+			foreach( $wgRestrictedNamespaces as $key => $value ) {
+				if( ! $wgUser->canAccessNamespace( $key )) {
+					$nscond .= ' AND page_namespace <>' . $key;
+				}
+			}
+		}
 		$use_index = $this->dbr->useIndexClause($index);
 		$sql = "SELECT
 			page_namespace,page_title,page_is_new,page_latest,
diff -ud mediawiki-1.5.5/includes/SpecialExport.php mediawiki-test/includes/SpecialExport.php
--- mediawiki-1.5.5/includes/SpecialExport.php	2005-07-13 04:59:12.000000000 +0300
+++ mediawiki-test/includes/SpecialExport.php	2006-01-17 01:15:07.000000000 +0200
@@ -193,9 +193,14 @@
 	}
 	
 	function namespaces() {
-		global $wgContLang;
+		global $wgContLang, $wgUser;
 		$spaces = "<namespaces>\n";
+		# Don't display restricted namespaces.
 		foreach( $wgContLang->getNamespaces() as $ns => $title ) {
+
+			if(!$wgUser->canAccessNamespace($ns) ){
+				continue;
+			}
 			$spaces .= '    ' . wfElement( 'namespace',
 				array( 'key' => $ns ),
 				str_replace( '_', ' ', $title ) ) . "\n";
@@ -312,7 +317,14 @@
 	 */
 	function outputStream( $resultset ) {
 		$last = null;
+		global $wgUser;
 		while( $row = $resultset->fetchObject() ) {
+
+			#If page is in a secured namespace, skip the row.
+			if(!$wgUser->canAccessNamespace($row->page_namespace) ){
+				continue;
+			}
+
 			if( is_null( $last ) ||
 				$last->page_namespace != $row->page_namespace ||
 				$last->page_title     != $row->page_title ) {
diff -ud mediawiki-1.5.5/includes/SpecialListusers.php mediawiki-test/includes/SpecialListusers.php
--- mediawiki-1.5.5/includes/SpecialListusers.php	2005-07-13 18:14:12.000000000 +0300
+++ mediawiki-test/includes/SpecialListusers.php	2006-01-17 01:15:07.000000000 +0200
@@ -54,7 +54,7 @@
 	 * @todo localize
 	 */
 	function getPageHeader( ) {
-		global $wgScript;
+		global $wgScript, $wgUser;
 		
 		// Various variables used for the form
 		$action = htmlspecialchars( $wgScript );
@@ -67,7 +67,8 @@
 				wfMsgHtml( 'groups-editgroup-name' ) . '<select name="group">';
 
 		// get all group names and IDs
-		$groups = User::getAllGroups();
+//		$groups = User::getAllGroups();
+		$groups = $wgUser->getGroups();
 		
 		// we want a default empty group
 		$out.= '<option value=""></option>';
@@ -152,7 +153,7 @@
 	}
 
 	function formatResult( $skin, $result ) {
-		global $wgContLang;
+		global $wgContLang, $wgUser;
 		
 		$userPage = Title::makeTitle( $result->namespace, $result->title );
 		$name = $skin->makeLinkObj( $userPage, htmlspecialchars( $userPage->getText() ) );
@@ -168,15 +169,27 @@
 				$groups[] = User::getGroupName( $row->ug_group );
 			}
 			$dbr->freeResult( $result );
-			
-			if( count( $groups ) > 0 ) {
-				$name .= ' (' .
-					$skin->makeLink( wfMsgForContent( 'administrators' ),
-						htmlspecialchars( implode( ', ', $groups ) ) ) .
-					')';
+
+			$incl = false;
+			$rUsergroups = implode(',',$groups);
+			$tUserGroups = $wgUser->getGroups();
+			for( $i = 0; count($tUserGroups) >= $i; $i++) {
+				if( substr_count($rUsergroups, $tUserGroups[$i]) >0 ){
+					$incl = true;
+					break;
+				}
 			}
-		}
 
