diff -iEbdu -r ./includes/Article.php ./includes/Article.php
--- ./includes/Article.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/Article.php	2006-12-07 15:30:54.340034100 +0100
@@ -644,7 +644,6 @@
 
 		# If we got diff and oldid in the query, we want to see a
 		# diff page instead of the article.
-
 		if ( !is_null( $diff ) ) {
 			$wgOut->setPageTitle( $this->mTitle->getPrefixedText() );
 
diff -iEbdu -r ./includes/CategoryPage.php ./includes/CategoryPage.php
--- ./includes/CategoryPage.php	2006-11-21 16:36:14.472026700 +0100
+++ ./includes/CategoryPage.php	2006-12-07 15:22:52.721070900 +0100
@@ -175,6 +175,7 @@
 	}
 
 	function doCategoryQuery() {
+		global $wgUser;
 		$dbr =& wfGetDB( DB_SLAVE );
 		if( $this->from != '' ) {
 			$pageCondition = 'cl_sortkey >= ' . $dbr->addQuotes( $this->from );
@@ -210,6 +211,11 @@
 
 			$title = Title::makeTitle( $x->page_namespace, $x->page_title );
 
+			# If this page is inside a restricted namespace, skip the result...
+ 			if(!$wgUser->canAccessNamespace($title->getNamespace())) {
+ 				continue;
+ 			}
+
 			if( $title->getNamespace() == NS_CATEGORY ) {
 				$this->addSubcategory( $title, $x->cl_sortkey, $x->page_len );
 			} elseif( $title->getNamespace() == NS_IMAGE ) {
diff -iEbdu -r ./includes/DefaultSettings.php ./includes/DefaultSettings.php
--- ./includes/DefaultSettings.php	2006-10-14 02:06:34.000000000 +0200
+++ ./includes/DefaultSettings.php	2006-12-07 15:30:58.121429300 +0100
@@ -914,6 +914,13 @@
 $wgGroupPermissions['bot'  ]['autoconfirmed']   = true;
 
 // Most extra permission abilities go to this group
+$wgGroupPermissions['sysop']['createpage']      = true;
+$wgGroupPermissions['sysop']['createtalk']      = true;
+$wgGroupPermissions['sysop']['read']            = true;
+$wgGroupPermissions['sysop']['edit']            = true;
+$wgGroupPermissions['sysop']['minoredit']       = true;
+$wgGroupPermissions['sysop']['roread']          = true;
+$wgGroupPermissions['sysop']['roedit']          = true;
 $wgGroupPermissions['sysop']['block']           = true;
 $wgGroupPermissions['sysop']['createaccount']   = true;
 $wgGroupPermissions['sysop']['delete']          = true;
@@ -1747,6 +1754,96 @@
 $wgExtraNamespaces = NULL;
 
 /**
+ * Hidden namespaces. If you include a namespace in this array, only users with
+ * the matching priviledges will be able to see and edit pages in this
+ * namespace.
+ *
+ * The form is " namespace => 'priviledge' " e.g.
+ *
+ * $wgRestrictedNamespaces =
+ *    array(100 => 'coolguy',
+ *             101 => 'coolguy'
+ *            );
+ *
+ * where 100 is the namespace id and 'coolguy' is the priviledge.
+ *
+ * Each priv. is a string in an array, you can add as many as you like
+ * in the $wgGroupPermitions array e.g.
+ *
+ *$wgGroupPermissions['allowed']['coolguy'] = true;
+ *
+ * In this example you asigned the 'coolguy' priviledge to the 'allowed' group.
+ *
+ */
+$wgRestrictedNamespaces = NULL;
+
+/**
+ * In case you want only to deny the edit right on a namespace, you may put it
+ * in this array. You also need to asign the 'roread' right to the usergroup you
+ * want to be able to read and the 'roedit' right to the usergroup you want to be
+ * able to edit. Read only namespaces are not hiden (nor their logs etc).
+ *
+ * Example: $wgReadOnlyNSes = array(100,101);
+ *
+ */
+$wgReadOnlyNSes = NULL;
+
+/**
+ * In case you have categories of pages located on a restricted namespaces
+ * those categories will appear empty and might be comfusing. Setting this
+ * var to true, (all) categories will be hidden in the Recent changes.
+ */
+$wgHideCategoriesinRC = false;
+
+/**
+ * Logs in Recent Changes are treated all the same, so normaly users will be able
+ * to see moves, protects and deletes of pages in restricted namespaces. Setting
+ * this var to true will hide all logs in Recent Changes and only those for restricted
+ * namespaces in Special:Log.
+ */
+$wgHideLogs = false;
+ 
+/**
+ * In case you want to customize what logs the user can see both in Recent Changes
+ * and Special:Log, modify this array to include the log types you want to hide. This is
+ * overriden by $wgHideLogs for Recent Changes and those logs for restricted
+ * namespaces in Special:Log. This feature lets you hide also the 'block' and 'rights'
+ * log types that are namespace independed in Special:Log, or show them in RC while
+ * hiding the rest.
+ * 
+ * This example shows how to hide all log types in RC, and (block/rights) in Special:Log
+ * (the others in Special:Log are  are filtered based on namespace access rights so they
+ * apply only for restricted namespaces).
+ *
+ *$wgHidenLogs = array('block','protect', 'rights', 'delete','upload', 'move');
+ */
+$wgHidenLogs = NULL;
+ 
+/**
+ * In case some user tries to create a link from some namespace to an other restricted
+ * namespace, while the page gets parsed, instead of the link, a warning message will appear
+ * ('restrlink') to let the user know. If the link is in the same namespace as the edited page,
+ * no check will be done.
+ */
+$wgLinkWarn = true; 
+ 
+/**
+ * In case you want to hide logs about User Talk pages (namespace 3) fromnrecent changes
+ * set this to true.
+ * 
+ */
+$wgHideUtalk = false; 
+ 
+/**
+ * You can use this array to alter wiki's upper left logo depending on the namespace
+ * you are in. 
+ *
+ * Example:
+ * $wgNamespaceLogos = array ( 100 => '/url_path_to/logo.gif');
+ **/
+$wgNamespaceLogos = NULL;
+
+/**
  * Limit images on image description pages to a user-selectable limit. In order
  * to reduce disk usage, limits can only be selected from a list. This is the
  * list of settings the user can choose from:
diff -iEbdu -r ./includes/Export.php ./includes/Export.php
--- ./includes/Export.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/Export.php	2006-12-07 15:30:56.355736500 +0100
@@ -256,7 +256,13 @@
 	 */
 	function outputStream( $resultset ) {
 		$last = null;
+		global $wgUser;
 		while( $row = $resultset->fetchObject() ) {
+                        #If page is in a secured namespace, skip the row.
+                        if(!$wgUser->canAccessNamespace($row->page_namespace) ){
+                               continue;
+                        }
+
 			if( is_null( $last ) ||
 				$last->page_namespace != $row->page_namespace ||
 				$last->page_title     != $row->page_title ) {
@@ -349,11 +355,14 @@
 	}
 
