Merge branch 'chore/disable-admin-mode-remains' into 'master'

Fully disable auto admin mode and migrate remaining specs See merge request gitlab-org/gitlab!50331

Merge branch 'chore/disable-admin-mode-remains' into 'master'
Fully disable auto admin mode and migrate remaining specs See merge request gitlab-org/gitlab!50331
cbcc0b6e · Imre Farkas · 1c8deba0 · 891ac050 · cbcc0b6e · cbcc0b6e
Commit cbcc0b6e authored Jan 08, 2021 by Imre Farkas
20 changed files
--- a/changelogs/unreleased/chore-disable-admin-mode-remains.yml
+++ b/changelogs/unreleased/chore-disable-admin-mode-remains.yml
+---
+title: Fully disable auto admin mode and migrate remaining specs
+merge_request: 50331
+author: Diego Louzán
+type: other
--- a/ee/spec/elastic_integration/global_search_spec.rb
+++ b/ee/spec/elastic_integration/global_search_spec.rb
@@ -3,8 +3,11 @@
 require 'spec_helper'
 RSpec.describe 'GlobalSearch', :elastic do
+  include AdminModeHelper
  let(:features) { %i(issues merge_requests repository builds wiki snippets) }
-  let(:admin) { create :user, admin: true }
+  let(:admin_with_admin_mode) { create :user, admin: true }
+  let(:admin_without_admin_mode) { create :user, admin: true }
  let(:auditor) {create :user, auditor: true }
  let(:non_member) { create :user }
  let(:external_non_member) { create :user, external: true }
@@ -19,6 +22,8 @@ RSpec.describe 'GlobalSearch', :elastic do
    project.add_developer(member)
    project.add_developer(external_member)
    project.add_guest(guest)
+    enable_admin_mode!(admin_with_admin_mode)
  end
  context "Respect feature visibility levels", :aggregate_failures do
@@ -29,7 +34,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "does not find items if features are disabled" do
        create_items(project, feature_settings(:disabled))
-        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
        expect_no_items_to_be_found(auditor)
        expect_no_items_to_be_found(member)
        expect_no_items_to_be_found(external_member)
@@ -42,7 +48,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "shows items to member only if features are enabled" do
        create_items(project, feature_settings(:enabled))
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
        expect_items_to_be_found(auditor)
        expect_items_to_be_found(member)
        expect_items_to_be_found(external_member)
@@ -60,7 +67,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "does not find items if features are disabled" do
        create_items(project, feature_settings(:disabled))
-        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
        expect_no_items_to_be_found(auditor)
        expect_no_items_to_be_found(member)
        expect_no_items_to_be_found(external_member)
@@ -73,7 +81,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "shows items to member only if features are enabled" do
        create_items(project, feature_settings(:enabled))
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_items_to_be_found(admin_without_admin_mode)
        expect_items_to_be_found(auditor)
        expect_items_to_be_found(member)
        expect_items_to_be_found(external_member)
@@ -86,7 +95,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "shows items to member only if features are private" do
        create_items(project, feature_settings(:private))
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
        expect_items_to_be_found(auditor)
        expect_items_to_be_found(member)
        expect_items_to_be_found(external_member)
@@ -104,7 +114,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "does not find items if features are disabled" do
        create_items(project, feature_settings(:disabled))
-        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
        expect_no_items_to_be_found(auditor)
        expect_no_items_to_be_found(member)
        expect_no_items_to_be_found(external_member)
@@ -117,7 +128,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "finds items if features are enabled" do
        create_items(project, feature_settings(:enabled))
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_items_to_be_found(admin_without_admin_mode)
        expect_items_to_be_found(auditor)
        expect_items_to_be_found(member)
        expect_items_to_be_found(external_member)
@@ -130,7 +142,8 @@ RSpec.describe 'GlobalSearch', :elastic do
      it "shows items to member only if features are private", :aggregate_failures do
        create_items(project, feature_settings(:private))
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
        expect_items_to_be_found(auditor)
        expect_items_to_be_found(member)
        expect_items_to_be_found(external_member)

--- a/ee/spec/finders/licenses_finder_spec.rb
+++ b/ee/spec/finders/licenses_finder_spec.rb
@@ -7,16 +7,24 @@ RSpec.describe LicensesFinder do
  let_it_be(:user) { create(:admin) }
-  it 'returns a license by id' do
+  context 'with admin mode enabled', :enable_admin_mode do
-    expect(described_class.new(user, id: license.id).execute.take).to eq(license)
+    it 'returns a license by id' do
-  end
+      expect(described_class.new(user, id: license.id).execute.take).to eq(license)
+    end
+    it 'returns a collection of licenses' do
+      expect(described_class.new(user).execute).to contain_exactly(*License.all)
+    end
-  it 'returns a collection of licenses' do
+    it 'returns empty relation if the license doesnt exist' do
-    expect(described_class.new(user).execute).to contain_exactly(*License.all)
+      expect(described_class.new(user, id: 0).execute).to be_empty
+    end
  end
-  it 'returns empty relation if the license doesnt exist' do
+  context 'with admin mode disabled' do
-    expect(described_class.new(user, id: 0).execute).to be_empty
+    it 'raises an error' do
+      expect { described_class.new(user, id: 0).execute }.to raise_error Gitlab::Access::AccessDeniedError
+    end
  end
  it 'raises an error if the user is not an admin' do