+			if( $incl ){
+				if( count( $groups ) > 0 ) {
+					$name .= ' (' .
+						$skin->makeLink( wfMsgForContent( 'administrators' ),
+							htmlspecialchars( implode( ', ', $groups ) ) ) .
+						')';
+				}
+			return $name;
+			}
+		}
 		return $name;
 	}	
 }
diff -ud mediawiki-1.5.5/includes/SpecialLog.php mediawiki-test/includes/SpecialLog.php
--- mediawiki-1.5.5/includes/SpecialLog.php	2005-06-27 12:14:32.000000000 +0300
+++ mediawiki-test/includes/SpecialLog.php	2006-01-17 01:15:07.000000000 +0200
@@ -236,13 +236,14 @@
 	 * @return object database result set
 	 */
 	function getLogRows() {
-		global $wgLinkCache;
+		global $wgLinkCache, $wgUser;
 		$result = $this->reader->getRows();
 		$this->numResults = 0;
 
 		// Fetch results and form a batch link existence query
 		$batch = new LinkBatch;
 		while ( $s = $result->fetchObject() ) {
+
 			// User link
 			$title = Title::makeTitleSafe( NS_USER, $s->user_name );
 			$batch->addObj( $title );
@@ -292,11 +293,41 @@
 	 * @private
 	 */
 	function logLine( $s ) {
-		global $wgLang, $wgLinkCache;
+		global $wgLang, $wgLinkCache, $wgUser;
+		global $wgHideLogs, $wgHidenLogs;
 		$title = Title::makeTitle( $s->log_namespace, $s->log_title );
 		$user = Title::makeTitleSafe( NS_USER, $s->user_name );
 		$time = $wgLang->timeanddate( $s->log_timestamp, true );
 
+		# Hide all logs or the log types in $wgHidenLogs.
+
+		# Block and rights are namespace independed.
+		if((is_array($wgHidenLogs) && 
+			((in_array('block', $wgHidenLogs) && $s->log_type =='block' )
+			||(in_array('rights', $wgHidenLogs) && $s->log_type=='rights'))
+			||($wgHideLogs && ($s->log_type=='block' ||$s->log_type=='rights')))){
+				return;
+		}
+
+		# Upload namespaces are public.
+		if(is_array($wgHidenLogs) && (in_array('upload', $wgHidenLogs) && $s->log_type=='upload') || ($wgHideLogs && $s->log_type=='upload')) {
+			return;
+		}
+
+		# We hide the rest only for the restricted namespaces.
+		if(!$wgUser->canAccessNamespace($s->log_namespace)){
+			if($wgHideLogs){
+				return;
+			}
+			if(is_array($wgHidenLogs)){
+				if((in_array('protect', $wgHidenLogs) && $s->log_type=='protect')
+				||(in_array('delete', $wgHidenLogs) && $s->log_type=='delete')
+				||(in_array('move', $wgHidenLogs) && $s->log_type=='move')){
+					return;
+				}
+			}
+		}
+
 		// Enter the existence or non-existence of this page into the link cache,
 		// for faster makeLinkObj() in LogPage::actionText()
 		if( $s->page_id ) {
diff -ud mediawiki-1.5.5/includes/SpecialPreferences.php mediawiki-test/includes/SpecialPreferences.php
--- mediawiki-1.5.5/includes/SpecialPreferences.php	2005-10-21 23:47:39.000000000 +0300
+++ mediawiki-test/includes/SpecialPreferences.php	2006-01-17 01:15:07.000000000 +0200
@@ -89,7 +89,7 @@
 		if ( $this->mPosted ) {
 			$namespaces = $wgContLang->getNamespaces();
 			foreach ( $namespaces as $i => $namespace ) {
-				if ( $i >= 0 ) {
+				if ( $i >= 0 && $wgUser->canAccessNamespace( $i) ) {
 					$this->mSearchNs[$i] = $request->getCheck( "wpNs$i" ) ? 1 : 0;
 				}
 			}
@@ -352,7 +352,7 @@
 
