From: Victor Vasiliev <vasilievvv@users.mediawiki.org>
Date: Wed, 31 Dec 2008 17:25:47 +0000 (+0000)
Subject: * (bug 674) Allow users to be blocked from editing a specific article
X-Git-Tag: 1.31.0-rc.0~43674
X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=commitdiff_plain;h=1f67478d1fb7742d32793667bceffa5b592935b2;p=lhc%2Fweb%2Fwiklou.git

* (bug 674) Allow users to be blocked from editing a specific article
** Also supports blocking user from editing whole namespace
** Fixed most issues which were found before
---

diff --git a/includes/Article.php b/includes/Article.php
index b0bf080da4..8c9366b871 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2435,7 +2435,12 @@ class Article {
 		);
 
 		# Delete restrictions for it
-		$dbw->delete( 'page_restrictions', array ( 'pr_page' => $id ), __METHOD__ );
+		$dbw->delete( 'page_restrictions', array( 'pr_page' => $id ), __METHOD__ );
+		$dbw->delete( 'user_restrictions',
+			array(
+				'ur_page_namespace' => $this->mTitle->getNamespace(),
+				'ur_page_title' => $this->mTitle->getDBKey()
+			), __METHOD__ );
 
 		# Now that it's safely backed up, delete it
 		$dbw->delete( 'page', array( 'page_id' => $id ), __METHOD__);
diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php
index 0860002a7b..82ebc5dc6e 100644
--- a/includes/AutoLoader.php
+++ b/includes/AutoLoader.php
@@ -201,6 +201,8 @@ $wgAutoloadLocalClasses = array(
 	'UserArray' => 'includes/UserArray.php',
 	'UserArrayFromResult' => 'includes/UserArray.php',
 	'UserMailer' => 'includes/UserMailer.php',
+	'UserRestriction' => 'includes/UserRestriction.php',
+	'UserRestrictionsPager' => 'includes/specials/SpecialListUserRestrictions.php',
 	'UserRightsProxy' => 'includes/UserRightsProxy.php',
 	'WatchedItem' => 'includes/WatchedItem.php',
 	'WatchlistEditor' => 'includes/WatchlistEditor.php',
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index d55269986a..844ae4528c 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1232,6 +1232,7 @@ $wgGroupPermissions['sysop']['markbotedits']     = true;
 $wgGroupPermissions['sysop']['apihighlimits']    = true;
 $wgGroupPermissions['sysop']['browsearchive']    = true;
 $wgGroupPermissions['sysop']['noratelimit']      = true;
+$wgGroupPermissions['sysop']['restrict']         = true;
 $wgGroupPermissions['sysop']['movefile']         = true;
 #$wgGroupPermissions['sysop']['mergehistory']     = true;
 
@@ -2798,6 +2799,7 @@ $wgLogTypes = array( '',
 	'patrol',
 	'merge',
 	'suppress',
+	'restrict',
 );
 
 /**
@@ -2853,6 +2855,7 @@ $wgLogNames = array(
 	'patrol'  => 'patrol-log-page',
 	'merge'   => 'mergelog',
 	'suppress' => 'suppressionlog',
+	'restrict' => 'restrictionlog',
 );
 
 /**
@@ -2874,6 +2877,7 @@ $wgLogHeaders = array(
 	'patrol'  => 'patrol-log-header',
 	'merge'   => 'mergelogpagetext',
 	'suppress' => 'suppressionlogtext',
+	'restrict' => 'restrictionlogtext',
 );
 
 /**
@@ -2913,6 +2917,8 @@ $wgLogActions = array(
 	'suppress/delete'   => 'suppressedarticle',
 	'suppress/block'	=> 'blocklogentry',
 	'suppress/reblock'  => 'reblock-logentry',
+	'restrict/restrict' => 'restrictentry',
+	'restrict/remove'   => 'restrictremoveentry',
 );
 
 /**
@@ -2984,6 +2990,8 @@ $wgSpecialPageGroups = array(
 	'Preferences'               => 'users',
 	'Resetpass'                 => 'users',
 	'DeletedContributions'      => 'users',
+	'ListUserRestrictions'      => 'users',
+	'RestrictUser'              => 'users',
 