--- a/ee/spec/finders/productivity_analytics_finder_spec.rb
+++ b/ee/spec/finders/productivity_analytics_finder_spec.rb
@@ -5,7 +5,8 @@ require 'spec_helper'
 RSpec.describe ProductivityAnalyticsFinder do
  subject { described_class.new(current_user, search_params.merge(state: :merged)) }
-  let(:current_user) { create(:admin) }
+  let(:project) { create(:project) }
+  let(:current_user) { project.owner }
  let(:search_params) { {} }
  describe '.array_params' do
@@ -23,12 +24,12 @@ RSpec.describe ProductivityAnalyticsFinder do
  describe '#execute' do
    let(:long_mr) do
      metrics_data = { merged_at: 1.day.ago }
-      create(:merge_request, :merged, :with_productivity_metrics, created_at: 31.days.ago, metrics_data: metrics_data)
+      create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 31.days.ago, metrics_data: metrics_data)
    end
    let(:short_mr) do
      metrics_data = { merged_at: 28.days.ago }
-      create(:merge_request, :merged, :with_productivity_metrics, created_at: 31.days.ago, metrics_data: metrics_data)
+      create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 31.days.ago, metrics_data: metrics_data)
    end
    context 'allows to filter by days_to_merge' do
@@ -90,7 +91,7 @@ RSpec.describe ProductivityAnalyticsFinder do
        it 'uses start_date as filter value' do
          metrics_data = { merged_at: (2.years + 1.day).ago }
-          create(:merge_request, :merged, :with_productivity_metrics, created_at: 800.days.ago, metrics_data: metrics_data)
+          create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 800.days.ago, metrics_data: metrics_data)
          long_mr
          expect(subject.execute).to match_array([long_mr])

--- a/ee/spec/serializers/dashboard_operations_project_entity_spec.rb
+++ b/ee/spec/serializers/dashboard_operations_project_entity_spec.rb
@@ -95,7 +95,7 @@ RSpec.describe DashboardOperationsProjectEntity do
      expect(subject).not_to include(:alert_count, :upgrade_path)
    end
-    context 'the user has permission to upgrade plan' do
+    context 'the user has permission to upgrade plan', :enable_admin_mode do
      let(:user) { build(:user, :admin) }
      it 'shows the profile upgrade path' do
@@ -103,7 +103,7 @@ RSpec.describe DashboardOperationsProjectEntity do
      end
    end
-    context 'the user has permission to upgrade group' do
+    context 'the user has permission to upgrade group', :enable_admin_mode do
      let(:project) { build(:project, namespace: create(:group)) }
      let(:user) { build(:user, :admin) }

--- a/ee/spec/support/shared_examples/finders/geo/framework_registry_finder_shared_examples.rb
+++ b/ee/spec/support/shared_examples/finders/geo/framework_registry_finder_shared_examples.rb
@@ -20,17 +20,23 @@ RSpec.shared_examples 'a framework registry finder' do |registry_factory|
    context 'when user can read all Geo' do
      let_it_be(:user) { create(:user, :admin) }
-      context 'with an ids param' do
+      context 'when admin mode is disabled' do
-        let(:params) { { ids: [registry3.id, registry1.id] } }
+        it { is_expected.to be_empty }
+      end
+      context 'when admin mode is enabled', :enable_admin_mode do
+        context 'with an ids param' do
+          let(:params) { { ids: [registry3.id, registry1.id] } }
-        it 'returns specified registries' do
+          it 'returns specified registries' do
-          expect(registries.to_a).to eq([registry1, registry3])
+            expect(registries.to_a).to contain_exactly(registry1, registry3)
+          end
        end
-      end
-      context 'without an ids param' do
+        context 'without an ids param' do
-        it 'returns all registries' do
+          it 'returns all registries' do
-          expect(registries.to_a).to eq([registry1, registry2, registry3])
+            expect(registries.to_a).to contain_exactly(registry1, registry2, registry3)
+          end
        end
      end
    end