 		$namespaces = $wgContLang->getNamespaces();
 		foreach ( $namespaces as $i => $namespace ) {
-			if ( $i >= NS_MAIN ) {
+			if ( $i >= NS_MAIN && $wgUser->canAccessNamespace( $i)) {
 				$this->mSearchNs[$i] = $wgUser->getOption( 'searchNs'.$i );
 			}
 		}
@@ -369,7 +369,7 @@
 		$r1 = null;
 
 		foreach ( $namespaces as $i => $name ) {
-			if ($i < 0)
+			if ($i < 0 && !$wgUser->canAccessNamespace( $i))
 				continue;
 			$checked = $this->mSearchNs[$i] ? "checked='checked'" : '';
 			$name = str_replace( '_', ' ', $namespaces[$i] );
diff -ud mediawiki-1.5.5/includes/SpecialRandompage.php mediawiki-test/includes/SpecialRandompage.php
--- mediawiki-1.5.5/includes/SpecialRandompage.php	2005-08-02 03:01:45.000000000 +0300
+++ mediawiki-test/includes/SpecialRandompage.php	2006-01-17 01:15:07.000000000 +0200
@@ -11,12 +11,12 @@
  *               used as e.g. Special:Randompage/Category
  */
 function wfSpecialRandompage( $par = NS_MAIN ) {
-	global $wgOut, $wgTitle, $wgArticle, $wgExtraRandompageSQL, $wgContLang;
+	global $wgOut, $wgTitle, $wgArticle, $wgExtraRandompageSQL, $wgContLang, $wgUser;
 	$fname = 'wfSpecialRandompage';
 
 	# Determine the namespace to get a random page from.
 	$namespace = $wgContLang->getNsIndex($par);
-	if ($namespace === false || $namespace < NS_MAIN) {
+	if ($namespace === false || $namespace < NS_MAIN || !$wgUser->canAccessNamespace($namespace)) {
 		$namespace = NS_MAIN;
 	}
 
diff -ud mediawiki-1.5.5/includes/SpecialRecentchanges.php mediawiki-test/includes/SpecialRecentchanges.php
--- mediawiki-1.5.5/includes/SpecialRecentchanges.php	2005-11-18 22:05:37.000000000 +0200
+++ mediawiki-test/includes/SpecialRecentchanges.php	2006-01-17 01:15:07.000000000 +0200
@@ -21,6 +21,7 @@
 	global $wgFeedClasses, $wgUseRCPatrol;
 	global $wgRCShowWatchingUsers, $wgShowUpdatedMarker;
 	global $wgLinkCache;
+	global $wgRestrictedNamespaces, $wgHideCategoriesinRC, $wgHidenLogs, $wgHideLogs, $wgHideUtalk;
 	$fname = 'wfSpecialRecentchanges';
 
