Implement user can read user infomation

[kis87988]

After issue #4 is done, we should have another API be able to read user information. But we also need to consider PII. However, this is not goal for this issue, but we need 2 API for now

Outcome:

1. a API for admin user can see the full list of user information. (don't worry about admin user now, we will do ACL define who can use this API later
2. normal users can see user-self information

If possible, do some unit tests for it.