chore: disable auto admin mode in features

changelogs/unreleased/chore-disable-admin-mode-in-features.yml

+---
+title: 'Disable auto admin mode in features'
+merge_request: 47670
+author: Diego Louzán
+type: other

ee/spec/features/admin/admin_audit_logs_spec.rb

@@ -4,12 +4,14 @@ require 'spec_helper'
 
 RSpec.describe 'Admin::AuditLogs', :js do
   include Select2Helper
+  include AdminModeHelper
 
   let(:user) { create(:user) }
   let(:admin) { create(:admin, name: 'Bruce Wayne') }
 
   before do
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'unlicensed' do
@@ -131,6 +133,7 @@ RSpec.describe 'Admin::AuditLogs', :js do
 
         context 'when creation succeeds' do
           before do
+            enable_admin_mode!(admin)
             personal_access_token
           end
 
@@ -157,6 +160,7 @@ RSpec.describe 'Admin::AuditLogs', :js do
 
         context 'when revocation succeeds' do
           before do
+            enable_admin_mode!(admin)
             PersonalAccessTokens::RevokeService.new(admin, token: personal_access_token).execute
           end
 

ee/spec/features/admin/admin_credentials_inventory_spec.rb

@@ -6,7 +6,9 @@ RSpec.describe 'Admin::CredentialsInventory' do
   include Spec::Support::Helpers::Features::ResponsiveTableHelpers
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'unlicensed' do

ee/spec/features/admin/admin_dashboard_spec.rb

@@ -7,7 +7,9 @@ RSpec.describe 'Admin Dashboard' do
     let_it_be(:users_statistics) { create(:users_statistics) }
 
     before do
-      sign_in(create(:admin))
+      admin = create(:admin)
+      sign_in(admin)
+      gitlab_enable_admin_mode_sign_in(admin)
     end
 
     describe 'license' do

ee/spec/features/admin/admin_dev_ops_report_spec.rb

@@ -8,7 +8,9 @@ RSpec.describe 'DevOps Report page', :js do
   active_tab_selector = '.nav-link.active'
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'with devops_adoption_feature feature flag disabled' do

ee/spec/features/admin/admin_emails_spec.rb

@@ -6,7 +6,9 @@ RSpec.describe 'Admin::Emails', :clean_gitlab_redis_shared_state do
   include ExclusiveLeaseHelpers
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'when `send_emails_from_admin_area` feature is not licensed' do

ee/spec/features/admin/admin_interacts_with_push_rules_spec.rb

@@ -10,6 +10,7 @@ RSpec.describe "Admin interacts with push rules" do
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     sign_in(user)
+    gitlab_enable_admin_mode_sign_in(user)
   end
 
   push_rules_with_titles = {

ee/spec/features/admin/admin_merge_requests_approvals_spec.rb

@@ -10,10 +10,12 @@ RSpec.describe 'Admin interacts with merge requests approvals settings' do
   let_it_be(:project) { create(:project, creator: user) }
 
   before do
+    sign_in(user)
+    gitlab_enable_admin_mode_sign_in(user)
+
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     allow(License).to receive(:feature_available?).and_return(true)
 
-    sign_in(user)
     visit(admin_push_rule_path)
   end
 

ee/spec/features/admin/admin_reset_pipeline_minutes_spec.rb

@@ -7,6 +7,7 @@ RSpec.describe 'Reset namespace pipeline minutes', :js do
 
   before do
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   shared_examples 'resetting pipeline minutes' do

ee/spec/features/admin/admin_sends_notification_spec.rb

@@ -14,6 +14,7 @@ RSpec.describe "Admin sends notification", :js, :sidekiq_might_not_need_inline d
     group.add_developer(user)
 
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
 
     visit(admin_email_path)
 

ee/spec/features/admin/admin_settings_spec.rb

@@ -7,7 +7,9 @@ RSpec.describe 'Admin updates EE-only settings' do
 
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     allow(License).to receive(:feature_available?).and_return(true)
     allow(Gitlab::Elastic::Helper.default).to receive(:index_exists?).and_return(true)
   end

ee/spec/features/admin/admin_users_spec.rb

@@ -13,6 +13,7 @@ RSpec.describe "Admin::Users" do
 
   before do
     sign_in(current_user)
+    gitlab_enable_admin_mode_sign_in(current_user)
   end
 
   describe 'GET /admin/users' do

ee/spec/features/admin/geo/admin_geo_nodes_spec.rb

@@ -27,7 +27,9 @@ RSpec.describe 'admin Geo Nodes', :js, :geo do
 
   before do
     allow(Gitlab::Geo).to receive(:license_allows?).and_return(true)
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe 'index' do

ee/spec/features/admin/geo/admin_geo_projects_spec.rb

@@ -15,7 +15,9 @@ RSpec.describe 'admin Geo Projects', :js, :geo do
 
   before do
     allow(Gitlab::Geo).to receive(:license_allows?).and_return(true)
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe 'visiting geo projects initial page' do

ee/spec/features/admin/geo/admin_geo_replication_nav_spec.rb

@@ -11,6 +11,7 @@ RSpec.describe 'admin Geo Replication Nav', :js, :geo do
   before do
     stub_licensed_features(geo: true)
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     stub_secondary_node
   end
 

ee/spec/features/admin/geo/admin_geo_sidebar_spec.rb

@@ -11,6 +11,7 @@ RSpec.describe 'admin Geo Sidebar', :js, :geo do
   before do
     stub_licensed_features(geo: true)
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   shared_examples 'active sidebar link' do |link_name|

ee/spec/features/admin/geo/admin_geo_uploads_spec.rb

@@ -8,7 +8,9 @@ RSpec.describe 'admin Geo Uploads', :js, :geo do
 
   before do
     allow(Gitlab::Geo).to receive(:license_allows?).and_return(true)
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe 'visiting geo uploads initial page' do

ee/spec/features/admin/groups/admin_changes_plan_spec.rb

@@ -12,6 +12,7 @@ RSpec.describe 'Changes GL.com plan for group' do
     allow(Gitlab::CurrentSettings).to receive(:should_check_namespace_plan?) { true }
 