 	'Mostlinked'                => 'highuse',
 	'Mostlinkedcategories'      => 'highuse',
diff --git a/includes/LogPage.php b/includes/LogPage.php
index 50a9a23264..5003576d7a 100644
--- a/includes/LogPage.php
+++ b/includes/LogPage.php
@@ -193,6 +193,19 @@ class LogPage {
 					} else {
 						$rv = wfMsgForContent( $wgLogActions[$key], $titleLink );
 					}
+				} elseif( $type == 'restrict' ) {
+					if( $params[0] == UserRestriction::PAGE )
+						$subj = wfMsgExt( 'restrictlogpage', 'parseinline', $params[1] );
+					if( $params[0] == UserRestriction::NAMESPACE )
+						$subj = wfMsgExt( 'restrictlognamespace', 'parseinline', $wgLang->getDisplayNsText( $params[1] ) );
+					$expiry = '';
+					if( $key == 'restrict/restrict' )
+						$expiry = $wgLang->translateBlockExpiry( $params[2] );
+					if ( $skin ) {
+						$rv = wfMsg( $wgLogActions[$key], $titleLink, $subj, $expiry );
+					} else {
+						$rv = wfMsgForContent( $wgLogActions[$key], $titleLink, $subj, $expiry );
+					}
 				} else {
 					$details = '';
 					array_unshift( $params, $titleLink );
@@ -264,6 +277,7 @@ class LogPage {
 				}
 				break;
 			case 'rights':
+			case 'restrict':
 				$text = $wgContLang->ucfirst( $title->getText() );
 				$titleLink = $skin->makeLinkObj( Title::makeTitle( NS_USER, $text ) );
 				break;
diff --git a/includes/SpecialPage.php b/includes/SpecialPage.php
index 1a53c83cca..51c7c8f889 100644
--- a/includes/SpecialPage.php
+++ b/includes/SpecialPage.php
@@ -129,6 +129,9 @@ class SpecialPage
 		'Allpages'                  => 'SpecialAllpages',
 		'Prefixindex'               => 'SpecialPrefixindex',
 		'Ipblocklist'               => array( 'SpecialPage', 'Ipblocklist' ),
+		'ListUserRestrictions'      => array( 'SpecialPage', 'ListUserRestrictions' ),
+		'RemoveRestrictions'        => array( 'UnlistedSpecialPage', 'RemoveRestrictions', 'restrict' ),
+		'RestrictUser'              => array( 'SpecialPage', 'RestrictUser', 'restrict' ),
 		'Specialpages'              => array( 'UnlistedSpecialPage', 'Specialpages' ),
 		'Contributions'             => 'SpecialContributions',
 		'Emailuser'                 => array( 'UnlistedSpecialPage', 'Emailuser' ),
diff --git a/includes/Title.php b/includes/Title.php
index bc042210c0..593b11c42d 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -1009,9 +1009,7 @@ class Title {
 		}
 		$errors = $this->getUserPermissionsErrorsInternal( $action, $user, $doExpensiveQueries );
 
-		global $wgContLang;
-		global $wgLang;
-		global $wgEmailConfirmToEdit;
+		global $wgContLang, $wgLang, $wgEmailConfirmToEdit;
 
 		if ( $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount' ) {
 			$errors[] = array( 'confirmedittext' );
@@ -1043,20 +1041,7 @@ class Title {
 			$blockTimestamp = $wgLang->timeanddate( wfTimestamp( TS_MW, $user->mBlock->mTimestamp ), true );
 
 			if ( $blockExpiry == 'infinity' ) {
-				// Entry in database (table ipblocks) is 'infinity' but 'ipboptions' uses 'infinite' or 'indefinite'
-				$scBlockExpiryOptions = wfMsg( 'ipboptions' );
-
-				foreach ( explode( ',', $scBlockExpiryOptions ) as $option ) {
-					if ( strpos( $option, ':' ) == false )
-						continue;
-
-					list ($show, $value) = explode( ":", $option );
-
-					if ( $value == 'infinite' || $value == 'indefinite' ) {
-						$blockExpiry = $show;
-						break;
-					}
-				}
+				$blockExpiry = wfMsg( 'ipbinfinite' );
 			} else {
 				$blockExpiry = $wgLang->timeanddate( wfTimestamp( TS_MW, $blockExpiry ), true );
 			}
@@ -1066,9 +1051,9 @@ class Title {
 			$errors[] = array( ($block->mAuto ? 'autoblockedtext' : 'blockedtext'), $link, $reason, $ip, $name, 
 				$blockid, $blockExpiry, $intended, $blockTimestamp );
 		}
-		
+
 		// Remove the errors being ignored.
-		
+
 		foreach( $errors as $index => $error ) {
 			$error_key = is_array($error) ? $error[0] : $error;
 			
@@ -1091,6 +1076,8 @@ class Title {
 	 * @return \type{\array} Array of arrays of the arguments to wfMsg to explain permissions problems.
 	 */
 	private function getUserPermissionsErrorsInternal( $action, $user, $doExpensiveQueries = true ) {
+		global $wgLang;
+
 		wfProfileIn( __METHOD__ );
 
 		$errors = array();
@@ -1262,6 +1249,34 @@ class Title {
 			$errors[] = $return;
 		}
 
+		// Check per-user restrictions
+		if( $doExpensiveQueries && $action != 'read' ) {
+			$rs = UserRestriction::fetchForTitle( $user, $this );
+			if( !$rs )
+				$rs = UserRestriction::fetchForNamespace( $user, $this->getNamespace() );
+			if( $rs ) {
+				$r = $rs[0];
+				if( !$r->deleteIfExpired() ) {
+					$error = array(); 
+					$start = array( $wgLang->date( $r->getTimestamp() ), $wgLang->time( $r->getTimestamp() ) );
+					if( $r->isPage() )
+						$error = array( 'userrestricted-page', $this->getFullText(),
+							$r->getBlockerText(), $r->getReason(), $start[0], $start[1] );
+					elseif( $r->isNamespace() )
+						$error = array( 'userrestricted-namespace', $wgLang->getDisplayNsText( $this->getNamespace() ),
+							$r->getBlockerText(), $r->getReason(), $start[0], $start[1] );
+
+					if( $r->getExpiry() == 'infinity' ) {
+						$error[0] .= '-indef';
+					} else {
+						$error[] = $wgLang->date( $r->getExpiry() );
+						$error[] = $wgLang->time( $r->getExpiry() );
+					}
+					$errors[] = $error;
+				}
+			}
+		}
+
 		wfProfileOut( __METHOD__ );
 		return $errors;
 	}
@@ -2558,6 +2573,12 @@ class Title {
 			$log->addEntry( 'move_prot', $nt, $comment, array($this->getPrefixedText()) ); // FIXME: $params?
 		}
 