 	# Get query parameters
@@ -119,8 +120,9 @@
 
 	# Get last modified date, for client caching
 	# Don't use this if we are using the patrol feature, patrol changes don't update the timestamp
+	# Don't use it if there are hidden namespaces, as the feed must be different for the users
 	$lastmod = $dbr->selectField( 'recentchanges', 'MAX(rc_timestamp)', false, $fname );
-	if ( $feedFormat || !$wgUseRCPatrol ) {
+	if ( !is_array( $wgRestrictedNamespaces ) && ($feedFormat || !$wgUseRCPatrol) ) {
 		if( $lastmod && $wgOut->checkLastModified( $lastmod ) ){
 			# Client cache fresh and headers sent, nothing more to do.
 			return;
@@ -131,6 +133,33 @@
 	$hidem .= $hidebots ? ' AND rc_bot=0' : '';
 	$hidem .= $hideliu ? ' AND rc_user=0' : '';
 	$hidem .= $hidepatrolled ? ' AND rc_patrolled=0' : '';
+
+	# Hide all categories if $wgHideCategoriesinRC is set
+	$hidem .= $wgHideCategoriesinRC ? ' AND rc_namespace <> 14':'';
+	# Hide all User_talk pages if $wgHideUtalk is set
+	$hidem .= $wgHideUtalk ? ' AND rc_namespace <> 3':'';
+	# Hide all logs if $wgHideRCLogs is set
+	$hidem .= $wgHideLogs ? ' AND rc_type <> 3':'';
+	# Hide all logs or the log types in $wgHidenLogs.
+	if(!$wgHideLogs && is_array($wgHidenLogs)){
+		# Block and rights are namespace independed.
+		$hidem .= in_array('block', $wgHidenLogs) ? ' AND rc_title <> "Log/block"':'';
+		$hidem .= in_array('rights', $wgHidenLogs) ? ' AND rc_title <> "Log/rights"':'';
+		# Hide the log types set in $wgHidenLogs
+		$hidem .= in_array('protect', $wgHidenLogs) ? ' AND rc_title <> "Log/protect"':'';
+		$hidem .= in_array('delete', $wgHidenLogs) ? ' AND rc_title <> "Log/delete"':'';
+		$hidem .= in_array('upload', $wgHidenLogs) ? ' AND rc_title <> "Log/upload"':'';
+		$hidem .= in_array('move', $wgHidenLogs) ? ' AND rc_title <> "Log/move"':'';
+	}
+	# Exclude all namespaces that are restricted to this user
+	if( is_array( $wgRestrictedNamespaces )) {
+		foreach( $wgRestrictedNamespaces as $key => $value ) {
+			if( ! $wgUser->canAccessNamespace( $key )) {
+				$hidem .= ' AND rc_namespace <>' . $key;
+			}
+		}
+	}
+	
 	$hidem .= is_null( $namespace ) ?  '' : ' AND rc_namespace' . ($invert ? '!=' : '=') . $namespace;
 
 	// This is the big thing!
@@ -264,11 +293,18 @@
 		 * go ahead and use it even if there have been edits made
 		 * since it was rendered. This keeps a swarm of requests
 		 * from being too bad on a super-frequently edited wiki.
+		 *
+		 * Using restricted namespaces forbids caching the feed,
+		 * however, since it must be rendered according to user
+		 * rights.
+		 *
 		 */
-		if( time() - wfTimestamp( TS_UNIX, $feedLastmod )
-				< $wgFeedCacheTimeout
-			|| wfTimestamp( TS_UNIX, $feedLastmod )
-				> wfTimestamp( TS_UNIX, $lastmod ) ) {
+
+		if( !is_array( $wgRestrictedNamespaces )
+			&& (time() - wfTimestamp( TS_UNIX, $feedLastmod )
+					< $wgFeedCacheTimeout
+				|| wfTimestamp( TS_UNIX, $feedLastmod )
+					> wfTimestamp( TS_UNIX, $lastmod ) ) ) {
 			wfDebug( "RC: loading feed from cache ($key; $feedLastmod; $lastmod)...\n" );
 			$cachedFeed = $messageMemc->get( $key );
 		} else {
diff -ud mediawiki-1.5.5/includes/SpecialRecentchangeslinked.php mediawiki-test/includes/SpecialRecentchangeslinked.php
--- mediawiki-1.5.5/includes/SpecialRecentchangeslinked.php	2005-08-25 07:32:20.000000000 +0300
+++ mediawiki-test/includes/SpecialRecentchangeslinked.php	2006-01-17 01:15:07.000000000 +0200
@@ -58,10 +58,22 @@
 	  	  WfMsg( "hide" ), "target=" . htmlspecialchars( $nt->getPrefixedURL() ) .
 		  "&days={$days}&limit={$limit}&hideminor=1" );
 	}
+	$cmq = '';
+
 	if ( $hideminor ) {
 		$cmq = 'AND rev_minor_edit=0';
-	} else { $cmq = ''; }
+	} 
 