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe 'for group namespace' do

ee/spec/features/admin/licenses/admin_uploads_license_spec.rb

@@ -7,6 +7,7 @@ RSpec.describe "Admin uploads license", :js do
 
   before do
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'default state' do

ee/spec/features/admin/licenses/admin_views_license_spec.rb

@@ -7,6 +7,7 @@ RSpec.describe "Admin views license" do
 
   before do
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     allow_any_instance_of(Gitlab::ExpiringSubscriptionMessage).to receive(:grace_period_effective_from).and_return(Date.today - 45.days)
   end
 

ee/spec/features/admin/licenses/show_user_count_threshold_spec.rb

@@ -41,10 +41,14 @@ RSpec.describe 'Display approaching user count limit banner', :js do
 
     context 'when admin is logged in' do
       before do
-        gitlab_sign_in(admin)
+        sign_in(admin)
       end
 
       context 'in admin area' do
+        before do
+          gitlab_enable_admin_mode_sign_in(admin)
+        end
+
         let(:visit_path) { admin_root_path }
 
         it_behaves_like 'a visible banner'

ee/spec/features/ci_shared_runner_settings_spec.rb

@@ -12,6 +12,7 @@ RSpec.describe 'CI shared runner settings' do
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'without global shared runners quota' do

ee/spec/features/clusters/cluster_detail_page_spec.rb

@@ -52,6 +52,10 @@ RSpec.describe 'Clusterable > Show page' do
     let(:cluster_path) { admin_cluster_path(cluster) }
     let(:cluster) { create(:cluster, :provided_by_gcp, :instance) }
 
+    before do
+      gitlab_enable_admin_mode_sign_in(current_user)
+    end
+
     it 'shows the environments tab' do
       visit cluster_path
 

ee/spec/features/geo_node_spec.rb

@@ -42,6 +42,7 @@ RSpec.describe 'GEO Nodes', :geo do
       stub_licensed_features(geo: true)
 
       sign_in(admin_user)
+      gitlab_enable_admin_mode_sign_in(admin_user)
     end
 
     describe 'Geo Nodes admin screen' do

ee/spec/features/projects/kerberos_clone_instructions_spec.rb

@@ -5,10 +5,10 @@ RSpec.describe 'Kerberos clone instructions', :js do
   include MobileHelpers
 
   let(:project) { create(:project, :empty_repo) }
-  let(:admin) { create(:admin) }
+  let(:user) { project.owner }
 
   before do
-    sign_in(admin)
+    sign_in(user)
 
     allow(Gitlab.config.kerberos).to receive(:enabled).and_return(true)
   end

ee/spec/features/protected_branches_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 RSpec.describe 'Protected Branches', :js do
   include ProtectedBranchHelpers
 
-  let(:user) { create(:user, :admin) }
   let(:project) { create(:project, :repository) }
+  let(:user) { project.owner }
 
   before do
     stub_feature_flags(deploy_keys_on_protected_branches: false)

ee/spec/features/protected_tags_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 RSpec.describe 'Protected Tags', :js do
   include ProtectedTagHelpers
 
-  let(:user) { create(:user, :admin) }
   let(:project) { create(:project, :repository) }
+  let(:user) { project.owner }
 
   before do
     sign_in(user)

ee/spec/features/search/elastic/snippet_search_spec.rb

@@ -109,19 +109,39 @@ RSpec.describe 'Snippet elastic search', :js, :elastic, :aggregate_failures, :si
     context 'as administrator' do
       let(:current_user) { create(:admin) }
 
-      it 'finds all snippets' do
-        within('.results') do
-          expect(page).to have_content('public personal snippet')
-          expect(page).to have_content('public project snippet')
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it 'finds all snippets' do
+          within('.results') do
+            expect(page).to have_content('public personal snippet')
+            expect(page).to have_content('public project snippet')
 
-          expect(page).to have_content('internal personal snippet')
-          expect(page).to have_content('internal project snippet')
+            expect(page).to have_content('internal personal snippet')
+            expect(page).to have_content('internal project snippet')
 
-          expect(page).to have_content('private personal snippet')
-          expect(page).to have_content('private project snippet')
+            expect(page).to have_content('private personal snippet')
+            expect(page).to have_content('private project snippet')
 
-          expect(page).to have_content('authorized personal snippet')
-          expect(page).to have_content('authorized project snippet')
+            expect(page).to have_content('authorized personal snippet')
+            expect(page).to have_content('authorized project snippet')
+          end
+        end
+      end
+
+      context 'when admin mode is disabled' do
+        it 'finds only public and internal snippets' do
+          within('.results') do
+            expect(page).to have_content('public personal snippet')
+            expect(page).not_to have_content('public project snippet')
+
+            expect(page).to have_content('internal personal snippet')
+            expect(page).not_to have_content('internal project snippet')
+
+            expect(page).not_to have_content('private personal snippet')
+            expect(page).not_to have_content('private project snippet')
+
+            expect(page).not_to have_content('authorized personal snippet')
+            expect(page).not_to have_content('authorized project snippet')
+          end
         end
       end
     end

ee/spec/features/security/project/private_access_spec.rb

@@ -14,7 +14,8 @@ RSpec.describe '[EE] Private Project Access' do
 
     subject { project_insights_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:auditor) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }

spec/features/admin/admin_abuse_reports_spec.rb

@@ -7,7 +7,9 @@ RSpec.describe "Admin::AbuseReports", :js do
 
   context 'as an admin' do
     before do
-      sign_in(create(:admin))
+      admin = create(:admin)
+      sign_in(admin)
+      gitlab_enable_admin_mode_sign_in(admin)
     end
 
     describe 'if a user has been reported for abuse' do

spec/features/admin/admin_appearance_spec.rb

@@ -4,9 +4,11 @@ require 'spec_helper'
 