 	function namespaces() {
-		global $wgContLang;
-		$spaces = "  <namespaces>\n";
+		global $wgContLang, $wgUser;
+		$spaces = "<namespaces>\n";
 		foreach( $wgContLang->getFormattedNamespaces() as $ns => $title ) {
+			if($wgUser->canAccessNamespace($ns))
+			{
 			$spaces .= '      ' . wfElement( 'namespace', array( 'key' => $ns ), $title ) . "\n";
 		}
+		}
 		$spaces .= "    </namespaces>";
 		return $spaces;
 	}
diff -iEbdu -r ./includes/OutputPage.php ./includes/OutputPage.php
--- ./includes/OutputPage.php	2006-10-14 02:06:34.000000000 +0200
+++ ./includes/OutputPage.php	2006-12-07 15:30:56.636997300 +0100
@@ -236,7 +236,7 @@
 		foreach ( $categories as $category => $arbitrary ) {
 			$title = Title::makeTitleSafe( NS_CATEGORY, $category );
 			$text = $wgContLang->convertHtml( $title->getText() );
-			$this->mCategoryLinks[] = $sk->makeLinkObj( $title, $text );
+			$this->mCategoryLinks[] = $sk->makeKnownLinkObj( $title, $text );
 		}
 	}
 
@@ -723,6 +723,7 @@
 		$this->mBodytext = '';
 
 		$groups = array();
+		
 		foreach( $wgGroupPermissions as $key => $value ) {
 			if( isset( $value[$permission] ) && $value[$permission] == true ) {
 				$groupName = User::getGroupName( $key );
@@ -777,6 +778,21 @@
 
 		$skin = $wgUser->getSkin();
 		
+		if($wgTitle->getNamespace() >= 100){
+ 			$usersNamespaces = $wgUser->getAllowedRNSes();
+ 			$usersNamespacesArray = explode("\n", $usersNamespaces);
+ 			$currentNamespace = Namespace::getCanonicalName($wgTitle->getNamespace());
+ 
+ 			if (!in_array($currentNamespace, $usersNamespacesArray)) {
+ 				$this->setPageTitle( wfMsg( 'noaccesstitle' ) );
+ 				$this->setHtmlTitle( wfMsg( 'errorpagetitle' ) );
+ 				$this->setRobotPolicy( 'noindex,nofollow' );
+ 				$this->setArticleFlag( false );
+ 				$this->addHTML( wfMsgHtml( 'noaccesstext') );
+ 			} else {
+ 				// Should never reach here.
+ 			}
+		} else {
 		$this->setPageTitle( wfMsg( 'loginreqtitle' ) );
 		$this->setHtmlTitle( wfMsg( 'errorpagetitle' ) );
 		$this->setRobotPolicy( 'noindex,nofollow' );
@@ -793,6 +809,7 @@
 		if( $mainPage->userCanRead() )
 			$this->returnToMain( true, $mainPage );
 	}
+	}
 
 	/** @obsolete */
 	function databaseError( $fname, $sql, $error, $errno ) {
diff -iEbdu -r ./includes/Parser.php ./includes/Parser.php
--- ./includes/Parser.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/Parser.php	2006-12-07 16:39:15.760002900 +0100
@@ -1463,6 +1463,7 @@
 	 */
 	function replaceInternalLinks( $s ) {
 		global $wgContLang;
+		global $wgUser;
 		static $fname = 'Parser::replaceInternalLinks' ;
 
 		wfProfileIn( $fname );
@@ -1604,6 +1605,17 @@
 
 			$ns = $nt->getNamespace();
 			$iw = $nt->getInterWiki();
+
+ 			#If the link points to a restricted namespace outside the
+ 			#parent namespace warn the user.
+ 			global $wgRestrictedNamespaces, $wgLinkWarn ;
+ 			if( $wgLinkWarn && is_array( $wgRestrictedNamespaces )) {
+ 				if( array_key_exists( $ns, $wgRestrictedNamespaces ) &&  !$wgUser->canAccessNamespace( $ns )) {/*($this->mTitle->getNamespace() != $ns)) {*/
+ 					$s .=wfMsg( 'restrlink' ). $trail;
+ 					continue;
+ 				}
+ 			}
+
 			wfProfileOut( "$fname-title" );
 			
 			if ($might_be_img) { # if this is actually an invalid link
@@ -2826,7 +2838,7 @@
 	 * @private
 	 */
 	function braceSubstitution( $piece ) {
-		global $wgContLang, $wgLang, $wgAllowDisplayTitle, $action;
+		global $wgContLang, $wgLang, $wgAllowDisplayTitle, $action, $wgRestrictedNamespaces;
 		$fname = __METHOD__ /*. '-L' . count( $this->mArgStack )*/;
 		wfProfileIn( $fname );
 		wfProfileIn( __METHOD__.'-setup' );
@@ -2994,6 +3006,15 @@
 				}
 