+	# Exclude all namespaces that are restricted to this user
+	global $wgRestrictedNamespaces;
+	if( is_array( $wgRestrictedNamespaces )) {
+		foreach( $wgRestrictedNamespaces as $key => $value ) {
+			if( ! $wgUser->canAccessNamespace( $key )) {
+				$cmq .= ' AND page_namespace <>' . $key;
+			}
+		}
+	}
+	
 	extract( $dbr->tableNames( 'categorylinks', 'pagelinks', 'revision', 'page' ) );
 	
 	// If target is a Category, use categorylinks and invert from and to
diff -ud mediawiki-1.5.5/includes/SpecialUserlogin.php mediawiki-test/includes/SpecialUserlogin.php
--- mediawiki-1.5.5/includes/SpecialUserlogin.php	2005-08-26 16:54:11.000000000 +0300
+++ mediawiki-test/includes/SpecialUserlogin.php	2006-01-17 01:15:07.000000000 +0200
@@ -407,6 +407,7 @@
 	function successfulLogin( $msg ) {
 		global $wgUser;
 		global $wgOut;
+		global $wgLinkWarn;
 
 		# Run any hooks; ignore results
 		
@@ -416,7 +417,19 @@
 		$wgOut->setRobotpolicy( 'noindex,nofollow' );
 		$wgOut->setArticleRelated( false );
 		$wgOut->addWikiText( $msg );
-		$wgOut->returnToMain();
+
+		if($wgUser->getRMainPages() != NULL) {
+
+			# We are going to put some links to restricted namespaces
+			# that the user has access to, so we disable the warning.
+			$wgLinkWarn = false;
+	
+			$wgOut->addWikiText(wfMsg('RNSlist').str_replace( '_', ' ',$wgUser->getRMainPages()));
+			$wgOut->returnToMain(false);
+
+		}else{
+			$wgOut->returnToMain();
+		}
 	}
 
 	/** */
diff -ud mediawiki-1.5.5/includes/SpecialWantedpages.php mediawiki-test/includes/SpecialWantedpages.php
--- mediawiki-1.5.5/includes/SpecialWantedpages.php	2005-05-26 13:23:35.000000000 +0300
+++ mediawiki-test/includes/SpecialWantedpages.php	2006-01-17 01:15:07.000000000 +0200
@@ -44,9 +44,15 @@
 	}
 
 	function formatResult( $skin, $result ) {
-		global $wgContLang;
+		global $wgContLang, $wgUser;
 
 		$nt = Title::makeTitle( $result->namespace, $result->title );
+
+		# Don't show wanted pages in restricted namespaces
+		if( !$wgUser->canAccessNamespace( $nt->getNamespace() ) ) {
+			return "";
+		}
+
 		$text = $wgContLang->convert( $nt->getPrefixedText() );
 		$plink = $skin->makeBrokenLink( $nt->getPrefixedText(), $text );
 		
diff -ud mediawiki-1.5.5/includes/SpecialWhatlinkshere.php mediawiki-test/includes/SpecialWhatlinkshere.php
--- mediawiki-1.5.5/includes/SpecialWhatlinkshere.php	2005-12-11 20:50:16.000000000 +0200
+++ mediawiki-test/includes/SpecialWhatlinkshere.php	2006-01-17 01:15:07.000000000 +0200
@@ -97,6 +97,11 @@
 			// Last row is for checks only; don't display it.
 			break;
 		}
+
+		#If the linking page is located in a secured namespace, skip it.
+		if(!$wgUser->canAccessNamespace($row->page_namespace)) {
+			continue;
+		}
 		
 		$nt = Title::makeTitle( $row->page_namespace, $row->page_title );
 
diff -ud mediawiki-1.5.5/includes/Title.php mediawiki-test/includes/Title.php
--- mediawiki-1.5.5/includes/Title.php	2005-10-30 03:30:44.000000000 +0200
+++ mediawiki-test/includes/Title.php	2006-01-17 01:15:07.000000000 +0200
@@ -905,6 +905,10 @@
 		wfProfileIn( $fname );
 
 		global $wgUser;
+		if( !$wgUser->canAccessNamespace( $this->mNamespace )) {
+			wfProfileOut( $fname );
+			return false;
+		}
 		if( NS_SPECIAL == $this->mNamespace ) {
 			wfProfileOut( $fname );
 			return false;
@@ -998,7 +1002,7 @@
 	function userCanRead() {
 		global $wgUser;
 