 RSpec.describe 'Admin Appearance' do
   let!(:appearance) { create(:appearance) }
+  let(:admin) { create(:admin) }
 
   it 'Create new appearance' do
-    sign_in(create(:admin))
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     visit admin_appearances_path
 
     fill_in 'appearance_title', with: 'MyCompany'
@@ -26,7 +28,8 @@ RSpec.describe 'Admin Appearance' do
   end
 
   it 'Preview sign-in page appearance' do
-    sign_in(create(:admin))
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
 
     visit admin_appearances_path
     click_link "Sign-in page"
@@ -35,7 +38,8 @@ RSpec.describe 'Admin Appearance' do
   end
 
   it 'Preview new project page appearance' do
-    sign_in(create(:admin))
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
 
     visit admin_appearances_path
     click_link "New project page"
@@ -45,7 +49,8 @@ RSpec.describe 'Admin Appearance' do
 
   context 'Custom system header and footer' do
     before do
-      sign_in(create(:admin))
+      sign_in(admin)
+      gitlab_enable_admin_mode_sign_in(admin)
     end
 
     context 'when system header and footer messages are empty' do
@@ -82,7 +87,8 @@ RSpec.describe 'Admin Appearance' do
   end
 
   it 'Custom new project page' do
-    sign_in create(:user)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     visit new_project_path
 
     expect_custom_new_project_appearance(appearance)
@@ -91,6 +97,7 @@ RSpec.describe 'Admin Appearance' do
   context 'Profile page with custom profile image guidelines' do
     before do
       sign_in(create(:admin))
+      gitlab_enable_admin_mode_sign_in(admin)
       visit admin_appearances_path
       fill_in 'appearance_profile_image_guidelines', with: 'Custom profile image guidelines, please :smile:!'
       click_button 'Update appearance settings'
@@ -105,7 +112,8 @@ RSpec.describe 'Admin Appearance' do
   end
 
   it 'Appearance logo' do
-    sign_in(create(:admin))
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     visit admin_appearances_path
 
     attach_file(:appearance_logo, logo_fixture)
@@ -117,7 +125,8 @@ RSpec.describe 'Admin Appearance' do
   end
 
   it 'Header logos' do
-    sign_in(create(:admin))
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     visit admin_appearances_path
 
     attach_file(:appearance_header_logo, logo_fixture)
@@ -129,7 +138,8 @@ RSpec.describe 'Admin Appearance' do
   end
 
   it 'Favicon' do
-    sign_in(create(:admin))
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     visit admin_appearances_path
 
     attach_file(:appearance_favicon, logo_fixture)

spec/features/admin/admin_broadcast_messages_spec.rb

@@ -4,7 +4,9 @@ require 'spec_helper'
 
 RSpec.describe 'Admin Broadcast Messages' do
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     create(:broadcast_message, :expired, message: 'Migration to new server')
     visit admin_broadcast_messages_path
   end

spec/features/admin/admin_browse_spam_logs_spec.rb

@@ -6,7 +6,9 @@ RSpec.describe 'Admin browse spam logs' do
   let!(:spam_log) { create(:spam_log, description: 'abcde ' * 20) }
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   it 'Browse spam logs' do

spec/features/admin/admin_builds_spec.rb

@@ -4,7 +4,9 @@ require 'spec_helper'
 
 RSpec.describe 'Admin Builds' do
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe 'GET /admin/builds' do

spec/features/admin/admin_cohorts_spec.rb

@@ -4,7 +4,9 @@ require 'spec_helper'
 
 RSpec.describe 'Cohorts page' do
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'with usage ping enabled' do

spec/features/admin/admin_deploy_keys_spec.rb

@@ -7,7 +7,9 @@ RSpec.describe 'admin deploy keys' do
   let!(:another_deploy_key) { create(:another_deploy_key, public: true) }
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   it 'show all public deploy keys' do

spec/features/admin/admin_dev_ops_report_spec.rb

@@ -4,7 +4,9 @@ require 'spec_helper'
 
 RSpec.describe 'DevOps Report page', :js do
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'with devops_adoption feature flag disabled' do

spec/features/admin/admin_disables_git_access_protocol_spec.rb

@@ -12,6 +12,7 @@ RSpec.describe 'Admin disables Git access protocol', :js do
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'with HTTP disabled' do

spec/features/admin/admin_disables_two_factor_spec.rb

@@ -4,7 +4,9 @@ require 'spec_helper'
 
