From 07211489f08f2c9168ab031f296d4b4300091aee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Thu, 27 Nov 2014 19:51:13 +0100
Subject: [PATCH] FIX: hide restricted profile info from TL0 users to anonymous
 in 'JS-off' page

---
 app/controllers/users_controller.rb |  1 +
 app/serializers/user_serializer.rb  |  2 +-
 app/views/users/show.html.erb       | 16 ++++++++++++----
 lib/guardian/user_guardian.rb       |  4 ++++
 4 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f74d5064126..6295f0b21ac 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -30,6 +30,7 @@ class UsersController < ApplicationController
     user_serializer = UserSerializer.new(@user, scope: guardian, root: 'user')
     respond_to do |format|
       format.html do
+        @restrict_fields = guardian.restrict_user_fields?(@user)
         store_preloaded("user_#{@user.username}", MultiJson.dump(user_serializer))
       end
 
diff --git a/app/serializers/user_serializer.rb b/app/serializers/user_serializer.rb
index 4f6d18f4c4b..1313db0b76b 100644
--- a/app/serializers/user_serializer.rb
+++ b/app/serializers/user_serializer.rb
@@ -23,7 +23,7 @@ class UserSerializer < BasicUserSerializer
     attrs.each do |attr|
       method_name = "include_#{attr}?"
       define_method(method_name) do
-        return false if object.trust_level == TrustLevel[0] && scope.anonymous?
+        return false if scope.restrict_user_fields?(object)
         send(attr).present?
       end
     end
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 4c58b90cde8..8dfa390743e 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -1,9 +1,17 @@
 <h2><%= @user.username %></h2>
 
+<% unless @restrict_fields %>
 <p><%= raw @user.user_profile.bio_processed %></p>
-
-<% content_for :head do %>
-  <%= crawlable_meta_data(title: @user.username, description: @user.user_profile.bio_summary, image: @user.small_avatar_url) %>
 <% end %>
 
-<% content_for :title do %><%=t("js.user.profile")%> - <%= @user.username %><% end %>
+<% content_for :head do %>
+  <% if @restrict_fields %>
+    <%= crawlable_meta_data(title: @user.username, image: @user.small_avatar_url) %>
+  <% else %>
+    <%= crawlable_meta_data(title: @user.username, description: @user.user_profile.bio_summary, image: @user.small_avatar_url) %>
+  <% end %>
+<% end %>
+
+<% content_for :title do %>
+  <%= t("js.user.profile")%> - <%= @user.username %>
+<% end %>
diff --git a/lib/guardian/user_guardian.rb b/lib/guardian/user_guardian.rb
index ba8689f6e1c..abcef6ab45c 100644
--- a/lib/guardian/user_guardian.rb
+++ b/lib/guardian/user_guardian.rb
@@ -51,4 +51,8 @@ module UserGuardian
     is_admin? || (is_staff? && SiteSetting.show_email_on_profile)
   end
 
+  def restrict_user_fields?(user)
+    user.trust_level == TrustLevel[0] && anonymous?
+  end
+
 end