 				if ( !$title->isExternal() ) {
+					# Articles from restricted namespaces can't be used in templates.
+					# They would appear or disappear based on the rights of the user
+					# that refreshes the cache...
+					if( is_array( $wgRestrictedNamespaces ) ) {
+						if( array_key_exists( $title->getNamespace(), $wgRestrictedNamespaces ) ) {
+							$found = true;
+							$text = $linestart . wfMsg( 'templatenotincluded' );
+						}
+ 					}
 					if ( $title->getNamespace() == NS_SPECIAL && $this->mOptions->getAllowSpecialInclusion() && $this->ot['html'] ) {
 						$text = SpecialPage::capturePath( $title );
 						if ( is_string( $text ) ) {
diff -iEbdu -r ./includes/QueryPage.php ./includes/QueryPage.php
--- ./includes/QueryPage.php	2006-10-14 02:06:34.000000000 +0200
+++ ./includes/QueryPage.php	2006-12-07 15:30:58.355813300 +0100
@@ -474,8 +474,14 @@
 class PageQueryPage extends QueryPage {
 
 	function formatResult( $skin, $result ) {
-		global $wgContLang;
+		global $wgContLang, $wgUser;
 		$nt = Title::makeTitle( $result->namespace, $result->title );
+
+		# Don't show wanted pages in restricted namespaces
+		if( !$wgUser->canAccessNamespace( $nt->getNamespace() ) ) {
+			return "";
+		}
+
 		return $skin->makeKnownLinkObj( $nt, htmlspecialchars( $wgContLang->convert( $nt->getPrefixedText() ) ) );
 	}
 }
diff -iEbdu -r ./includes/SearchEngine.php ./includes/SearchEngine.php
--- ./includes/SearchEngine.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/SearchEngine.php	2006-12-07 16:12:19.098684900 +0100
@@ -167,10 +167,10 @@
 	 * @access public
 	 */
 	function searchableNamespaces() {
-		global $wgContLang;
+		global $wgContLang, $wgUser;
 		$arr = array();
 		foreach( $wgContLang->getNamespaces() as $ns => $name ) {
-			if( $ns >= NS_MAIN ) {
+			if( $ns >= NS_MAIN && $wgUser->canAccessNamespace($ns)) {
 				$arr[$ns] = $name;
 			}
 		}
diff -iEbdu -r ./includes/Skin.php ./includes/Skin.php
--- ./includes/Skin.php	2006-10-14 02:06:34.000000000 +0200
+++ ./includes/Skin.php	2006-12-07 15:41:43.918198000 +0100
@@ -121,7 +121,6 @@
 		include_once( "{$wgStyleDirectory}/{$skinName}.deps.php" );
 		wfRestoreWarnings();
 		require_once( "{$wgStyleDirectory}/{$skinName}.php" );
-
 		# Check if we got if not failback to default skin
 		$className = 'Skin'.$skinName;
 		if( !class_exists( $className ) ) {
@@ -1511,11 +1510,22 @@
 	 */
 	function buildSidebar() {
 		global $parserMemc, $wgEnableSidebarCache;
-		global $wgLang, $wgContLang;
+		global $wgLang, $wgContLang, $wgUser, $wgTitle;
+		global $wgExtraNamespaces, $wgRestrictedNamespaces;
 
 		$fname = 'SkinTemplate::buildSidebar';
 
 		wfProfileIn( $fname );
+		$nsname = '';
+		if(is_object($wgTitle))
+		{
+			$nsid = $wgTitle->getNamespace();
+			if(in_array($nsid, array_keys($wgExtraNamespaces)) && 
+				in_array($nsid, array_keys($wgRestrictedNamespaces)))
+			{	
+				$nsname = $wgExtraNamespaces[$nsid].":";	
+			}
+		}
 
 		$key = wfMemcKey( 'sidebar' );
 		$cacheSidebar = $wgEnableSidebarCache &&
@@ -1550,13 +1560,28 @@
 					$href = self::makeInternalOrExternalUrl( $link );
 					$bar[$heading][] = array(
 						'text' => $text,
-						'href' => $href,
+						'href' => preg_replace('/Main_Page$/', $nsname."Main_Page", $href),
 						'id' => 'n-' . strtr($line[1], ' ', '-'),
 						'active' => false
 					);
 				} else { continue; }
 			}
 		}
+		$heading = 'your namespaces';
+ 		$lines = explode( "\n", $wgUser->getAllowedRNSes() );
+ 		if (count($lines) > 0 && $lines[0] != '') {
+ 			foreach ($lines as $line) {
+ 				$bar[$heading][] = array(
+ 					'text' => $line,
+ 					'href' => $this->makeInternalOrExternalUrl( $line . ':' . wfMsgForContent( 'mainpage' ) ),
+ 					'id' => 'n-' . strtr($line, ' ', '-'),
+ 					'active' => false
+ 				);
+ 			}
+ 		}
+
 		if ($cacheSidebar)
 			$cachednotice = $parserMemc->set( $key, $bar, 86400 );
 		wfProfileOut( $fname );
diff -iEbdu -r ./includes/SpecialAllpages.php ./includes/SpecialAllpages.php
--- ./includes/SpecialAllpages.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/SpecialAllpages.php	2006-12-07 15:21:46.970229300 +0100
@@ -10,17 +10,24 @@
  * @param $specialPage @see SpecialPage object.
  */
 function wfSpecialAllpages( $par=NULL, $specialPage ) {
-	global $wgRequest, $wgOut, $wgContLang;
+	global $wgRequest, $wgOut, $wgContLang, $wgUser;
 
 	# GET values
 	$from = $wgRequest->getVal( 'from' );
 	$namespace = $wgRequest->getInt( 'namespace' );
 
 	$namespaces = $wgContLang->getNamespaces();
+ 	if ( isset($par) ) {
+ 		foreach ($namespaces as $ns_id => $ns_name) {
+ 			if ($par == $ns_name) {
+ 				$namespace = $ns_id;
+ 			}
+ 		}
+ 	}
 
 	$indexPage = new SpecialAllpages();
 
-	if( !in_array($namespace, array_keys($namespaces)) )
+ 	if( !in_array($namespace, array_keys($namespaces)) || !$wgUser->canAccessNamespace( $namespace))
 		$namespace = 0;
 