+		# Update user restrictions
+		$dbw->update( 'user_restrictions',
+			array( 'ur_page_namespace' => $nt->getNamespace(), 'ur_page_title' => $nt->getDBKey() ),
+			array( 'ur_page_namespace' => $this->getNamespace(), 'ur_page_title' => $this->getDBKey() ),
+			__METHOD__ );
+
 		# Update watchlists
 		$oldnamespace = $this->getNamespace() & ~1;
 		$newnamespace = $nt->getNamespace() & ~1;
diff --git a/includes/User.php b/includes/User.php
index 4f36d14138..d73836d526 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -151,7 +151,7 @@ class User {
 		'markbotedits',
 		'minoredit',
 		'move',
-		'movepage',
+		'movefile',
 		'move-rootuserpages',
 		'move-subpages',
 		'nominornewtalk',
@@ -161,6 +161,7 @@ class User {
 		'proxyunbannable',
 		'purge',
 		'read',
+		'restrict',
 		'reupload',
 		'reupload-shared',
 		'rollback',
diff --git a/includes/UserRestriction.php b/includes/UserRestriction.php
new file mode 100644
index 0000000000..05152cce36
--- /dev/null
+++ b/includes/UserRestriction.php
@@ -0,0 +1,189 @@
+<?php
+
+/**
+ * Object that represents a user restriction
+ */
+class UserRestriction {
+	const PAGE = 'page';
+	const NAMESPACE = 'namespace';
+
+	private $mId, $mType, $mNamespace, $mPage, $mSubjectText, $mSubjectId,
+		$mBlockerId, $mBlockerText, $mReason, $mTimestamp, $mExpiry;
+
+	public static function newFromRow( $row ) {
+		if( !$row )
+			return null;
+
+		$obj = new UserRestriction();
+		$obj->mId = $row->ur_id;
+		$obj->mType = $row->ur_type;
+		if( $obj->mType == self::PAGE ) {
+			$obj->mPage = Title::makeTitle( $row->ur_page_namespace, $row->ur_page_title );
+		} elseif( $obj->mType == self::NAMESPACE ) {
+			$obj->mNamespace = $row->ur_namespace;
+		} else {
+			throw new MWException( "Unknown user restriction type: {$row->ur_type}" );
+		}
+
+		$obj->mSubjectId = $row->ur_user;
+		$obj->mSubjectText = $row->ur_user_text;
+		$obj->mBlockerId = $row->ur_by;
+		$obj->mBlockerText = $row->ur_by_text;
+		$obj->mReason = $row->ur_reason;
+		$obj->mTimestamp = wfTimestamp( TS_MW, $row->ur_timestamp );
+		$obj->mExpiry = $row->ur_expiry;
+		return $obj;
+	}
+
+	public static function fetchForUser( $user, $forWrite = false ) {
+		$dbr = wfGetDB( $forWrite ? DB_MASTER : DB_SLAVE );
+		if( is_int( $user ) )
+			$query = array( 'ur_user' => $user );
+		else
+			$query = array( 'ur_user_text' => $user );
+		$res = $dbr->select( 'user_restrictions', '*', $query, __METHOD__ );
+		$result = array();
+		foreach( $res as $row ) {
+			$result[] = self::newFromRow( $row );
+		}
+		return $result;
+	}
+
+	public static function fetchForTitle( $user, $title ) {
+		$dbr = wfGetDB( DB_SLAVE );
+		if( $user->isLoggedIn() )
+			$query = array( 'ur_user' => $user->getId() );
+		else
+			$query = array( 'ur_user_text' => $user->getName() );
+		$query['ur_page_namespace'] = $title->getNamespace();
+		$query['ur_page_title'] = $title->getDBKey();
+		$res = $dbr->select( 'user_restrictions', '*', $query, __METHOD__ );
+		$result = array();
+		foreach( $res as $row ) {
+			$result[] = self::newFromRow( $row );
+		}
+		return $result;
+	}
+
+	public static function fetchForNamespace( $user, $ns ) {
+		$dbr = wfGetDB( DB_SLAVE );
+		if( $user->isLoggedIn() )
+			$query = array( 'ur_user' => $user->getId() );
+		else
+			$query = array( 'ur_user_text' => $user->getName() );
+		$query['ur_namespace'] = $ns;
+		$res = $dbr->select( 'user_restrictions', '*', $query, __METHOD__ );
+		$result = array();
+		foreach( $res as $row ) {
+			$result[] = self::newFromRow( $row );
+		}
+		return $result;
+	}
+
+	public static function newFromId( $id, $forWrite = false ) {
+		$dbr = wfGetDB( $forWrite ? DB_MASTER : DB_SLAVE );
+		if( !$id || !is_numeric( $id ) )
+			return null;
+		$res = $dbr->selectRow( 'user_restrictions', '*', array( 'ur_id' => $id ), __METHOD__ );
+		return self::newFromRow( $res );
+	}
+
+	public function getId() { return $this->mId; }
+	public function setId( $v ) { $this->mId = $v; }
+	public function getType() { return $this->mType; }
+	public function setType( $v ) { $this->mType = $v; }
+	public function getNamespace() { return $this->mNamespace; }
+	public function setNamespace( $v ) { $this->mNamespace = $v; }
+	public function getPage() { return $this->mPage; }
+	public function setPage( $v ) { $this->mPage = $v; }
+	public function getSubjectId() { return $this->mSubjectId; }
+	public function setSubjectId( $v ) { $this->mSubjectId = $v; }
+	public function getSubjectText() { return $this->mSubjectText; }
+	public function setSubjectText( $v ) { $this->mSubjectText = $v; }
