do not map usersat all unless admin

lib/gitlab/import_export/members_mapper.rb

@@ -4,7 +4,7 @@ module Gitlab
       attr_reader :missing_author_ids
       def initialize(exported_members:, user:, project:)
-        @exported_members = exported_members
+        @exported_members = user.admin? ? exported_members : []
         @user = user
         @project = project
         @missing_author_ids = []
@@ -64,7 +64,7 @@ module Gitlab
       end
       def find_project_user_query(member)
-        user_arel[:username].eq(member['user']['username']).or(user_arel[:email].eq(member['user']['email']))
+        user_arel[:email].eq(member['user']['email']).or(user_arel[:username].eq(member['user']['username']))
       end
       def user_arel

spec/lib/gitlab/import_export/members_mapper_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 describe Gitlab::ImportExport::MembersMapper, services: true do
   describe 'map members' do
-    let(:user) { create(:user, authorized_projects_populated: true) }
+    let(:user) { create(:admin, authorized_projects_populated: true) }
     let(:project) { create(:project, :public, name: 'searchable_project') }
     let(:user2) { create(:user, authorized_projects_populated: true) }
     let(:exported_user_id) { 99 }
@@ -74,5 +74,16 @@ describe Gitlab::ImportExport::MembersMapper, services: true do
       expect(user.authorized_project?(project)).to be true
       expect(user2.authorized_project?(project)).to be true
     end
+
+    context 'user is not admin' do
+      let(:user) { create(:user, authorized_projects_populated: true) }
+      it 'does not map a project member' do
+        expect(members_mapper.map[exported_user_id]).to eq(user.id)
+      end
+
+      it 'defaults to importer project member if it does not exist' do
+        expect(members_mapper.map[-1]).to eq(user.id)
+      end
+    end
   end
 end