 RSpec.describe 'Admin disables 2FA for a user' do
   it 'successfully', :js do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     user = create(:user, :two_factor)
 
     edit_user(user)
@@ -19,7 +21,9 @@ RSpec.describe 'Admin disables 2FA for a user' do
   end
 
   it 'for a user without 2FA enabled' do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
     user = create(:user)
 
     edit_user(user)

spec/features/admin/admin_groups_spec.rb

@@ -13,6 +13,7 @@ RSpec.describe 'Admin Groups' do
 
   before do
     sign_in(current_user)
+    gitlab_enable_admin_mode_sign_in(current_user)
     stub_application_setting(default_group_visibility: internal)
   end
 

spec/features/admin/admin_health_check_spec.rb

@@ -9,6 +9,7 @@ RSpec.describe "Admin Health Check", :feature do
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe '#show' do

spec/features/admin/admin_hook_logs_spec.rb

@@ -8,7 +8,9 @@ RSpec.describe 'Admin::HookLogs' do
   let(:hook_log) { create(:web_hook_log, web_hook: system_hook, internal_error_message: 'some error') }
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   it 'show list of hook logs' do

spec/features/admin/admin_hooks_spec.rb

@@ -7,6 +7,7 @@ RSpec.describe 'Admin::Hooks' do
 
   before do
     sign_in(user)
+    gitlab_enable_admin_mode_sign_in(user)
   end
 
   describe 'GET /admin/hooks' do

spec/features/admin/admin_labels_spec.rb

@@ -7,7 +7,9 @@ RSpec.describe 'admin issues labels' do
   let!(:feature_label) { Label.create(title: 'feature', template: true) }
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe 'list' do

spec/features/admin/admin_manage_applications_spec.rb

@@ -4,7 +4,9 @@ require 'spec_helper'
 
 RSpec.describe 'admin manage applications' do
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   it 'creates new oauth application' do

spec/features/admin/admin_mode/login_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Admin Mode Login', :clean_gitlab_redis_shared_state, :do_not_mock_admin_mode do
+RSpec.describe 'Admin Mode Login' do
   include TermsHelper
   include UserLoginHelper
   include LdapHelpers

spec/features/admin/admin_mode/logout_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Admin Mode Logout', :js, :clean_gitlab_redis_shared_state, :do_not_mock_admin_mode do
+RSpec.describe 'Admin Mode Logout', :js do
   include TermsHelper
   include UserLoginHelper
 

spec/features/admin/admin_mode/workers_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 # Test an operation that triggers background jobs requiring administrative rights
-RSpec.describe 'Admin mode for workers', :do_not_mock_admin_mode, :request_store, :clean_gitlab_redis_shared_state do
+RSpec.describe 'Admin mode for workers', :request_store do
   let(:user) { create(:user) }
   let(:user_to_delete) { create(:user) }
 

spec/features/admin/admin_mode_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Admin mode', :clean_gitlab_redis_shared_state, :do_not_mock_admin_mode do
+RSpec.describe 'Admin mode' do
   include MobileHelpers
   include StubENV
 

spec/features/admin/admin_projects_spec.rb

@@ -11,6 +11,7 @@ RSpec.describe "Admin::Projects" do
 
   before do
     sign_in(current_user)
+    gitlab_enable_admin_mode_sign_in(current_user)
   end
 
   describe "GET /admin/projects" do

spec/features/admin/admin_requests_profiles_spec.rb

@@ -7,7 +7,9 @@ RSpec.describe 'Admin::RequestsProfilesController' do
 
   before do
     stub_const('Gitlab::RequestProfiler::PROFILES_DIR', tmpdir)
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   after do

spec/features/admin/admin_runners_spec.rb

@@ -9,7 +9,9 @@ RSpec.describe "Admin Runners" do
 
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe "Runners page" do

spec/features/admin/admin_sees_project_statistics_spec.rb

@@ -7,6 +7,7 @@ RSpec.describe "Admin > Admin sees project statistics" do
 
   before do
     sign_in(current_user)
+    gitlab_enable_admin_mode_sign_in(current_user)
 
     visit admin_project_path(project)
   end

spec/features/admin/admin_sees_projects_statistics_spec.rb

@@ -10,6 +10,7 @@ RSpec.describe "Admin > Admin sees projects statistics" do
     create(:project, :repository) { |project| project.statistics.destroy }
 
     sign_in(current_user)
+    gitlab_enable_admin_mode_sign_in(current_user)
 
     visit admin_projects_path
   end

spec/features/admin/admin_serverless_domains_spec.rb

@@ -7,7 +7,9 @@ RSpec.describe 'Admin Serverless Domains', :js do
 
   before do
     allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   it 'Add domain with certificate' do

spec/features/admin/admin_settings_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Admin updates settings', :clean_gitlab_redis_shared_state, :do_not_mock_admin_mode do
+RSpec.describe 'Admin updates settings' do
   include StubENV
   include TermsHelper
   include UsageDataHelpers

spec/features/admin/admin_system_info_spec.rb

@@ -4,7 +4,9 @@ require 'spec_helper'
 
 RSpec.describe 'Admin System Info' do
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe 'GET /admin/system_info' do

spec/features/admin/admin_users_impersonation_tokens_spec.rb

@@ -20,6 +20,7 @@ RSpec.describe 'Admin > Users > Impersonation Tokens', :js do
 
   before do
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   describe "token creation" do

spec/features/admin/admin_users_spec.rb

@@ -13,6 +13,7 @@ RSpec.describe "Admin::Users" do
 
   before do
     sign_in(current_user)
+    gitlab_enable_admin_mode_sign_in(current_user)
   end
 
   describe "GET /admin/users" do

spec/features/admin/admin_uses_repository_checks_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Admin uses repository checks', :request_store, :clean_gitlab_redis_shared_state, :do_not_mock_admin_mode do
+RSpec.describe 'Admin uses repository checks', :request_store do
   include StubENV
 
   let(:admin) { create(:admin) }

spec/features/admin/clusters/applications_spec.rb

@@ -10,6 +10,7 @@ RSpec.describe 'Instance-level Cluster Applications', :js do
 
   before do
     sign_in(user)
+    gitlab_enable_admin_mode_sign_in(user)
   end
 
   describe 'Installing applications' do

spec/features/admin/clusters/eks_spec.rb

@@ -7,6 +7,7 @@ RSpec.describe 'Instance-level AWS EKS Cluster', :js do
 
   before do
     sign_in(user)
+    gitlab_enable_admin_mode_sign_in(user)
   end
 
   context 'when user does not have a cluster and visits group clusters page' do

spec/features/admin/dashboard_spec.rb

@@ -6,7 +6,9 @@ RSpec.describe 'admin visits dashboard' do
   include ProjectForksHelper
 
