The xml version of the GET action for users provides all fields for a user. This should be limited to only externally-visable fields and depend on the user's privacy settings/requester's privileges --- like the HTML view will. There is a FIXME for this bug.
The xml version of the GET action for users provides all fields for a user. This should be limited to only externally-visable fields and depend on the user's privacy settings/requester's privileges --- like the HTML view will. There is a FIXME for this bug.