+	public function getBlockerId() { return $this->mBlockerId; }
+	public function setBlockerId( $v ) { $this->mBlockerId = $v; }
+	public function getBlockerText() { return $this->mBlockerText; }
+	public function setBlockerText( $v ) { $this->mBlockerText = $v; }
+	public function getReason() { return $this->mReason; }
+	public function setReason( $v ) { $this->mReason = $v; }
+	public function getTimestamp() { return $this->mTimestamp; }
+	public function setTimestamp( $v ) { $this->mTimestamp = $v; }
+	public function getExpiry() { return $this->mExpiry; }
+	public function setExpiry( $v ) { $this->mExpiry = $v; }
+
+	public function isPage() {
+		return $this->mType == self::PAGE;
+	}
+	public function isNamespace() {
+		return $this->mType == self::NAMESPACE;
+	}
+
+	public function isExpired() {
+		return is_numeric( $this->mExpiry ) && $this->mExpiry < wfTimestampNow( TS_MW );
+	}
+
+	public function deleteIfExpired() {
+		if( $this->isExpired() ) {
+			$this->delete();
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	public function delete() {
+		$dbw = wfGetDB( DB_MASTER );
+		$dbw->delete( 'user_restrictions', array( 'ur_id' => $this->mId ), __METHOD__ );
+		return $dbw->affectedRows();
+	}
+
+	public static function purgeExpired() {
+		$dbw = wfGetDB( DB_MASTER );
+		$dbw->delete( 'user_restrictions', array( 'ur_expiry < ' . $dbw->addQuotes( $dbw->timestamp() ) ), __METHOD__ );
+	}
+
+	public function commit() {
+		$dbw = wfGetDB( DB_MASTER );
+		$this->setId( $dbw->nextSequenceValue('user_restrictions_ur_id_val') );
+		$row = array(
+			'ur_id' => $this->mId,
+			'ur_type' => $this->mType,
+			'ur_user' => $this->mSubjectId,
+			'ur_user_text' => $this->mSubjectText,
+			'ur_by' => $this->mBlockerId,
+			'ur_by_text' => $this->mBlockerText,
+			'ur_reason' => $this->mReason,
+			'ur_timestamp' => $dbw->timestamp( $this->mTimestamp ),
+			'ur_expiry' => $this->mExpiry,
+		);
+		if( $this->isPage() ) {
+			$row['ur_page_namespace'] = $this->mPage->getNamespace();
+			$row['ur_page_title'] = $this->mPage->getDbKey();
+		}
+		if( $this->isNamespace() ) {
+			$row['ur_namespace'] = $this->mNamespace;
+		}
+		$dbw->insert( 'user_restrictions', $row, __METHOD__ );
+	}
+
+	public static function formatType( $type ) {
+		return wfMsg( 'userrestrictiontype-' . $type );
+	}
+
+	/**
+	 * Converts expiry which user input to the internal representation.
+	 * Returns false if invalid expiry is set, Block::infinity() on empty value,
+	 * Block::infinity() on infinity or 14-symbol timestamp
+	 */
+	public static function convertExpiry( $expiry ) {
+		if( !$expiry )
+			return Block::infinity();
+		if( in_array( $expiry, array( 'infinite', 'infinity', 'indefinite' ) ) )
+			return Block::infinity();
+		$unix = @strtotime( $expiry );
+		if( !$unix || $unix === -1 )
+			return false;
+		else
+			return wfTimestamp( TS_MW, $unix );
+	}
+}
diff --git a/includes/specials/SpecialListUserRestrictions.php b/includes/specials/SpecialListUserRestrictions.php
index 27b2429822..86aef62571 100644
--- a/includes/specials/SpecialListUserRestrictions.php
+++ b/includes/specials/SpecialListUserRestrictions.php
@@ -134,7 +134,7 @@ class UserRestrictionsPager extends ReverseChronologicalPager {
 		$subjlink = $sk->userLink( $r->getSubjectId(), $r->getSubjectText() ) .
 			$sk->userToolLinks( $r->getSubjectId(), $r->getSubjectText() );
 		$expiry = is_numeric( $r->getExpiry() ) ?
-			wfMsg( 'listuserrestrictions-row-expiry', $wgLang->timeanddate( $r->getExpiry() ) ) :
+			wfMsg( 'listuserrestrictions-row-expiry', $wgLang->date( $r->getExpiry() ), $wgLang->time( $r->getExpiry() ) ) :
 			wfMsg( 'ipbinfinite' );
 		$msg = '';
 		if( $r->isNamespace() ) {
diff --git a/includes/specials/SpecialRemoveRestrictions.php b/includes/specials/SpecialRemoveRestrictions.php
index ded6cbe3d7..5ad21ddb9b 100644
--- a/includes/specials/SpecialRemoveRestrictions.php
+++ b/includes/specials/SpecialRemoveRestrictions.php
@@ -56,5 +56,7 @@ function wfSpecialRemoveRestrictionsProcess( $r ) {
 	if( $r->isNamespace() )
 		$params[] = $r->getNamespace();
 	$log->addEntry( 'remove', Title::makeTitle( NS_USER, $r->getSubjectText() ), $reason, $params );
+	$userObj = User::newFromName( $r->getSubjectText(), false );
+	$userObj->invalidateCache();
 	return $result;
 }
diff --git a/includes/specials/SpecialRestrictUser.php b/includes/specials/SpecialRestrictUser.php
index 761e0cd6e1..6c3a82abb8 100644
--- a/includes/specials/SpecialRestrictUser.php
+++ b/includes/specials/SpecialRestrictUser.php
@@ -2,6 +2,8 @@
 