 	$wgOut->setPagetitle( $namespace > 0 ?
@@ -28,9 +35,7 @@
 		wfMsg( 'allarticles' )
 		);
 
-	if ( isset($par) ) {
-		$indexPage->showChunk( $namespace, $par, $specialPage->including() );
-	} elseif ( isset($from) ) {
+	if ( isset($from) ) {
 		$indexPage->showChunk( $namespace, $from, $specialPage->including() );
 	} else {
 		$indexPage->showToplevel ( $namespace, $specialPage->including() );
diff -iEbdu -r ./includes/SpecialContributions.php ./includes/SpecialContributions.php
--- ./includes/SpecialContributions.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/SpecialContributions.php	2006-12-07 15:30:56.136978100 +0100
@@ -16,7 +16,14 @@
 	}
 
 	function setNamespace( $ns ) {
+		global $wgUser;
+		# If the namespace asked is restricted return
+		# to the main namespace.
+		if($wgUser->canAccessNamespace($ns)) {
 		$this->namespace = $ns;
+		}else{
+			$this->namespace = 0;
+		}
 	}
 
 	function setLimit( $limit ) {
@@ -72,15 +79,30 @@
 	}
 
 	function getNamespaceCond() {
-		if ( $this->namespace !== false )
+		global $wgUser;
+		# Include the namespace in the querry only if it's not restricted to the user.
+		if (($this->namespace !== false) && ($wgUser->canAccessNamespace($this->namespace))) {
 			return ' AND page_namespace = ' . (int)$this->namespace;
+		} else {
 		return '';
 	}
+	}
 
 	function getPreviousOffsetForPaging() {
 		list( $index, $usercond ) = $this->getUserCond();
 		$nscond = $this->getNamespaceCond();
 
+		# Exclude all namespaces that are restricted to this user
+		global $wgRestrictedNamespaces;
+		global $wgUser;
+		if( is_array( $wgRestrictedNamespaces )) {
+			foreach( $wgRestrictedNamespaces as $key => $value ) {
+				if( ! $wgUser->canAccessNamespace( $key )) {
+					$nscond .= ' AND page_namespace <>' . $key;
+				}
+			}
+		}
+
 		$use_index = $this->dbr->useIndexClause( $index );
 		extract( $this->dbr->tableNames( 'page', 'revision' ) );
 
@@ -137,6 +159,16 @@
 			$offsetQuery = "AND rev_timestamp <= '{$this->offset}'";
 
 		$nscond = $this->getNamespaceCond();
+		# Exclude all namespaces that are restricted to this user
+		global $wgRestrictedNamespaces;
+		global $wgUser;
+		if( is_array( $wgRestrictedNamespaces )) {
+			foreach( $wgRestrictedNamespaces as $key => $value ) {
+				if( ! $wgUser->canAccessNamespace( $key )) {
+					$nscond .= ' AND page_namespace <>' . $key;
+				}
+			}
+		}
 		$use_index = $this->dbr->useIndexClause( $index );
 		$sql = "SELECT
 			page_namespace,page_title,page_is_new,page_latest,
diff -iEbdu -r ./includes/SpecialLog.php ./includes/SpecialLog.php
--- ./includes/SpecialLog.php	2006-10-14 02:06:34.000000000 +0200
+++ ./includes/SpecialLog.php	2006-12-07 15:30:57.433902900 +0100
@@ -302,11 +302,42 @@
 	 * @private
 	 */
 	function logLine( $s ) {
-		global $wgLang;
+		global $wgLang, $wgUser;
+		global $wgHideLogs, $wgHidenLogs;
 		$title = Title::makeTitle( $s->log_namespace, $s->log_title );
 		$user = Title::makeTitleSafe( NS_USER, $s->user_name );
 		$time = $wgLang->timeanddate( wfTimestamp(TS_MW, $s->log_timestamp), true );
 
+ 		# Hide all logs or the log types in $wgHidenLogs.
+ 		# Block and rights are namespace independed.
+ 		if((is_array($wgHidenLogs) &&
+ 			((in_array('block', $wgHidenLogs) && $s->log_type =='block' )
+ 			||(in_array('rights', $wgHidenLogs) && $s->log_type=='rights'))
+ 			||($wgHideLogs && ($s->log_type=='block' ||$s->log_type=='rights')))){
+ 				return;
+ 		}
+ 
+ 		# Upload namespaces are public.
+ 		if(is_array($wgHidenLogs) &&
+ 			(in_array('upload', $wgHidenLogs) && $s->log_type=='upload') ||
+ 			($wgHideLogs && $s->log_type=='upload')) {
+ 				return;
+ 		}
+ 
+ 		# We hide the rest only for the restricted namespaces.
+ 		if(!$wgUser->canAccessNamespace($s->log_namespace)){
+ 			if($wgHideLogs){
+ 				return;
+ 			}
+ 			if(is_array($wgHidenLogs)){
+ 				if((in_array('protect', $wgHidenLogs) && $s->log_type=='protect')
+ 					||(in_array('delete', $wgHidenLogs) && $s->log_type=='delete')
+ 					||(in_array('move', $wgHidenLogs) && $s->log_type=='move')){
+ 						return;
+ 				}
+ 			}
+ 		}
+
 		// Enter the existence or non-existence of this page into the link cache,
 		// for faster makeLinkObj() in LogPage::actionText()
 		$linkCache =& LinkCache::singleton();
diff -iEbdu -r ./includes/SpecialPreferences.php ./includes/SpecialPreferences.php
--- ./includes/SpecialPreferences.php	2006-12-07 11:51:17.164600800 +0100
+++ ./includes/SpecialPreferences.php	2006-12-07 15:30:57.730789300 +0100
@@ -88,7 +88,7 @@
 		if ( $this->mPosted ) {
 			$namespaces = $wgContLang->getNamespaces();
 			foreach ( $namespaces as $i => $namespace ) {
-				if ( $i >= 0 ) {
+				if ( $i >= 0 && $wgUser->canAccessNamespace( $i) ) {
 					$this->mSearchNs[$i] = $request->getCheck( "wpNs$i" ) ? 1 : 0;
 				}
 			}
@@ -384,7 +384,7 @@
 