-		if( $wgUser->isAllowed('read') ) {
+		if( $wgUser->isAllowed('read',$this )){
 			return true;
 		} else {
 			global $wgWhitelistRead;
@@ -1012,15 +1016,17 @@
 			}
 
 			/** some pages are explicitly allowed */
-			$name = $this->getPrefixedText();
-			if( $wgWhitelistRead && in_array( $name, $wgWhitelistRead ) ) {
-				return true;
-			}
+			if( is_array( $wgWhitelistRead )) {
+				$name = $this->getPrefixedText();
+				if( in_array( $name, $wgWhitelistRead ) ) {
+ 					return true;
+				}
 
-			# Compatibility with old settings
-			if( $wgWhitelistRead && $this->getNamespace() == NS_MAIN ) {
-				if( in_array( ':' . $name, $wgWhitelistRead ) ) {
-					return true;
+				# Compatibility with old settings
+				if( $this->getNamespace() == NS_MAIN ) {
+					if( in_array( ':' . $name, $wgWhitelistRead ) ) {
+						return true;
+					}
 				}
 			}
 		}
diff -ud mediawiki-1.5.5/includes/User.php mediawiki-test/includes/User.php
--- mediawiki-1.5.5/includes/User.php	2005-12-01 10:39:21.000000000 +0200
+++ mediawiki-test/includes/User.php	2006-01-17 01:15:07.000000000 +0200
@@ -1018,12 +1018,155 @@
 	/**
 	 * Check if user is allowed to access a feature / make an action
 	 * @param string $action Action to be checked (see $wgAvailableRights in Defines.php for possible actions).
+	 * @param string $title Title of the article (so we can check if it's namespace is restricted to the user).
 	 * @return boolean True: action is allowed, False: action should not be allowed
 	 */
-	function isAllowed($action='') {
+	function isAllowed($action='', $title = NULL) {
+		global $wgRestrictedNamespaces, $wgReadOnlyNSes;
+
 		$this->loadFromDatabase();
+		
+		if( $title == NULL ) {
+			global $wgTitle;
+			$title = $wgTitle;
+		}
+
+		$ns = $title->getNamespace();
+		// If user wants to read a page, that page is in a read only namespace
+		// and the user has the 'roread' right, allow him to read it. If it has
+		// the 'roedit' right allow him to edit it.
+		if( is_array($wgReadOnlyNSes)) {
+			if( $action == 'read' && in_array($ns, $wgReadOnlyNSes) && in_array('roread', $this->mRights) && !$this->isBlocked() ) {
+				return true;
+			}
+			if( $action == 'edit' && !$title->isProtected() && in_array($ns, $wgReadOnlyNSes) && in_array('roedit', $this->mRights) && !$this->isBlocked()) {
+				return true;
+			}
+		}		
+
+		// Prevent access to restricted namespaces if the user does not have all
+		// required rights.
+		if( !$this->canAccessNamespace($ns) ) {
+			return false;
+		}
+
+		// If we are in user's page, allow him to do everything...
+		if ( $action == 'edit' && ($ns == NS_USER_TALK || $ns == NS_USER) && $title->getText() == $this->getName() && !$this->isBlocked() && !$title->isProtected() ) {
+			return true;
+		}
+
+		if ( $action == 'protect' && ($ns == NS_USER_TALK || $ns == NS_USER) && $title->getText() == $this->getName() && !$this->isBlocked() ){
+			return true;
+		}
+
+		// If user wants to edit a talk page and has the talk right, allow him to do so...
+		if( $title->isTalkPage() && $action == 'edit' && in_array('talk', $this->mRights) && !$this->isBlocked() && !$title->isProtected() ){
+			return true;
+		}
+
+		// If user wants to leave a mesage on another's user talk page and that page is unprotected, allow him to do so...
+		if( $action == 'edit' && $ns == NS_USER_TALK && !$this->isBlocked() && !$title->isProtected() ){
