FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page

app/controllers/users_controller.rb

@@ -30,6 +30,7 @@ class UsersController < ApplicationController
     user_serializer = UserSerializer.new(@user, scope: guardian, root: 'user')
     respond_to do |format|
       format.html do
+        @restrict_fields = guardian.restrict_user_fields?(@user)
         store_preloaded("user_#{@user.username}", MultiJson.dump(user_serializer))
       end
 

app/serializers/user_serializer.rb

@@ -23,7 +23,7 @@ class UserSerializer < BasicUserSerializer
     attrs.each do |attr|
       method_name = "include_#{attr}?"
       define_method(method_name) do
-        return false if object.trust_level == TrustLevel[0] && scope.anonymous?
+        return false if scope.restrict_user_fields?(object)
         send(attr).present?
       end
     end

app/views/users/show.html.erb

@@ -1,9 +1,17 @@
 <h2><%= @user.username %></h2>
 
+<% unless @restrict_fields %>
 <p><%= raw @user.user_profile.bio_processed %></p>
-
-<% content_for :head do %>
-  <%= crawlable_meta_data(title: @user.username, description: @user.user_profile.bio_summary, image: @user.small_avatar_url) %>
 <% end %>
 
-<% content_for :title do %><%=t("js.user.profile")%> - <%= @user.username %><% end %>
+<% content_for :head do %>
+  <% if @restrict_fields %>
+    <%= crawlable_meta_data(title: @user.username, image: @user.small_avatar_url) %>
+  <% else %>
+    <%= crawlable_meta_data(title: @user.username, description: @user.user_profile.bio_summary, image: @user.small_avatar_url) %>
+  <% end %>
+<% end %>
+
+<% content_for :title do %>
+  <%= t("js.user.profile")%> - <%= @user.username %>
+<% end %>

lib/guardian/user_guardian.rb

@@ -51,4 +51,8 @@ module UserGuardian
     is_admin? || (is_staff? && SiteSetting.show_email_on_profile)
   end
 
+  def restrict_user_fields?(user)
+    user.trust_level == TrustLevel[0] && anonymous?
+  end
+
 end