 		$namespaces = $wgContLang->getNamespaces();
 		foreach ( $namespaces as $i => $namespace ) {
-			if ( $i >= NS_MAIN ) {
+			if ( $i >= NS_MAIN && $wgUser->canAccessNamespace( $i) ) {
 				$this->mSearchNs[$i] = $wgUser->getOption( 'searchNs'.$i );
 			}
 		}
@@ -394,14 +394,14 @@
 	 * @access private
 	 */
 	function namespacesCheckboxes() {
-		global $wgContLang;
+		global $wgContLang, $wgUser;
 
 		# Determine namespace checkboxes
 		$namespaces = $wgContLang->getNamespaces();
 		$r1 = null;
 
 		foreach ( $namespaces as $i => $name ) {
-			if ($i < 0)
+			if ($i < 0 || !$wgUser->canAccessNamespace( $i) )
 				continue;
 			$checked = $this->mSearchNs[$i] ? "checked='checked'" : '';
 			$name = str_replace( '_', ' ', $namespaces[$i] );
diff -iEbdu -r ./includes/SpecialRandompage.php ./includes/SpecialRandompage.php
--- ./includes/SpecialRandompage.php	2006-10-14 02:06:36.000000000 +0200
+++ ./includes/SpecialRandompage.php	2006-12-07 15:30:59.058965300 +0100
@@ -11,12 +11,15 @@
  *               used as e.g. Special:Randompage/Category
  */
 function wfSpecialRandompage( $par = NS_MAIN ) {
-	global $wgOut, $wgExtraRandompageSQL, $wgContLang, $wgLang;
+	global $wgOut, $wgExtraRandompageSQL, $wgContLang, $wgLang, $wgUser;
 	$fname = 'wfSpecialRandompage';
 
 	# Determine namespace
 	$t = Title::newFromText ( $par . ":Dummy" ) ;
 	$namespace = $t->getNamespace () ;
+ 	if ($namespace === false || $namespace < NS_MAIN || !$wgUser->canAccessNamespace($namespace)) {
+ 		$namespace = NS_MAIN;
+ 	}
 
 	# NOTE! We use a literal constant in the SQL instead of the RAND()
 	# function because RAND() will return a different value for every row
diff -iEbdu -r ./includes/SpecialRecentchanges.php ./includes/SpecialRecentchanges.php
--- ./includes/SpecialRecentchanges.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/SpecialRecentchanges.php	2006-12-07 15:30:55.011934900 +0100
@@ -17,6 +17,7 @@
 	global $wgUser, $wgOut, $wgRequest, $wgUseRCPatrol, $wgDBtype;
 	global $wgRCShowWatchingUsers, $wgShowUpdatedMarker;
 	global $wgAllowCategorizedRecentChanges ;
+	global $wgRestrictedNamespaces, $wgHideCategoriesinRC, $wgHidenLogs, $wgHideLogs, $wgHideUtalk;
 	$fname = 'wfSpecialRecentchanges';
 
 	# Get query parameters
@@ -124,8 +125,9 @@
 
 	# Get last modified date, for client caching
 	# Don't use this if we are using the patrol feature, patrol changes don't update the timestamp
+	# Don't use it if there are hidden namespaces, as the feed must be different for the users
 	$lastmod = $dbr->selectField( 'recentchanges', 'MAX(rc_timestamp)', false, $fname );
-	if ( $feedFormat || !$wgUseRCPatrol ) {
+	if ( !is_array( $wgRestrictedNamespaces ) && ($feedFormat || !$wgUseRCPatrol) ) {
 		if( $lastmod && $wgOut->checkLastModified( $lastmod ) ){
 			# Client cache fresh and headers sent, nothing more to do.
 			return;
@@ -152,6 +154,32 @@
 		}
 	}
 
+ 	# Hide all categories if $wgHideCategoriesinRC is set
+ 	$hidem .= $wgHideCategoriesinRC ? ' AND rc_namespace <> 14':'';
+ 	# Hide all User_talk pages if $wgHideUtalk is set
+ 	$hidem .= $wgHideUtalk ? ' AND rc_namespace <> 3':'';
+ 	# Hide all logs if $wgHideRCLogs is set
+ 	$hidem .= $wgHideLogs ? ' AND rc_type <> 3':'';
+ 	# Hide all logs or the log types in $wgHidenLogs.
+ 	if(!$wgHideLogs && is_array($wgHidenLogs)){
+ 		# Block and rights are namespace independed.
+ 		$hidem .= in_array('block', $wgHidenLogs) ? ' AND rc_title <> "Log/block"':'';
+ 		$hidem .= in_array('rights', $wgHidenLogs) ? ' AND rc_title <> "Log/rights"':'';
+ 		# Hide the log types set in $wgHidenLogs
+ 		$hidem .= in_array('protect', $wgHidenLogs) ? ' AND rc_title <> "Log/protect"':'';
+ 		$hidem .= in_array('delete', $wgHidenLogs) ? ' AND rc_title <> "Log/delete"':'';
+ 		$hidem .= in_array('upload', $wgHidenLogs) ? ' AND rc_title <> "Log/upload"':'';
+ 		$hidem .= in_array('move', $wgHidenLogs) ? ' AND rc_title <> "Log/move"':'';
+ 	}
+ 	# Exclude all namespaces that are restricted to this user
+ 	if( is_array( $wgRestrictedNamespaces )) {
+ 		foreach( $wgRestrictedNamespaces as $key => $value ) {
+ 			if( ! $wgUser->canAccessNamespace( $key )) {
+ 				$hidem .= ' AND rc_namespace <>' . $key;
+ 			}
+ 		}
+ 	}
+
 	# Namespace filtering
 	$hidem .= is_null( $namespace ) ?  '' : ' AND rc_namespace' . ($invert ? '!=' : '=') . $namespace;
 