   before do
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
   end
 
   context 'counting forks', :js do

spec/features/admin/services/admin_activates_prometheus_spec.rb

@@ -7,6 +7,7 @@ RSpec.describe 'Admin activates Prometheus', :js do
 
   before do
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
 
     visit(admin_application_settings_services_path)
 

spec/features/admin/services/admin_visits_service_templates_spec.rb

@@ -8,6 +8,7 @@ RSpec.describe 'Admin visits service templates' do
 
   before do
     sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
 
     visit(admin_application_settings_services_path)
   end

spec/features/boards/keyboard_shortcut_spec.rb

@@ -9,7 +9,9 @@ RSpec.describe 'Issue Boards shortcut', :js do
     before do
       create(:board, project: project)
 
-      sign_in(create(:admin))
+      admin = create(:admin)
+      sign_in(admin)
+      gitlab_enable_admin_mode_sign_in(admin)
 
       visit project_path(project)
     end
@@ -26,7 +28,9 @@ RSpec.describe 'Issue Boards shortcut', :js do
     let(:project) { create(:project, :issues_disabled) }
 
     before do
-      sign_in(create(:admin))
+      admin = create(:admin)
+      sign_in(admin)
+      gitlab_enable_admin_mode_sign_in(admin)
 
       visit project_path(project)
     end

spec/features/clusters/cluster_detail_page_spec.rb

@@ -168,6 +168,10 @@ RSpec.describe 'Clusterable > Show page' do
     let(:cluster_path) { admin_cluster_path(cluster) }
     let(:cluster) { create(:cluster, :provided_by_gcp, :instance) }
 
+    before do
+      gitlab_enable_admin_mode_sign_in(current_user)
+    end
+
     it_behaves_like 'show page' do
       let(:cluster_type_label) { 'Instance cluster' }
     end

spec/features/expand_collapse_diffs_spec.rb

@@ -10,7 +10,9 @@ RSpec.describe 'Expand and collapse diffs', :js do
     stub_feature_flags(increased_diff_limits: false)
     allow(Gitlab::CurrentSettings).to receive(:diff_max_patch_bytes).and_return(100.kilobytes)
 
-    sign_in(create(:admin))
+    admin = create(:admin)
+    sign_in(admin)
+    gitlab_enable_admin_mode_sign_in(admin)
 
     # Ensure that undiffable.md is in .gitattributes
     project.repository.copy_gitattributes(branch)

spec/features/file_uploads/git_lfs_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe 'Upload a git lfs object', :js do
   include_context 'file upload requests helpers'
 
   let_it_be(:project) { create(:project) }
-  let_it_be(:user) { create(:user, :admin) }
+  let_it_be(:user) { project.owner }
   let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }
 
   let(:file) { fixture_file_upload('spec/fixtures/banana_sample.gif') }

spec/features/groups_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe 'Group' do
-  let(:user) { create(:admin) }
+  let(:user) { create(:user) }
 
   before do
     sign_in(user)
@@ -21,8 +21,6 @@ RSpec.describe 'Group' do
     end
 
     describe 'as a non-admin' do
-      let(:user) { create(:user) }
-
       it 'creates a group and persists visibility radio selection', :js do
         stub_application_setting(default_group_visibility: :private)
 
@@ -140,6 +138,8 @@ RSpec.describe 'Group' do
     let(:group) { create(:group, path: 'foo') }
 
     context 'as admin' do
+      let(:user) { create(:admin) }
+
       before do
         visit new_group_path(group, parent_id: group.id)
       end
@@ -190,6 +190,8 @@ RSpec.describe 'Group' do
     let(:new_name) { 'new-name' }
 
     before do
+      group.add_owner(user)
+
       visit path
     end
 
@@ -200,6 +202,8 @@ RSpec.describe 'Group' do
 
     it 'saves new settings' do
       page.within('.gs-general') do
+        # Have to reset it to '' so it overwrites rather than appends
+        fill_in('group_name', with: '')
         fill_in 'group_name', with: new_name
         click_button 'Save changes'
       end
@@ -229,6 +233,10 @@ RSpec.describe 'Group' do
     let(:group) { create(:group) }
     let(:path)  { group_path(group) }
 
+    before do
+      group.add_owner(user)
+    end
+
     it 'parses Markdown' do
       group.update_attribute(:description, 'This is **my** group')
 
@@ -267,6 +275,10 @@ RSpec.describe 'Group' do
     let!(:nested_group) { create(:group, parent: group) }
     let!(:project) { create(:project, namespace: group) }
 
+    before do
+      group.add_owner(user)
+    end
+
     it 'renders projects and groups on the page' do
       visit group_path(group)
       wait_for_requests
@@ -294,6 +306,10 @@ RSpec.describe 'Group' do
   describe 'new subgroup / project button' do
     let(:group) { create(:group, project_creation_level: Gitlab::Access::NO_ONE_PROJECT_ACCESS, subgroup_creation_level: Gitlab::Access::OWNER_SUBGROUP_ACCESS) }
 