--- a/ee/spec/support/shared_examples/graphql/geo/geo_registries_resolver_shared_examples.rb
+++ b/ee/spec/support/shared_examples/graphql/geo/geo_registries_resolver_shared_examples.rb
@@ -20,19 +20,27 @@ RSpec.shared_examples_for 'a Geo registries resolver' do |registry_factory_name|
      context 'when the user has permission to view Geo data' do
        let_it_be(:current_user) { create(:admin) }
-        context 'when the ids argument is null' do
+        context 'when admin mode is enabled', :enable_admin_mode do
-          it 'returns registries, in order' do
+          context 'when the ids argument is null' do
-            expect(resolve_registries.to_a).to eq(registries)
+            it 'returns registries, in order' do
+              expect(resolve_registries.to_a).to eq(registries)
+            end
          end
-        end
-        context 'when the ids argument is present' do
+          context 'when the ids argument is present' do
-          it 'returns the requested registries, in order' do
+            it 'returns the requested registries, in order' do
-            requested_ids = [registry3.to_global_id, registry1.to_global_id]
+              requested_ids = [registry3.to_global_id, registry1.to_global_id]
-            args = { ids: requested_ids }
+              args = { ids: requested_ids }
-            expected = [registry1, registry3]
+              expected = [registry1, registry3]
+              expect(resolve_registries(args).to_a).to eq(expected)
+            end
+          end
+        end
-            expect(resolve_registries(args).to_a).to eq(expected)
+        context 'when admin mode is disabled' do
+          it 'returns nothing' do
+            expect(resolve_registries).to be_empty
          end
        end
      end

--- a/spec/finders/cluster_ancestors_finder_spec.rb
+++ b/spec/finders/cluster_ancestors_finder_spec.rb
@@ -83,8 +83,16 @@ RSpec.describe ClusterAncestorsFinder, '#execute' do
    let(:clusterable) { Clusters::Instance.new }
    let(:user) { create(:admin) }
-    it 'returns the list of instance clusters' do
+    context 'when admin mode is enabled', :enable_admin_mode do
-      is_expected.to eq([instance_cluster])
+      it 'returns the list of instance clusters' do
+        is_expected.to eq([instance_cluster])
+      end
+    end
+    context 'when admin mode is disabled' do
+      it 'returns nothing' do
+        is_expected.to be_empty
+      end
    end
  end
 end
--- a/spec/finders/group_projects_finder_spec.rb
+++ b/spec/finders/group_projects_finder_spec.rb
@@ -142,20 +142,40 @@ RSpec.describe GroupProjectsFinder do
  describe 'with an admin current user' do
    let(:current_user) { create(:admin) }
-    context "only shared" do
+    context 'when admin mode is enabled', :enable_admin_mode do
-      let(:options) { { only_shared: true } }
+      context "only shared" do
+        let(:options) { { only_shared: true } }
-      it            { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1]) }
+        it            { is_expected.to contain_exactly(shared_project_3, shared_project_2, shared_project_1) }
-    end
+      end
-    context "only owned" do
+      context "only owned" do
-      let(:options) { { only_owned: true } }
+        let(:options) { { only_owned: true } }
+        it            { is_expected.to contain_exactly(private_project, public_project) }
+      end
-      it            { is_expected.to eq([private_project, public_project]) }
+      context "all" do
+        it { is_expected.to contain_exactly(shared_project_3, shared_project_2, shared_project_1, private_project, public_project) }
+      end
    end
-    context "all" do
+    context 'when admin mode is disabled' do
-      it { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1, private_project, public_project]) }
+      context "only shared" do
+        let(:options) { { only_shared: true } }
+        it            { is_expected.to contain_exactly(shared_project_3, shared_project_1) }
+      end
+      context "only owned" do
+        let(:options) { { only_owned: true } }
+        it            { is_expected.to contain_exactly(public_project) }
+      end
+      context "all" do
+        it { is_expected.to contain_exactly(shared_project_3, shared_project_1, public_project) }
+      end
    end
  end