 function wfSpecialRestrictUser( $par = null ) {
 	global $wgOut, $wgRequest;
+	$wgOut->addHTML( wfMsgExt( 'restrictuser-description', 'parse' ) );
+
 	$user = $userOrig = null;
 	if( $par ) {
 		$userOrig = $par;
@@ -48,8 +50,6 @@ class RestrictUserForm {
 	}
 
 	public static function existingRestrictions( $restrictions ) {
-		//TODO: autoload?
-		require_once( dirname( __FILE__ ) . '/SpecialListUserRestrictions.php' );
 		$s  = Xml::fieldset( wfMsg( 'restrictuser-existing' ) ) . '<ul>';
 		foreach( $restrictions as $r )
 			$s .= UserRestrictionsPager::formatRestriction( $r );
@@ -126,6 +126,7 @@ class RestrictUserForm {
 		$l = new LogPage( 'restrict' );
 		$l->addEntry( 'restrict', Title::makeTitle( NS_USER, $user ), $r->getReason(),
 			array( $r->getType(), $r->getPage()->getFullText(), $logExpiry) );
+		self::invalidateCache( $user );
 	}
 
 	public static function namespaceRestrictionForm( $uid, $user, $oldRestrictions ) {
@@ -136,13 +137,13 @@ class RestrictUserForm {
 			$wgUser->matchEditToken( $wgRequest->getVal( 'edittoken' ) ) ) {
 				$ns = $wgRequest->getVal( 'namespace' );
 				if( $wgContLang->getNsText( $ns ) === false )
-					$error = wfMsgExt( 'restrictuser-badnamespace', 'parseinline' );
+					$error = array( 'restrictuser-badnamespace' );
 				elseif( UserRestriction::convertExpiry( $wgRequest->getVal( 'expiry' ) ) === false )
-					$error = wfMsgExt( 'restrictuser-badexpiry', 'parseinline', $wgRequest->getVal( 'expiry' ) );
+					$error = array( 'restrictuser-badexpiry', $wgRequest->getVal( 'expiry' ) );
 				else 
 					foreach( $oldRestrictions as $r )
 						if( $r->isNamespace() && $r->getNamespace() == $ns )
-							$error = wfMsgExt( 'restrictuser-dupnamespace', 'parse' );
+							$error = array( 'restrictuser-dupnamespace' );
 				if( !$error ) {
 					self::doNamespaceRestriction( $uid, $user );
 					$success = array('restrictuser-success', $user);
@@ -185,5 +186,11 @@ class RestrictUserForm {
 		$l = new LogPage( 'restrict' );
 		$l->addEntry( 'restrict', Title::makeTitle( NS_USER, $user ), $r->getReason(),
 			array( $r->getType(), $r->getNamespace(), $logExpiry ) );
+		self::invalidateCache( $user );
+	}
+
+	private static function invalidateCache( $user ) {
+		$userObj = User::newFromName( $user, false );
+		$userObj->invalidateCache();
 	}
 }
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 204fdfee99..07a843f948 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -431,6 +431,9 @@ $specialPageAliases = array(
 	'LinkSearch'                => array( 'LinkSearch' ),
 	'DeletedContributions'      => array( 'DeletedContributions' ),
 	'Interwiki'                 => array( 'Interwiki' ),
+	'ListUserRestrictions'      => array( 'ListUserRestrictions' ),
+	'RemoveRestrictions'        => array( 'RemoveRestrictions' ),
+	'RestrictUser'              => array( 'RestrictUser' ),
 );
 
 /**
@@ -1196,6 +1199,38 @@ It appears to have been deleted.',
 'edit-no-change'                   => 'Your edit was ignored, because no change was made to the text.',
 'edit-already-exists'              => 'Could not create a new page.
 It already exists.',
+'userrestricted-page'              => '<big>\'\'\'Your user name or IP address has been restricted from editing page "$1".\'\'\'</big>
+
+The restriction was put by [[User:$2|$2]].
+The reason given is \'\'$3\'\'.
+
+Restriction was put on $4 at $5 and expires on $6 at $7.
+
+You can contact [[User:$2|$2]] or another [[{{MediaWiki:Grouppage-sysop}}|administrator]] to discuss the restriction.',
+'userrestricted-namespace'         => "<big>'''Your user name or IP address has been restricted from editing $1 namespace.'''</big>
+
+The restriction was put by [[User:$2|$2]].
+The reason given is ''$3''.
+
+Restriction was put on $4 at $5 and expires on $6 at $7.
+
+You can contact [[User:$2|$2]] or another [[{{MediaWiki:Grouppage-sysop}}|administrator]] to discuss the restriction.",
+'userrestricted-page-indef'        => '<big>\'\'\'Your user name or IP address has been restricted from editing page "$1".\'\'\'</big>
+
+The restriction was put by [[User:$2|$2]].
+The reason given is \'\'$3\'\'.
+
+Restriction was put on $4 at $5 and will not expire.
+
+You can contact [[User:$2|$2]] or another [[{{MediaWiki:Grouppage-sysop}}|administrator]] to discuss the restriction.',
+'userrestricted-namespace-indef'   => "<big>'''Your user name or IP address has been restricted from editing $1 namespace.'''</big>
+
+The restriction was put by [[User:$2|$2]].
+The reason given is ''$3''.
+
+Restriction was put on $4 at $5 and will not expire.
+
+You can contact [[User:$2|$2]] or another [[{{MediaWiki:Grouppage-sysop}}|administrator]] to discuss the restriction.",
 
