1 files changed, 69 insertions, 0 deletions
diff --git a/spec/lib/gitlab/import_export/attributes_permitter_spec.rb b/spec/lib/gitlab/import_export/attributes_permitter_spec.rb
index 0c1b1cd74bf..36a831a785c 100644
--- a/spec/lib/gitlab/import_export/attributes_permitter_spec.rb
+++ b/spec/lib/gitlab/import_export/attributes_permitter_spec.rb
@@ -74,4 +74,73 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
       expect(subject.permitted_attributes_for(:labels)).to contain_exactly(:title, :description, :type, :priorities)
     end
   end
+
+  describe '#permitted_attributes_defined?' do
+    using RSpec::Parameterized::TableSyntax
+
+    let(:attributes_permitter) { described_class.new }
+
+    where(:relation_name, :permitted_attributes_defined) do
+      :user                   | false
+      :author                 | false
+      :ci_cd_settings         | false
+      :issuable_sla           | false
+      :push_rule              | false
+      :metrics_setting        | true
+      :project_badges         | true
+      :pipeline_schedules     | true
+      :error_tracking_setting | true
+      :auto_devops            | true
+    end
+
+    with_them do
+      it { expect(attributes_permitter.permitted_attributes_defined?(relation_name)).to eq(permitted_attributes_defined) }
+    end
+  end
+
+  describe 'included_attributes for Project' do
+    let(:prohibited_attributes) { %i[remote_url my_attributes my_ids token my_id test] }
+
+    subject { described_class.new }
+
+    Gitlab::ImportExport::Config.new.to_h[:included_attributes].each do |relation_sym, permitted_attributes|
+      context "for #{relation_sym}" do
+        let(:import_export_config) { Gitlab::ImportExport::Config.new.to_h }
+        let(:project_relation_factory) { Gitlab::ImportExport::Project::RelationFactory }
+
+        let(:relation_hash) { (permitted_attributes + prohibited_attributes).map(&:to_s).zip([]).to_h }
+        let(:relation_name) { project_relation_factory.overrides[relation_sym]&.to_sym || relation_sym }
+        let(:relation_class) { project_relation_factory.relation_class(relation_name) }
+        let(:excluded_keys) { import_export_config.dig(:excluded_keys, relation_sym) || [] }
+
+        let(:cleaned_hash) do
+          Gitlab::ImportExport::AttributeCleaner.new(
+            relation_hash: relation_hash,
+            relation_class: relation_class,
+            excluded_keys: excluded_keys
+          ).clean
+        end
+
+        let(:permitted_hash) { subject.permit(relation_sym, relation_hash) }
+
+        if described_class.new.permitted_attributes_defined?(relation_sym)
+          it 'contains only attributes that are defined as permitted in the import/export config' do
+            expect(permitted_hash.keys).to contain_exactly(*permitted_attributes.map(&:to_s))
+          end
+
+          it 'does not contain attributes that would be cleaned with AttributeCleaner' do
+            expect(cleaned_hash.keys).to include(*permitted_hash.keys)
+          end
+
+          it 'does not contain prohibited attributes that are not related to given relation' do
+            expect(permitted_hash.keys).not_to include(*prohibited_attributes.map(&:to_s))
+          end
+        else
+          it 'is disabled' do
+            expect(subject).not_to be_permitted_attributes_defined(relation_sym)
+          end
+        end
+      end
+    end
+  end
 end