+    before do
+      group.add_owner(user)
+    end
+
     context 'when user has subgroup creation permissions but not project creation permissions' do
       it 'only displays "New subgroup" button' do
         visit group_path(group)

spec/features/issues/keyboard_shortcut_spec.rb

@@ -8,7 +8,7 @@ RSpec.describe 'Issues shortcut', :js do
       let(:project) { create(:project) }
 
       before do
-        sign_in(create(:admin))
+        sign_in(project.owner)
 
         visit project_path(project)
       end
@@ -23,7 +23,7 @@ RSpec.describe 'Issues shortcut', :js do
       let(:project) { create(:project, :issues_disabled) }
 
       before do
-        sign_in(create(:admin))
+        sign_in(project.owner)
 
         visit project_path(project)
       end

spec/features/markdown/copy_as_gfm_spec.rb

@@ -7,10 +7,6 @@ RSpec.describe 'Copy as GFM', :js do
   include RepoHelpers
   include ActionView::Helpers::JavaScriptHelper
 
-  before do
-    sign_in(create(:admin))
-  end
-
   describe 'Copying rendered GFM' do
     before do
       @feat = MarkdownFeature.new
@@ -18,6 +14,9 @@ RSpec.describe 'Copy as GFM', :js do
       # `markdown` helper expects a `@project` variable
       @project = @feat.project
 
+      user = create(:user)
+      @project.add_maintainer(user)
+      sign_in(user)
       visit project_issue_path(@project, @feat.issue)
     end
 
@@ -650,6 +649,10 @@ RSpec.describe 'Copy as GFM', :js do
   describe 'Copying code' do
     let(:project) { create(:project, :repository) }
 
+    before do
+      sign_in(project.owner)
+    end
+
     context 'from a diff' do
       shared_examples 'copying code from a diff' do
         context 'selecting one word of text' do

spec/features/profiles/active_sessions_spec.rb

@@ -45,6 +45,7 @@ RSpec.describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
         )
 
         gitlab_sign_in(admin)
+        gitlab_enable_admin_mode_sign_in(admin)
 
         visit admin_user_path(user)
 

spec/features/projects/blobs/user_creates_new_blob_in_new_project_spec.rb

@@ -9,12 +9,9 @@ RSpec.describe 'User creates new blob', :js do
   let(:project) { create(:project, :empty_repo) }
 
   shared_examples 'creating a file' do
-    before do
-      sign_in(user)
+    it 'allows the user to add a new file in Web IDE' do
       visit project_path(project)
-    end
 
-    it 'allows the user to add a new file in Web IDE' do
       click_link 'New file'
 
       wait_for_requests
@@ -31,6 +28,7 @@ RSpec.describe 'User creates new blob', :js do
   describe 'as a maintainer' do
     before do
       project.add_maintainer(user)
+      sign_in(user)
     end
 
     it_behaves_like 'creating a file'
@@ -39,6 +37,11 @@ RSpec.describe 'User creates new blob', :js do
   describe 'as an admin' do
     let(:user) { create(:user, :admin) }
 
+    before do
+      sign_in(user)
+      gitlab_enable_admin_mode_sign_in(user)
+    end
+
     it_behaves_like 'creating a file'
   end
 

spec/features/projects/blobs/user_follows_pipeline_suggest_nudge_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 RSpec.describe 'User follows pipeline suggest nudge spec when feature is enabled', :js do
   include CookieHelper
 
-  let(:user) { create(:user, :admin) }
   let(:project) { create(:project, :empty_repo) }
+  let(:user) { project.owner }
 
   describe 'viewing the new blob page' do
     before do

spec/features/projects/clusters/gcp_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Gcp Cluster', :js, :do_not_mock_admin_mode do
+RSpec.describe 'Gcp Cluster', :js do
   include GoogleApi::CloudPlatformHelpers
 
   let(:project) { create(:project) }

spec/features/projects/features_visibility_spec.rb

@@ -150,6 +150,7 @@ RSpec.describe 'Edit Project Settings' do
       before do
         non_member.update_attribute(:admin, true)
         sign_in(non_member)
+        gitlab_enable_admin_mode_sign_in(non_member)
       end
 
       it 'renders 404 if feature is disabled' do

spec/features/projects/gfm_autocomplete_load_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe 'GFM autocomplete loading', :js do
   let(:project) { create(:project) }
 
   before do
-    sign_in(create(:admin))
+    sign_in(project.owner)
 
     visit project_path(project)
   end

spec/features/projects/settings/repository_settings_spec.rb

@@ -289,13 +289,13 @@ RSpec.describe 'Projects > Settings > Repository settings' do
       visit project_settings_repository_path(project)
     end
 
-    context 'when project mirroring is enabled' do
+    context 'when project mirroring is enabled', :enable_admin_mode do
       let(:mirror_available) { true }
 
       include_examples 'shows mirror settings'
     end
 
-    context 'when project mirroring is disabled' do
+    context 'when project mirroring is disabled', :enable_admin_mode do
       let(:mirror_available) { false }
 
       include_examples 'shows mirror settings'

spec/features/projects/user_views_empty_project_spec.rb

@@ -7,12 +7,9 @@ RSpec.describe 'User views an empty project' do
   let(:user) { create(:user) }
 
   shared_examples 'allowing push to default branch' do
-    before do
-      sign_in(user)
+    it 'shows push-to-master instructions' do
       visit project_path(project)
-    end
 
-    it 'shows push-to-master instructions' do
       expect(page).to have_content('git push -u origin master')
     end
   end
@@ -20,6 +17,7 @@ RSpec.describe 'User views an empty project' do
   describe 'as a maintainer' do
     before do
       project.add_maintainer(user)
+      sign_in(user)
     end
 
     it_behaves_like 'allowing push to default branch'
@@ -28,17 +26,33 @@ RSpec.describe 'User views an empty project' do
   describe 'as an admin' do
     let(:user) { create(:user, :admin) }
 
