Is there any way to retrieve groups for member with option:directOnly=false using Admin SDK?

Question

Provisioning API provided "directOnly" parameter to control range of groups when retrieving gropus that user belongs to. I supposed to migrate Admin SDK from Provisioning API, but I didn't find way to retrive groups for user with directOnly=false. How do I do it using Directory API?

I implemented following(pseudo language) because I couldn't find way to do. But I think this is not efficient way. I want to know is there any plan for "directOnly=false".

// 1. List all groups in domain
allGroupsInDomain = ... // "List all groups in domain"
// 2. List all members for each groups
allMembersForGroup = {}
for (group in allGroupsInDomain) {
    allMembersForGroup[group] = ... // "List all members for group"
}

// 3. List all users in domain
allUsersInDomain = "List all users in domain"
// 4. List all groups for user(direct only)
allGroupsForUser = {} // I want to get this for all users
for (user in allUsersInDomain) {
    directGroupsForUser = ... // "List all groups for user(direct only)"
    for (group in directGroupsForUser) {
        allGroupsForUser[user].add(group);
        allGroupsForUser[user].add(searchAncestorsOf(group));
    }
}

// 5. Calculate all groups for user contains not directly group using results of (1,2,3,4)
function searchAncestorsOf(group) {
    ancestors = []
    for (group_ in allGroupsInDomain) {
        if (group_.hasMember(group)) {
            ancestors.add(group_);
            ancestors.add(searchAncestorsOf(group_));
        }
    }
    return ancestors;
}

• https://developers.google.com/google-apps/provisioning/#retrieving_all_groups_for_a_member
• https://developers.google.com/admin-sdk/directory/v1/reference/groups/list

Answer 1

There is no single API call method to get a user's direct and indirect group memberships currently available with Admin SDK. The quickest method I can think of for a few users would be:

1. Get all direct membership groups for a user with members.list and the userKey parameter.

2. For each group the user is a direct member of, determine if that group is a member of other groups again by using members.list with the userKey being each group this time instead of the user. If the group is a member of another group, then the user would be an indirect member of the given group.