@@ -349,8 +377,13 @@
 		 * go ahead and use it even if there have been edits made
 		 * since it was rendered. This keeps a swarm of requests
 		 * from being too bad on a super-frequently edited wiki.
+		 *
+		 * Using restricted namespaces forbids caching the feed,
+		 * however, since it must be rendered according to user
+		 * rights.
 		 */
-		if( time() - wfTimestamp( TS_UNIX, $feedLastmod )
+		if( !is_array( $wgRestrictedNamespaces )
+			&& time() - wfTimestamp( TS_UNIX, $feedLastmod )
 				< $wgFeedCacheTimeout
 			|| wfTimestamp( TS_UNIX, $feedLastmod )
 				> wfTimestamp( TS_UNIX, $lastmod ) ) {
diff -iEbdu -r ./includes/SpecialRecentchangeslinked.php ./includes/SpecialRecentchangeslinked.php
--- ./includes/SpecialRecentchangeslinked.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/SpecialRecentchangeslinked.php	2006-12-07 15:22:21.173792100 +0100
@@ -67,6 +67,16 @@
 		$cmq = 'AND rc_minor=0';
 	} else { $cmq = ''; }
 
+	# Exclude all namespaces that are restricted to this user
+ 	global $wgRestrictedNamespaces;
+ 	if( is_array( $wgRestrictedNamespaces )) {
+ 		foreach( $wgRestrictedNamespaces as $key => $value ) {
+ 			if( ! $wgUser->canAccessNamespace( $key )) {
+ 				$cmq .= ' AND page_namespace <>' . $key;
+ 			}
+ 		}
+ 	}
+
 	extract( $dbr->tableNames( 'recentchanges', 'categorylinks', 'pagelinks', 'revision', 'page' , "watchlist" ) );
 
 	$uid = $wgUser->getID();
diff -iEbdu -r ./includes/SpecialUserlogin.php ./includes/SpecialUserlogin.php
--- ./includes/SpecialUserlogin.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/SpecialUserlogin.php	2006-12-07 15:30:54.574418100 +0100
@@ -475,6 +475,7 @@
 	function successfulLogin( $msg, $auto = true ) {
 		global $wgUser;
 		global $wgOut;
+		global $wgLinkWarn;
 
 		# Run any hooks; ignore results
 
@@ -484,12 +485,20 @@
 		$wgOut->setRobotpolicy( 'noindex,nofollow' );
 		$wgOut->setArticleRelated( false );
 		$wgOut->addWikiText( $msg );
+		if($wgUser->getRMainPages() != NULL) {
+ 			# We are going to put some links to restricted namespaces
+ 			# that the user has access to, so we disable the warning.
+ 			$wgLinkWarn = false;
+ 			$wgOut->addWikiText(wfMsg('RNSlist')."<br>".str_replace( '_', ' ',$wgUser->getRMainPages()));
+ 			$wgOut->returnToMain(false);
+		} else {
 		if ( !empty( $this->mReturnTo ) ) {
 			$wgOut->returnToMain( $auto, $this->mReturnTo );
 		} else {
 			$wgOut->returnToMain( $auto );
 		}
 	}
+	}
 
 	/** */
 	function userNotPrivilegedMessage() {
diff -iEbdu -r ./includes/SpecialWantedpages.php ./includes/SpecialWantedpages.php
--- ./includes/SpecialWantedpages.php	2006-10-14 02:06:36.000000000 +0200
+++ ./includes/SpecialWantedpages.php	2006-12-07 15:30:58.871458100 +0100
@@ -67,10 +67,15 @@
 
 
 	function formatResult( $skin, $result ) {
-		global $wgLang;
+		global $wgLang, $wgUser;
 
 		$title = Title::makeTitleSafe( $result->namespace, $result->title );
 
+		# Don't show wanted pages in restricted namespaces
+ 		if( !$wgUser->canAccessNamespace( $title->getNamespace() ) ) {
+ 			return "";
+ 		}
+
 		if( $this->isCached() ) {
 			# Check existence; which is stored in the link cache
 			if( !$title->exists() ) {
diff -iEbdu -r ./includes/SpecialWhatlinkshere.php ./includes/SpecialWhatlinkshere.php
--- ./includes/SpecialWhatlinkshere.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/SpecialWhatlinkshere.php	2006-12-07 15:30:54.761925300 +0100
@@ -73,7 +73,7 @@
 	 * @private
 	 */
 	function showIndirectLinks( $level, $target, $limit, $from = 0, $dir = 'next' ) {
-		global $wgOut;
+		global $wgOut, $wgUser;
 		$fname = 'WhatLinksHerePage::showIndirectLinks';
 
 		$dbr =& wfGetDB( DB_READ );
@@ -199,6 +199,11 @@
 
 		$wgOut->addHTML( '<ul>' );
 		foreach ( $rows as $row ) {
+			#If the linking page is located in a secured namespace, skip it.
+ 			if(!$wgUser->canAccessNamespace($row->page_namespace)) {
+ 				continue;
+ 			}
+
 			$nt = Title::makeTitle( $row->page_namespace, $row->page_title );
 
 			if ( $row->page_is_redirect ) {
diff -iEbdu -r ./includes/Title.php ./includes/Title.php
--- ./includes/Title.php	2006-10-14 02:06:34.000000000 +0200
+++ ./includes/Title.php	2006-12-07 17:06:26.249622900 +0100
@@ -1026,6 +1026,10 @@
 			wfProfileOut( $fname );
 			return false;
 		}
+		if( !$wgUser->canAccessNamespace( $this->mNamespace )) {
+ 			wfProfileOut( $fname );
+ 			return false;
+ 		}
 		// XXX: This is the code that prevents unprotecting a page in NS_MEDIAWIKI
 		// from taking effect -ævar
 		if( NS_MEDIAWIKI == $this->mNamespace &&
@@ -1133,7 +1137,7 @@
 			return $result;
 		}
 
-		if( $wgUser->isAllowed('read') ) {
+		if( $wgUser->isAllowed('read', $this) ) {
 			return true;
 		} else {
 			global $wgWhitelistRead;
@@ -1147,18 +1151,19 @@
 			}
 