-    it_behaves_like 'allowing push to default branch'
+    context 'when admin mode is enabled' do
+      before do
+        sign_in(user)
+        gitlab_enable_admin_mode_sign_in(user)
+      end
+
+      it_behaves_like 'allowing push to default branch'
+    end
+
+    context 'when admin mode is disabled' do
+      it 'does not show push-to-master instructions' do
+        visit project_path(project)
+
+        expect(page).not_to have_content('git push -u origin master')
+      end
+    end
   end
 
   describe 'as a developer' do
     before do
       project.add_developer(user)
       sign_in(user)
-      visit project_path(project)
     end
 
     it 'does not show push-to-master instructions' do
+      visit project_path(project)
+
       expect(page).not_to have_content('git push -u origin master')
     end
   end

spec/features/projects_spec.rb

@@ -61,7 +61,7 @@ RSpec.describe 'Project' do
     let(:path)    { project_path(project) }
 
     before do
-      sign_in(create(:admin))
+      sign_in(project.owner)
     end
 
     it 'parses Markdown' do
@@ -125,7 +125,7 @@ RSpec.describe 'Project' do
     let(:path)    { project_path(project) }
 
     before do
-      sign_in(create(:admin))
+      sign_in(project.owner)
       visit path
     end
 
@@ -156,7 +156,7 @@ RSpec.describe 'Project' do
     let(:path)    { project_path(project) }
 
     before do
-      sign_in(create(:admin))
+      sign_in(project.owner)
       visit path
     end
 

spec/features/protected_branches_spec.rb

@@ -73,6 +73,7 @@ RSpec.describe 'Protected Branches', :js do
   context 'logged in as admin' do
     before do
       sign_in(admin)
+      gitlab_enable_admin_mode_sign_in(admin)
     end
 
     describe "explicit protected branches" do

spec/features/protected_tags_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 RSpec.describe 'Protected Tags', :js do
   include ProtectedTagHelpers
 
-  let(:user) { create(:user, :admin) }
   let(:project) { create(:project, :repository) }
+  let(:user) { project.owner }
 
   before do
     sign_in(user)

spec/features/security/admin_access_spec.rb

@@ -8,7 +8,14 @@ RSpec.describe "Admin::Projects" do
   describe "GET /admin/projects" do
     subject { admin_projects_path }
 
-    it { is_expected.to be_allowed_for :admin }
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it { is_expected.to be_allowed_for :admin }
+    end
+
+    context 'when admin mode is disabled' do
+      it { is_expected.to be_denied_for :admin }
+    end
+
     it { is_expected.to be_denied_for :user }
     it { is_expected.to be_denied_for :visitor }
   end
@@ -16,7 +23,14 @@ RSpec.describe "Admin::Projects" do
   describe "GET /admin/users" do
     subject { admin_users_path }
 
-    it { is_expected.to be_allowed_for :admin }
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it { is_expected.to be_allowed_for :admin }
+    end
+
+    context 'when admin mode is disabled' do
+      it { is_expected.to be_denied_for :admin }
+    end
+
     it { is_expected.to be_denied_for :user }
     it { is_expected.to be_denied_for :visitor }
   end
@@ -24,7 +38,14 @@ RSpec.describe "Admin::Projects" do
   describe "GET /admin/hooks" do
     subject { admin_hooks_path }
 
-    it { is_expected.to be_allowed_for :admin }
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it { is_expected.to be_allowed_for :admin }
+    end
+
+    context 'when admin mode is disabled' do
+      it { is_expected.to be_denied_for :admin }
+    end
+
     it { is_expected.to be_denied_for :user }
     it { is_expected.to be_denied_for :visitor }
   end

spec/features/security/project/internal_access_spec.rb

@@ -102,7 +102,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/-/settings/ci_cd" do
     subject { project_settings_ci_cd_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -116,7 +117,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/-/settings/repository" do
     subject { project_settings_repository_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -146,7 +148,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/edit" do
     subject { edit_project_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -160,7 +163,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/deploy_keys" do
     subject { project_deploy_keys_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -190,7 +194,8 @@ RSpec.describe "Internal Project Access" do
 
     subject { edit_project_issue_path(project, issue) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -218,7 +223,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/snippets/new" do
     subject { new_project_snippet_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -246,7 +252,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/-/merge_requests/new" do
     subject { project_new_merge_request_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -302,7 +309,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/-/settings/integrations" do
     subject { project_settings_integrations_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -367,7 +375,8 @@ RSpec.describe "Internal Project Access" do
         project.update(public_builds: false)
       end
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -406,7 +415,8 @@ RSpec.describe "Internal Project Access" do
         project.update(public_builds: false)
       end
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -445,7 +455,8 @@ RSpec.describe "Internal Project Access" do
         project.update(public_builds: false)
       end
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -460,7 +471,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/pipeline_schedules" do
     subject { project_pipeline_schedules_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -474,7 +486,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/-/environments" do
     subject { project_environments_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -490,7 +503,8 @@ RSpec.describe "Internal Project Access" do
 
     subject { project_environment_path(project, environment) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -506,7 +520,8 @@ RSpec.describe "Internal Project Access" do
 
     subject { project_environment_deployments_path(project, environment) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -520,7 +535,8 @@ RSpec.describe "Internal Project Access" do
   describe "GET /:project_path/-/environments/new" do
     subject { new_project_environment_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }

spec/features/security/project/public_access_spec.rb

@@ -102,7 +102,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/-/settings/ci_cd" do
     subject { project_settings_ci_cd_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -116,7 +117,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/-/settings/repository" do
     subject { project_settings_repository_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -181,7 +183,8 @@ RSpec.describe "Public Project Access" do
         project.update(public_builds: false)
       end
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -220,7 +223,8 @@ RSpec.describe "Public Project Access" do
         project.update(public_builds: false)
       end
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -259,7 +263,8 @@ RSpec.describe "Public Project Access" do
         project.update(public_builds: false)
       end
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -274,7 +279,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/pipeline_schedules" do
     subject { project_pipeline_schedules_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -288,7 +294,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/-/environments" do
     subject { project_environments_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -304,7 +311,8 @@ RSpec.describe "Public Project Access" do
 
