4 files changed, 55 insertions, 4 deletions

diff --git a/lib/bulk_imports/common/pipelines/lfs_objects_pipeline.rb b/lib/bulk_imports/common/pipelines/lfs_objects_pipeline.rb
index 2e6a29f4738..68bd64dc2ff 100644
--- a/lib/bulk_imports/common/pipelines/lfs_objects_pipeline.rb
+++ b/lib/bulk_imports/common/pipelines/lfs_objects_pipeline.rb
@@ -18,8 +18,8 @@ module BulkImports
 
         # rubocop: disable CodeReuse/ActiveRecord
         def load(_context, file_path)
-          Gitlab::Utils.check_path_traversal!(file_path)
-          Gitlab::Utils.check_allowed_absolute_path!(file_path, [Dir.tmpdir])
+          Gitlab::PathTraversal.check_path_traversal!(file_path)
+          Gitlab::PathTraversal.check_allowed_absolute_path!(file_path, [Dir.tmpdir])
 
           return if tar_filepath?(file_path)
           return if lfs_json_filepath?(file_path)
diff --git a/lib/bulk_imports/common/pipelines/members_pipeline.rb b/lib/bulk_imports/common/pipelines/members_pipeline.rb
index f35eb5ccf5e..548b191dc25 100644
--- a/lib/bulk_imports/common/pipelines/members_pipeline.rb
+++ b/lib/bulk_imports/common/pipelines/members_pipeline.rb
@@ -7,7 +7,7 @@ module BulkImports
         include Pipeline
 
         transformer Common::Transformers::ProhibitedAttributesTransformer
-        transformer BulkImports::Groups::Transformers::MemberAttributesTransformer
+        transformer Common::Transformers::MemberAttributesTransformer
 
         def extract(context)
           graphql_extractor.extract(context)
diff --git a/lib/bulk_imports/common/pipelines/uploads_pipeline.rb b/lib/bulk_imports/common/pipelines/uploads_pipeline.rb
index a1b338aeb9f..06132791ea6 100644
--- a/lib/bulk_imports/common/pipelines/uploads_pipeline.rb
+++ b/lib/bulk_imports/common/pipelines/uploads_pipeline.rb
@@ -22,7 +22,7 @@ module BulkImports
 
         def load(context, file_path)
           # Validate that the path is OK to load
-          Gitlab::Utils.check_allowed_absolute_path_and_path_traversal!(file_path, [Dir.tmpdir])
+          Gitlab::PathTraversal.check_allowed_absolute_path_and_path_traversal!(file_path, [Dir.tmpdir])
           return if File.directory?(file_path)
           return if File.lstat(file_path).symlink?
 
diff --git a/lib/bulk_imports/common/transformers/member_attributes_transformer.rb b/lib/bulk_imports/common/transformers/member_attributes_transformer.rb
new file mode 100644
index 00000000000..382e6a51a73
--- /dev/null
+++ b/lib/bulk_imports/common/transformers/member_attributes_transformer.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module BulkImports
+  module Common
+    module Transformers
+      class MemberAttributesTransformer
+        def transform(context, data)
+          user = find_user(data&.dig('user', 'public_email'))
+          access_level = data&.dig('access_level', 'integer_value')
+
+          return unless data
+          return unless user
+          return unless valid_access_level?(access_level)
+
+          cache_source_user_id(data, user, context)
+
+          {
+            user_id: user.id,
+            access_level: access_level,
+            created_at: data['created_at'],
+            updated_at: data['updated_at'],
+            expires_at: data['expires_at'],
+            created_by_id: context.current_user.id
+          }
+        end
+
+        private
+
+        def find_user(email)
+          return unless email
+
+          User.find_by_any_email(email, confirmed: true)
+        end
+
+        def valid_access_level?(access_level)
+          Gitlab::Access.options_with_owner.value?(access_level)
+        end
+
+        def cache_source_user_id(data, user, context)
+          gid = data&.dig('user', 'user_gid')
+
+          return unless gid
+
+          source_user_id = GlobalID.parse(gid).model_id
+
+          ::BulkImports::UsersMapper.new(context: context).cache_source_user_id(source_user_id, user.id)
+        end
+      end
+    end
+  end
+end