 			/** some pages are explicitly allowed */
+			if( is_array( $wgWhitelistRead )) {
 			$name = $this->getPrefixedText();
-			if( $wgWhitelistRead && in_array( $name, $wgWhitelistRead ) ) {
+ 				if( in_array( $name, $wgWhitelistRead ) ) {
 				return true;
 			}
-
 			# Compatibility with old settings
-			if( $wgWhitelistRead && $this->getNamespace() == NS_MAIN ) {
+ 				if( $this->getNamespace() == NS_MAIN ) {
 				if( in_array( ':' . $name, $wgWhitelistRead ) ) {
 					return true;
 				}
 			}
 		}
+		}
 		return false;
 	}
 
diff -iEbdu -r ./includes/User.php ./includes/User.php
--- ./includes/User.php	2006-10-14 02:06:32.000000000 +0200
+++ ./includes/User.php	2006-12-07 15:30:54.011896500 +0100
@@ -871,6 +871,7 @@
 			}
 
 			$effectiveGroups = array_merge( $implicitGroups, $this->mGroups );
+
 			$this->mRights = $this->getGroupPermissions( $effectiveGroups );
 		}
 
@@ -1348,16 +1349,155 @@
 	 * @param string $action Action to be checked
 	 * @return boolean True: action is allowed, False: action should not be allowed
 	 */
-	function isAllowed($action='') {
+	function isAllowed($action='', $title=NULL) {
+		global $wgRestrictedNamespaces, $wgReadOnlyNSes;
 		if ( $action === '' )
 			// In the spirit of DWIM
 			return true;
 
 		$this->loadFromDatabase();
+		if( $title == NULL ) {
+			global $wgTitle;
+			$title = $wgTitle;
+		}
+		$ns = $title->getNamespace();
+
+		// If user wants to read a page, that page is in a read only namespace
+		// and the user has the 'roread' right, allow him to read it. If it has
+		// the 'roedit' right allow him to edit it.
+		if( is_array($wgReadOnlyNSes)) {
+			if( $action == 'read' && in_array($ns, $wgReadOnlyNSes) &&
+				in_array('roread', $this->mRights) && !$this->isBlocked() ) {
+					return true;
+			}
+			if( $action == 'edit' && !$title->isProtected() &&
+				in_array($ns, $wgReadOnlyNSes) && in_array('roedit', $this->mRights) && !$this->isBlocked()) {
+					return true;
+			}
+		}
+
+		// Prevent access to restricted namespaces if the user does not have all
+		// required rights.
+		if( !$this->canAccessNamespace($ns) ) {
+			return false;
+		}
+
+		// If we are in user's page, allow him to do everything...
+		if ( $action == 'edit' && ($ns == NS_USER_TALK || $ns == NS_USER) &&
+			$title->getText() == $this->getName() && !$this->isBlocked() && !$title->isProtected() ) {
+				return true;
+		}
+
+		if ( $action == 'protect' && ($ns == NS_USER_TALK || $ns == NS_USER) &&
+			$title->getText() == $this->getName() && !$this->isBlocked() ){
+				return true;
+		}
+
+		// If user wants to edit a talk page and has the talk right, allow him to do so...
+		if( $title->isTalkPage() && $action == 'edit' && in_array('talk', $this->mRights) &&
+			!$this->isBlocked() && !$title->isProtected() ){
+				return true;
+		}
+
+		// If user wants to leave a mesage on another's user talk page and that page is unprotected, allow him to do so...
+		if( $action == 'edit' && $ns == NS_USER_TALK && !$this->isBlocked() && !$title->isProtected() ){
+			return true;
+		}
+
+		// If user has the sedit right, allow him to edit pages in the restricted namespaces
+		// he has access.
+		if( is_array($wgRestrictedNamespaces) && array_key_exists($ns, $wgRestrictedNamespaces)
+				&& $this->canAccessNamespace($ns) && !$this->isBlocked() ){
+			if( $action == 'edit' && in_array('sedit', $this->mRights) && !$title->isProtected() ) {
+				return true;
+			}
+
+			// If user has the sprotect right, allow him to edit pages in the  in the restricted namespaces
+			// he has access.
+			if(($action == 'protect' || $action == 'unprotect') && in_array('sprotect', $this->mRights)) {
+				return true;
+			}
+
+			// If user has the sdelete right, allow him to edit pages in the  in the restricted namespaces
+			// he has access.
+			if( !$title->isProtected() && ($action == 'delete' || $action == 'undelete') &&
+				(in_array('sdelete', $this->mRights)) ) {
+					return true;
+			}
+		}
+
+		//If the user wants to delete or undelete a page and it's blocked don't allow him to do so.
+		if( ($action == 'delete' || $action == 'undelete') && ($title->isProtected() || $this->isBlocked()) ){
+			return false;
+		}
+
+		//If the user wants to protect or unprotect a page and it's blocked don't allow him to do so.
+		if( ($action == 'protect' || $action == 'unprotect') && $this->isBlocked() ){
+			return false;
+		}
+		
 		return in_array( $action , $this->mRights );
 	}
 