     subject { project_environment_path(project, environment) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -320,7 +328,8 @@ RSpec.describe "Public Project Access" do
 
     subject { project_environment_deployments_path(project, environment) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -334,7 +343,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/-/environments/new" do
     subject { new_project_environment_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -363,7 +373,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/edit" do
     subject { edit_project_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -377,7 +388,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/deploy_keys" do
     subject { project_deploy_keys_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }
@@ -407,7 +419,8 @@ RSpec.describe "Public Project Access" do
 
     subject { edit_project_issue_path(project, issue) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -435,7 +448,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/snippets/new" do
     subject { new_project_snippet_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -463,7 +477,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/-/merge_requests/new" do
     subject { project_new_merge_request_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -519,7 +534,8 @@ RSpec.describe "Public Project Access" do
   describe "GET /:project_path/-/settings/integrations" do
     subject { project_settings_integrations_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_denied_for(:developer).of(project) }

spec/features/security/project/snippet/internal_access_spec.rb

@@ -26,7 +26,8 @@ RSpec.describe "Internal Project Snippets Access" do
   describe "GET /:project_path/snippets/new" do
     subject { new_project_snippet_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -55,7 +56,8 @@ RSpec.describe "Internal Project Snippets Access" do
     context "for a private snippet" do
       subject { project_snippet_path(project, private_snippet) }
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -85,7 +87,8 @@ RSpec.describe "Internal Project Snippets Access" do
     context "for a private snippet" do
       subject { raw_project_snippet_path(project, private_snippet) }
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }

spec/features/security/project/snippet/private_access_spec.rb

@@ -12,7 +12,8 @@ RSpec.describe "Private Project Snippets Access" do
   describe "GET /:project_path/snippets" do
     subject { project_snippets_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -26,7 +27,8 @@ RSpec.describe "Private Project Snippets Access" do
   describe "GET /:project_path/snippets/new" do
     subject { new_project_snippet_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -40,7 +42,8 @@ RSpec.describe "Private Project Snippets Access" do
   describe "GET /:project_path/snippets/:id for a private snippet" do
     subject { project_snippet_path(project, private_snippet) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -54,7 +57,8 @@ RSpec.describe "Private Project Snippets Access" do
   describe "GET /:project_path/snippets/:id/raw for a private snippet" do
     subject { raw_project_snippet_path(project, private_snippet) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }

spec/features/security/project/snippet/public_access_spec.rb

@@ -27,7 +27,8 @@ RSpec.describe "Public Project Snippets Access" do
   describe "GET /:project_path/snippets/new" do
     subject { new_project_snippet_path(project) }
 
-    it { is_expected.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
     it { is_expected.to be_allowed_for(:owner).of(project) }
     it { is_expected.to be_allowed_for(:maintainer).of(project) }
     it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -70,7 +71,8 @@ RSpec.describe "Public Project Snippets Access" do
     context "for a private snippet" do
       subject { project_snippet_path(project, private_snippet) }
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -114,7 +116,8 @@ RSpec.describe "Public Project Snippets Access" do
     context "for a private snippet" do
       subject { raw_project_snippet_path(project, private_snippet) }
 
-      it { is_expected.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
       it { is_expected.to be_allowed_for(:owner).of(project) }
       it { is_expected.to be_allowed_for(:maintainer).of(project) }
       it { is_expected.to be_allowed_for(:developer).of(project) }

spec/features/usage_stats_consent_spec.rb

@@ -19,6 +19,7 @@ RSpec.describe 'Usage stats consent' do
       end
 
       gitlab_sign_in(user)
+      gitlab_enable_admin_mode_sign_in(user)
     end
 
     it 'hides the banner permanently when sets usage stats' do

spec/spec_helper.rb

@@ -278,24 +278,18 @@ RSpec.configure do |config|
     # context 'some test in mocked dir', :do_not_mock_admin_mode do ... end
     admin_mode_mock_dirs = %w(
       ./ee/spec/elastic_integration
-      ./ee/spec/features
       ./ee/spec/finders
       ./ee/spec/lib
       ./ee/spec/requests/admin
       ./ee/spec/serializers
-      ./ee/spec/support/protected_tags
-      ./ee/spec/support/shared_examples/features
       ./ee/spec/support/shared_examples/finders/geo
       ./ee/spec/support/shared_examples/graphql/geo
-      ./spec/features
       ./spec/finders
       ./spec/frontend
       ./spec/helpers
       ./spec/lib
       ./spec/requests
       ./spec/serializers
-      ./spec/support/protected_tags
-      ./spec/support/shared_examples/features
       ./spec/support/shared_examples/requests
       ./spec/support/shared_examples/lib/gitlab
       ./spec/views

spec/support/matchers/access_matchers.rb

@@ -52,7 +52,7 @@ module AccessMatchers
       emulate_user(user, @membership)
       visit(url)
 
-      status_code == 200 && current_path != new_user_session_path
+      status_code == 200 && !current_path.in?([new_user_session_path, new_admin_session_path])
     end
 
     chain :of do |membership|
@@ -67,7 +67,7 @@ module AccessMatchers
       emulate_user(user, @membership)
       visit(url)
 
-      [401, 404].include?(status_code) || current_path == new_user_session_path
+      [401, 404].include?(status_code) || current_path.in?([new_user_session_path, new_admin_session_path])
     end
 
     chain :of do |membership|