 # Parser/template warnings
 'expensive-parserfunction-warning'        => 'Warning: This page contains too many expensive parser function calls.
@@ -2604,6 +2639,7 @@ Fill in a specific reason below (for example, citing particular pages that were
 'ipbsubmit'                       => 'Block this user',
 'ipbother'                        => 'Other time:',
 'ipboptions'                      => '2 hours:2 hours,1 day:1 day,3 days:3 days,1 week:1 week,2 weeks:2 weeks,1 month:1 month,3 months:3 months,6 months:6 months,1 year:1 year,infinite:infinite', # display1:time1,display2:time2,...
+'ipbinfinite'                     => 'infinite',
 'ipbotheroption'                  => 'other',
 'ipbotherreason'                  => 'Other/additional reason:',
 'ipbhidename'                     => 'Hide username from the block log, active block list and user list',
@@ -2686,6 +2722,72 @@ Please contact your Internet service provider or tech support and inform them of
 You cannot create an account',
 'cant-block-while-blocked'        => 'You cannot block other users while you are blocked.',
 
+# Special:ListUserRestrictions
+'listuserrestrictions'            => 'List of user restrictions',
+'listuserrestrictions-intro'      => 'This list contains all restrictions from editing certain pages and namespaces put on users.
+[[Special:Ipblocklist|Blocks]] are not listed here.',
+'listuserrestrictions-row-ns'     => 'restricted $1 from editing $2 namespace ($3)',
+'listuserrestrictions-row-page'   => 'restricted $1 from editing $2 ($3)',
+'listuserrestrictions-row-expiry' => 'expires on $1 at $2',
+'listuserrestrictions-legend'     => 'Find a restriction',
+'listuserrestrictions-type'       => 'Type:',
+'listuserrestrictions-user'       => 'User:',
+'listuserrestrictions-namespace'  => 'Namespace:',
+'listuserrestrictions-page'       => 'Page:',
+'listuserrestrictions-submit'     => 'Go',
+'listuserrestrictions-notfound'   => 'There is no restriction that matches specified criteria.',
+'listuserrestrictions-empty'      => 'This list is empty.',
+'listuserrestrictions-remove'     => 'remove',
+'userrestrictiontype-none'        => '(none)',
+'userrestrictiontype-namespace'   => 'Namespace',
+'userrestrictiontype-page'        => 'Page',
+
+# Special:RemoveRestrictions
+'removerestrictions'           => 'Remove restriction from a user',
+'removerestrictions-intro'     => 'Use the form below to remove a restriction from a certain user.',
+'removerestrictions-noid'      => 'No restriction ID was specified.',
+'removerestrictions-wrongid'   => 'Restriction with that ID not found.
+Most probably someone has removed it or it expired.',
+'removerestrictions-legend'    => 'Remove a restriction',
+'removerestrictions-user'      => 'Restricted user:',
+'removerestrictions-type'      => 'Restriction type:',
+'removerestrictions-page'      => 'Page:',
+'removerestrictions-namespace' => 'Namespace:',
+'removerestrictions-reason'    => 'Reason:',
+'removerestrictions-submit'    => 'Remove the restriction',
+'removerestrictions-success'   => 'Successfully removed the restriction from [[User:$1|$1]].',
+
+# Restrict user
+'restrictuser'                  => 'Restrict user',
+'restrictuser-userselect'       => 'Select a user',
+'restrictuser-user'             => 'User:',
+'restrictuser-go'               => 'Restrict user',
+'restrictuser-notfound'         => 'User not found',
+'restrictuser-existing'         => 'Existing restrictions',
+'restrictuser-legend-page'      => 'Restrict from editing certain page',
+'restrictuser-legend-namespace' => 'Restrict from editing certain namespace',
+'restrictuser-title'            => 'Page to restrict:',
+'restrictuser-namespace'        => 'Namespace:',
+'restrictuser-expiry'           => 'Expires:',
+'restrictuser-reason'           => 'Reason:',
+'restrictuser-submit'           => 'Restrict user',
+'restrictuser-badtitle'         => 'Invalid title specified: $1.',
+'restrictuser-badnamespace'     => 'Invalid namespace specified.',
+'restrictuser-badexpiry'        => 'Invalid expiry specified: $1.',
+'restrictuser-duptitle'         => 'User is already restricted from editing this title.',
+'restrictuser-dupnamespace'     => 'User is already restricted from editing this namespace.',
+'restrictuser-success'          => 'Successfully restricted user $1.',
+'restrictuser-description'      => 'Use the form below to block write access to a specific page or namespace from a specific IP address or username.
+This should be done only in accordance with policy. Fill in a specific reason below.',
+
+# Special:Log/restrict
+'restrictionlog'       => 'User restriction log',
+'restrictionlogtext'   => 'This log contains all restrictions put on users by administrators.',
+'restrictentry'        => 'restricted $1 from editing $2 (expiry set to $3)',
+'restrictremoveentry'  => 'removed restriction from $1 for editing $2',
+'restrictlognamespace' => '$1 namespace',
+'restrictlogpage'      => '[[$1]]', # do not translate or duplicate this message to other languages
+
 # Developer tools
 'lockdb'              => 'Lock database',
 'unlockdb'            => 'Unlock database',
diff --git a/maintenance/archives/patch-user_restrictions.sql b/maintenance/archives/patch-user_restrictions.sql
new file mode 100644