+			return true;
+		}
+	
+		// If user has the sedit right, allow him to edit pages in the restricted namespaces
+		// he has access.
+		if( is_array($wgRestrictedNamespaces) && array_key_exists($ns, $wgRestrictedNamespaces) 
+			&& $this->canAccessNamespace($ns) && !$this->isBlocked() ){
+
+			if( $action == 'edit' && in_array('sedit', $this->mRights) && !$title->isProtected() ) {
+				return true;
+			}
+
+		// If user has the sprotect right, allow him to edit pages in the  in the restricted namespaces
+		// he has access.
+			if(($action == 'protect' || $action == 'unprotect') && in_array('sprotect', $this->mRights)) {
+				return true;
+			}
+
+
+		// If user has the sdelete right, allow him to edit pages in the  in the restricted namespaces
+		// he has access.
+			if( !$title->isProtected() && ($action == 'delete' || $action == 'undelete') && (in_array('sdelete', $this->mRights)) ) {
+					return true;
+				}
+		}
+
+		//If the user wants to delete or undelete a page and it's blocked don't allow him to do so.
+		if( ($action == 'delete' || $action == 'undelete') && ($title->isProtected() || $this->isBlocked()) ){
+			return false;
+		}
+
+
+                //If the user wants to protect or unprotect a page and it's blocked don't allow him to do so.
+               	if( ($action == 'protect' || $action == 'unprotect') && $this->isBlocked() ){
+                  		 return false;
+               	}
+
 		return in_array( $action , $this->mRights );
 	}
+	
+	/**
+	 * Check if user is allowed to access a given namespace
+	 * @param string $namespace ID of the namespace that needs to be checked.
+	 * @return boolean True: access is allowed, False: access is denied
+	 */
+	function canAccessNamespace( $namespace='' ) {
+		global $wgRestrictedNamespaces;
+		$this->loadFromDatabase();
+
+		if( is_array( $wgRestrictedNamespaces )) {
+			if( array_key_exists( $namespace, $wgRestrictedNamespaces ) ) {
+				if( in_array($wgRestrictedNamespaces[$namespace], $this->mRights)){
+					return true;
+				}
+				return false;
+			}
+		}
+
+		return true;
+
+	}
+
+	/**
+	 * Get the restricted namespaces the user has access to (talk namespaces not included).
+	 * @return string with the namespace names seperated by the "\n" character/
+	 */
+	function getAllowedRNSes() {
+		global $wgRestrictedNamespaces;
+		$this->loadFromDatabase();
+		$names = NULL;
+
+		if( is_array( $wgRestrictedNamespaces ) ) {
+			foreach ($wgRestrictedNamespaces as $nsid => $ugroup) {
+				if( $this->canAccessNamespace($nsid) && !($nsid %2) ) {
+					$names .= Namespace::getCanonicalName($nsid)."\n";
+				}
+			}
+		}
+		return $names;
+	}
+
+	/**
+	 * Get the main page title of each restricted namespace (talk namespaces not included)
+	 * the user has access to.
+	 * @return string: The titles seperated by the  "\n" character.
+	 */
+	function getRMainPages() {
+		global $wgRestrictedNamespaces;
+		$titles = NULL;
+
+		if( is_array( $wgRestrictedNamespaces ) ) {
+			$namespaces = $this->getAllowedRNSes();
+			$nsarray = explode("\n",$namespaces);
+			foreach ($nsarray as $index => $nsname) {
+				if($nsname != ""){
+					$titles .= "[[".$nsname.":".wfMsgForContent( 'mainpage' )."|".$nsname."]]"."<br/>\n";
+				}
+			}
+		}
+		return $titles;
+	}
 
 	/**
 	 * Load a skin if it doesn't exist or return it