 	/**
+	 * Check if user is allowed to access a given namespace
+	 * @param string $namespace ID of the namespace that needs to be checked.
+	 * @return boolean True: access is allowed, False: access is denied
+	 */
+	function canAccessNamespace( $namespace='' ) {
+		global $wgRestrictedNamespaces;
+		$this->loadFromDatabase();
+		if( is_array( $wgRestrictedNamespaces )) {
+			if( array_key_exists( $namespace, $wgRestrictedNamespaces ) ) {
+				if( in_array($wgRestrictedNamespaces[$namespace], $this->mRights)){
+					return true;
+				}
+				return false;
+			}
+		}
+		return true;
+	}
+
+	/**
+	 * Get the restricted namespaces the user has access to (talk namespaces not included).
+	 * @return string with the namespace names seperated by the "\n" character/
+	 */
+	function getAllowedRNSes() {
+		global $wgRestrictedNamespaces;
+		$this->loadFromDatabase();
+		$names = NULL;
+		if( is_array( $wgRestrictedNamespaces ) ) {
+			foreach ($wgRestrictedNamespaces as $nsid => $ugroup) {
+				#if( $this->canAccessNamespace($nsid) && !($nsid %2) ) { #huh!?!? what the hell is the mod 2 about?
+				if( $this->canAccessNamespace($nsid) ) {
+					$names .= Namespace::getCanonicalName($nsid)."\n";
+				}
+			}
+		}
+		return $names;
+	}
+
+	/**
+	 * Get the main page title of each restricted namespace (talk namespaces not included)
+	 * the user has access to.
+	 * @return string: The titles seperated by the  "\n" character.
+	 */
+	function getRMainPages() {
+		global $wgRestrictedNamespaces;
+		$titles = NULL;
+		if( is_array( $wgRestrictedNamespaces ) ) {
+			$namespaces = $this->getAllowedRNSes();
+			$nsarray = explode("\n",$namespaces);
+			foreach ($nsarray as $index => $nsname) {
+				if($nsname != ""){
+					$titles .= "[[".$nsname.":".wfMsgForContent( 'mainpage' )."|".$nsname."]]"."<br/>\n";
+				}
+			}
+		}
+		return $titles;
+	}
+
+	/**
 	 * Load a skin if it doesn't exist or return it
 	 * @todo FIXME : need to check the old failback system [AV]
 	 */
@@ -1370,7 +1510,8 @@
 			# get the user skin
 			$userSkin = $this->getOption( 'skin' );
 			$userSkin = $wgRequest->getVal('useskin', $userSkin);
-
+			ini_set('display_errors', true);
+			ini_set('error_reporting', 2047);
 			$this->mSkin =& Skin::newFromKey( $userSkin );
 			wfProfileOut( $fname );
 		}
diff -iEbdu -r ./includes/Wiki.php ./includes/Wiki.php
--- ./includes/Wiki.php	2006-10-14 02:06:34.000000000 +0200
+++ ./includes/Wiki.php	2006-12-07 15:30:56.855755700 +0100
@@ -331,7 +331,6 @@
 			/* No such action; this will switch to the default case */
 			$action = 'nosuchaction';
 		}
-
 		switch( $action ) {
 			case 'view':
 				$output->setSquidMaxage( $this->getVal( 'SquidMaxage' ) );
diff -iEbdu -r ./languages/messages/MessagesEn.php ./languages/messages/MessagesEn.php
--- ./languages/messages/MessagesEn.php	2006-10-14 02:07:00.000000000 +0200
+++ ./languages/messages/MessagesEn.php	2006-12-07 15:30:59.512107700 +0100
@@ -1589,6 +1589,7 @@
 # Namespace form on various pages
 'namespace' => 'Namespace:',
 'invert' => 'Invert selection',
+'RNSlist' => 'Available Namespaces',
 
 # Contributions
 #
diff -iEbdu -r ./skins/CologneBlue.php ./skins/CologneBlue.php
--- ./skins/CologneBlue.php	2006-10-14 02:06:12.000000000 +0200
+++ ./skins/CologneBlue.php	2006-12-07 15:20:32.734904100 +0100
@@ -183,41 +183,43 @@
 		$s .= $this->menuHead( "qbfind" );
 		$s .= $this->searchForm();
 
-		$s .= $this->menuHead( "qbbrowse" );
+		#$s .= $this->menuHead( "qbbrowse" );
 
-		# Use the first heading from the Monobook sidebar as the "browse" section
+		# Use the first two headings from the Monobook sidebar as the "browse" section
 		$bar = $this->buildSidebar();
-		$browseLinks = reset( $bar );
-
+		foreach($bar as $sectionTitle => $browseLinks)
+		{
+			$s .= $this->menuHeadText($sectionTitle);	
 		foreach ( $browseLinks as $link ) {
 			if ( $link['text'] != '-' ) {
 				$s .= "<a href=\"{$link['href']}\">" .
 					htmlspecialchars( $link['text'] ) . '</a>' . $sep;
 			}
 		}
+		}
 
 		if ( $wgOut->isArticle() ) {
-			$s .= $this->menuHead( "qbedit" );
-			$s .= "<strong>" . $this->editThisPage() . "</strong>";
-
-			$s .= $sep . $this->makeKnownLink( wfMsgForContent( "edithelppage" ), wfMsg( "edithelp" ) );
-
-			if( $wgUser->isLoggedIn() ) {
-				$s .= $sep . $this->moveThisPage();
-			}
-			if ( $wgUser->isAllowed('delete') ) {
-				$dtp = $this->deleteThisPage();
-				if ( "" != $dtp ) {
-					$s .= $sep . $dtp;
-				}
-			}
-			if ( $wgUser->isAllowed('protect') ) {
-				$ptp = $this->protectThisPage();
-				if ( "" != $ptp ) {
-					$s .= $sep . $ptp;
-				}
-			}
-			$s .= $sep;
+#			$s .= $this->menuHead( "qbedit" );
+#			$s .= "<strong>" . $this->editThisPage() . "</strong>";
+#
+#			$s .= $sep . $this->makeKnownLink( wfMsgForContent( "edithelppage" ), wfMsg( "edithelp" ) );
+#
+#			if( $wgUser->isLoggedIn() ) {
+#				$s .= $sep . $this->moveThisPage();
+#			}
+#			if ( $wgUser->isAllowed('delete') ) {
+#				$dtp = $this->deleteThisPage();
+#				if ( "" != $dtp ) {
+#					$s .= $sep . $dtp;
+#				}
+#			}
+#			if ( $wgUser->isAllowed('protect') ) {
+#				$ptp = $this->protectThisPage();
+#				if ( "" != $ptp ) {
+#					$s .= $sep . $ptp;
+#				}
+#			}
+#			$s .= $sep;
 
 			$s .= $this->menuHead( "qbpageoptions" );
 			$s .= $this->talkLink()
@@ -295,6 +297,12 @@
 		return $s;
 	}
 
+	function menuHeadText( $text )
+	{
+		$s = "\n<h6>" . $text . "</h6>";
+		return $s;
+	}
+
 	function searchForm( $label = "" )
 	{
 		global $wgRequest;