index 0000000000..c631bb7d17
--- /dev/null
+++ b/maintenance/archives/patch-user_restrictions.sql
@@ -0,0 +1,42 @@
+-- Allows admins to block user from editing certain namespaces or pages
+
+CREATE TABLE /*$wgDBprefix*/user_restrictions (
+	-- ID of the restriction
+	ur_id int NOT NULL auto_increment,
+
+	-- Restriction type. Block from either editing namespace or page
+	ur_type varbinary(255) NOT NULL,
+	-- Namespace to restrict if ur_type = namespace
+	ur_namespace int default NULL,
+	-- Page to restrict if ur_type = page
+	ur_page_namespace int default NULL,
+	ur_page_title varchar(255) binary default '',
+
+	-- User that is restricted
+	ur_user int unsigned NOT NULL,
+	ur_user_text tinyblob NOT NULL,
+
+	-- User who has done this restriction
+	ur_by int unsigned NOT NULL,
+	ur_by_text varchar(255) binary NOT NULL default '',
+	-- Reason for this restriction
+	ur_reason tinyblob NOT NULL,
+
+	-- Time when this restriction was made
+	ur_timestamp varbinary(14) NOT NULL default '',
+	-- Expiry or "infinity"
+	ur_expiry varbinary(14) NOT NULL default '',
+
+	PRIMARY KEY ur_id (ur_id),
+	-- For looking up restrictions for user and title
+	INDEX ur_user (ur_user,ur_user_text(255)),
+	INDEX ur_user_page(ur_user,ur_page_namespace,ur_page_title(255)),
+	INDEX ur_user_namespace(ur_user,ur_namespace),
+	-- For Special:ListUserRestrictions
+	INDEX ur_type (ur_type(255),ur_timestamp),
+	INDEX ur_namespace (ur_namespace,ur_timestamp),
+	INDEX ur_page (ur_page_namespace,ur_page_title,ur_timestamp),
+	INDEX ur_timestamp (ur_timestamp),
+	-- For quick removal of expired restrictions
+	INDEX ur_expiry (ur_expiry)
+) /*$wgDBTableOptions*/;
diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 610c20c30d..cde93e9457 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -569,6 +569,10 @@ $wgMessageStructure = array(
 		'edit-conflict',
 		'edit-no-change',
 		'edit-already-exists',
+		'userrestricted-page',
+		'userrestricted-namespace',
+		'userrestricted-page-indef',
+		'userrestricted-namespace-indef',
 	),
 	'parserwarnings' => array(
 		'expensive-parserfunction-warning',
@@ -1804,6 +1808,7 @@ $wgMessageStructure = array(
 		'ipbsubmit',
 		'ipbother',
 		'ipboptions',
+		'ipbinfinite',
 		'ipbotheroption',
 		'ipbotherreason',
 		'ipbhidename',
@@ -1877,6 +1882,69 @@ $wgMessageStructure = array(
 		'sorbs_create_account_reason',
 		'cant-block-while-blocked',
 	),
+	'listuserrestrictions' => array(
+		'listuserrestrictions',
+		'listuserrestrictions-intro',
+		'listuserrestrictions-row-ns',
+		'listuserrestrictions-row-page',
+		'listuserrestrictions-row-expiry',
+		'listuserrestrictions-legend',
+		'listuserrestrictions-type',
+		'listuserrestrictions-user',
+		'listuserrestrictions-namespace',
+		'listuserrestrictions-page',
+		'listuserrestrictions-submit',
+		'listuserrestrictions-notfound',
+		'listuserrestrictions-empty',
+		'listuserrestrictions-remove',
+		'userrestrictiontype-none',
+		'userrestrictiontype-namespace',
+		'userrestrictiontype-page',
+	),
+	'removerestrictions' => array(
+		'removerestrictions',
+		'removerestrictions-intro',
+		'removerestrictions-noid',
+		'removerestrictions-wrongid',
+		'removerestrictions-legend',
+		'removerestrictions-user',
+		'removerestrictions-type',
+		'removerestrictions-page',
+		'removerestrictions-namespace',
+		'removerestrictions-reason',
+		'removerestrictions-submit',
+		'removerestrictions-success',
+	),
+	'restrictuser' => array(
+		'restrictuser',
+		'restrictuser-userselect',
+		'restrictuser-user',
+		'restrictuser-go',
+		'restrictuser-notfound',
+		'restrictuser-existing',
+		'restrictuser-legend-page',
+		'restrictuser-legend-namespace',
+		'restrictuser-title',
+		'restrictuser-namespace',
+		'restrictuser-expiry',
+		'restrictuser-reason',
+		'restrictuser-submit',
+		'restrictuser-badtitle',
+		'restrictuser-badnamespace',
+		'restrictuser-badexpiry',
+		'restrictuser-duptitle',
+		'restrictuser-dupnamespace',
+		'restrictuser-success',
+		'restrictuser-description',
+	),
+	'restrictlog' => array(
+		'restrictionlog',
+		'restrictionlogtext',
+		'restrictentry',
+		'restrictremoveentry',
+		'restrictlognamespace',
+		'restrictlogpage',
+	),
 	'developertools' => array(
 		'lockdb',
 		'unlockdb',
@@ -3005,6 +3073,10 @@ XHTML id names.",
 	'sp-contributions'    => '',
 	'whatlinkshere'       => 'What links here',
 	'block'               => 'Block/unblock',
+	'listuserrestrictions' => 'Special:ListUserRestrictions',
+	'removerestrictions'  => 'Special:RemoveRestrictions',
+	'restrictuser'        => 'Restrict user',
+	'restrictlog'         => 'Special:Log/restrict',
 	'developertools'      => 'Developer tools',
 	'movepage'            => 'Move page',
 	'export'              => 'Export',
diff --git a/maintenance/parserTests.inc b/maintenance/parserTests.inc
index 7971e64e8b..06c1c8a93d 100644
--- a/maintenance/parserTests.inc
+++ b/maintenance/parserTests.inc
@@ -593,7 +593,7 @@ class ParserTest {
 			'site_stats', 'hitcounter',	'ipblocks', 'image', 'oldimage',
 			'recentchanges', 'watchlist', 'math', 'interwiki',
 			'querycache', 'objectcache', 'job', 'redirect', 'querycachetwo',
-			'archive', 'user_groups', 'page_props', 'category'
+			'archive', 'user_groups', 'page_props', 'category', 'user_restrictions',
 		);
 
 		if ($wgDBtype === 'mysql') 
diff --git a/maintenance/tables.sql b/maintenance/tables.sql
index 28f496ebc4..dcfa35a722 100644
--- a/maintenance/tables.sql
+++ b/maintenance/tables.sql
@@ -1243,4 +1243,47 @@ CREATE TABLE /*$wgDBprefix*/updatelog (
   PRIMARY KEY (ul_key)
 ) /*$wgDBTableOptions*/;
 
+-- Allows admins to block user from editing certain namespaces or pages
+CREATE TABLE /*$wgDBprefix*/user_restrictions (
+	-- ID of the restriction
+	ur_id int NOT NULL auto_increment,
+
+	-- Restriction type. Block from either editing namespace or page
+	ur_type varbinary(255) NOT NULL,
+	-- Namespace to restrict if ur_type = namespace
+	ur_namespace int default NULL,
+	-- Page to restrict if ur_type = page
+	ur_page_namespace int default NULL,
+	ur_page_title varchar(255) binary default '',
+
+	-- User that is restricted
+	ur_user int unsigned NOT NULL,
+	ur_user_text tinyblob NOT NULL,
+
+	-- User who has done this restriction
+	ur_by int unsigned NOT NULL,
+	ur_by_text varchar(255) binary NOT NULL default '',
+	-- Reason for this restriction
+	ur_reason tinyblob NOT NULL,
+
+	-- Time when this restriction was made
+	ur_timestamp varbinary(14) NOT NULL default '',
+	-- Expiry or "infinity"
+	ur_expiry varbinary(14) NOT NULL default '',
+
+	PRIMARY KEY ur_id (ur_id),
+	-- For looking up restrictions for user and title
+	INDEX ur_user (ur_user,ur_user_text(255)),
+	INDEX ur_user_page(ur_user,ur_page_namespace,ur_page_title(255)),
+	INDEX ur_user_namespace(ur_user,ur_namespace),
+	-- For Special:ListUserRestrictions
+	INDEX ur_type (ur_type(255),ur_timestamp),
+	INDEX ur_namespace (ur_namespace,ur_timestamp),
+	INDEX ur_page (ur_page_namespace,ur_page_title,ur_timestamp),
+	INDEX ur_timestamp (ur_timestamp),
+	-- For quick removal of expired restrictions
+	INDEX ur_expiry (ur_expiry)
+) /*$wgDBTableOptions*/;
+
+
 -- vim: sw=2 sts=2 et
diff --git a/maintenance/updaters.inc b/maintenance/updaters.inc
index a49c875797..5f72f8fb40 100644
--- a/maintenance/updaters.inc
+++ b/maintenance/updaters.inc
@@ -145,9 +145,10 @@ $wgMysqlUpdates = array(
 	array( 'update_password_format' ),
 	
 	// 1.14
-	array( 'add_field', 'site_stats',     'ss_active_users',  'patch-ss_active_users.sql' ),
+	array( 'add_field', 'site_stats',     'ss_active_users',   'patch-ss_active_users.sql' ),
 	array( 'do_active_users_init' ),
-	array( 'add_field', 'ipblocks',     'ipb_allow_usertalk',  'patch-ipb_allow_usertalk.sql' )
+	array( 'add_field', 'ipblocks',     'ipb_allow_usertalk',  'patch-ipb_allow_usertalk.sql' ),
+	array( 'add_table', 'user_restrictions',                   'patch-user_restrictions.sql' ),
 );