--- a/spec/finders/groups_finder_spec.rb
+++ b/spec/finders/groups_finder_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 RSpec.describe GroupsFinder do
+  include AdminModeHelper
  describe '#execute' do
    let(:user) { create(:user) }
@@ -23,11 +25,16 @@ RSpec.describe GroupsFinder do
        :external | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
        :external | {} | %i(public_group user_public_group user_internal_group user_private_group)
-        :admin | { all_available: true } | %i(public_group internal_group private_group user_public_group
+        :admin_without_admin_mode | { all_available: true } | %i(public_group internal_group user_public_group
-                                              user_internal_group user_private_group)
+                                                                 user_internal_group user_private_group)
-        :admin | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
+        :admin_without_admin_mode | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
-        :admin | {} | %i(public_group internal_group private_group user_public_group user_internal_group
+        :admin_without_admin_mode | {} | %i(public_group internal_group user_public_group user_internal_group user_private_group)
-                         user_private_group)
+        :admin_with_admin_mode | { all_available: true } | %i(public_group internal_group private_group user_public_group
+                                                              user_internal_group user_private_group)
+        :admin_with_admin_mode | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
+        :admin_with_admin_mode | {} | %i(public_group internal_group private_group user_public_group user_internal_group
+                                         user_private_group)
      end
      with_them do
@@ -52,8 +59,12 @@ RSpec.describe GroupsFinder do
                create(:user)
              when :external
                create(:user, external: true)
-              when :admin
+              when :admin_without_admin_mode
                create(:user, :admin)
+              when :admin_with_admin_mode
+                admin = create(:user, :admin)
+                enable_admin_mode!(admin)
+                admin
              end
            @groups.values_at(:user_private_group, :user_internal_group, :user_public_group).each do |group|
              group.add_developer(user)

--- a/spec/finders/issues_finder_spec.rb
+++ b/spec/finders/issues_finder_spec.rb
@@ -918,16 +918,26 @@ RSpec.describe IssuesFinder do
  describe '#row_count', :request_store do
    let_it_be(:admin) { create(:admin) }
-    it 'returns the number of rows for the default state' do
+    context 'when admin mode is enabled', :enable_admin_mode do
-      finder = described_class.new(admin)
+      it 'returns the number of rows for the default state' do
+        finder = described_class.new(admin)
+        expect(finder.row_count).to eq(5)
+      end
+      it 'returns the number of rows for a given state' do
+        finder = described_class.new(admin, state: 'closed')
-      expect(finder.row_count).to eq(5)
+        expect(finder.row_count).to be_zero
+      end
    end
-    it 'returns the number of rows for a given state' do
+    context 'when admin mode is disabled' do
-      finder = described_class.new(admin, state: 'closed')
+      it 'returns no rows' do
+        finder = described_class.new(admin)
-      expect(finder.row_count).to be_zero
+        expect(finder.row_count).to be_zero
+      end
    end
    it 'returns -1 if the query times out' do
@@ -996,8 +1006,17 @@ RSpec.describe IssuesFinder do
        subject { described_class.new(admin_user, params).with_confidentiality_access_check }
-        it 'returns all issues' do
+        context 'when admin mode is enabled', :enable_admin_mode do
-          expect(subject).to include(public_issue, confidential_issue)
+          it 'returns all issues' do
+            expect(subject).to include(public_issue, confidential_issue)
+          end
+        end
+        context 'when admin mode is disabled' do
+          it 'returns only public issues' do
+            expect(subject).to include(public_issue)
+            expect(subject).not_to include(confidential_issue)
+          end
        end
      end
    end
@@ -1069,14 +1088,27 @@ RSpec.describe IssuesFinder do
        subject { described_class.new(admin_user, params).with_confidentiality_access_check }
-        it 'returns all issues' do
+        context 'when admin mode is enabled', :enable_admin_mode do
-          expect(subject).to include(public_issue, confidential_issue)
+          it 'returns all issues' do
+            expect(subject).to include(public_issue, confidential_issue)
+          end
+          it 'does not filter by confidentiality' do
+            expect(Issue).not_to receive(:where).with(a_string_matching('confidential'), anything)
+            subject
+          end
        end
-        it 'does not filter by confidentiality' do
+        context 'when admin mode is disabled' do
-          expect(Issue).not_to receive(:where).with(a_string_matching('confidential'), anything)
+          it 'returns only public issues' do
+            expect(subject).to include(public_issue)
+            expect(subject).not_to include(confidential_issue)
+          end
-          subject
+          it 'filters by confidentiality' do
+            expect(subject.to_sql).to match("issues.confidential")
+          end
        end
      end
    end

--- a/spec/finders/merge_requests_finder_spec.rb
+++ b/spec/finders/merge_requests_finder_spec.rb
@@ -697,10 +697,18 @@ RSpec.describe MergeRequestsFinder do
    context 'with admin user' do
      let(:user) { create(:user, :admin) }
-      it 'returns all merge requests' do
+      context 'when admin mode is enabled', :enable_admin_mode do
-        expect(merge_requests).to eq(
+        it 'returns all merge requests' do
-          [mr_internal_private_repo_access, mr_private_repo_access, mr_internal, mr_private, mr_public]
+          expect(merge_requests).to contain_exactly(
-        )
+            mr_internal_private_repo_access, mr_private_repo_access, mr_internal, mr_private, mr_public
+          )
+        end
+      end
+      context 'when admin mode is disabled' do
+        it 'returns public and internal merge requests' do
+          expect(merge_requests).to contain_exactly(mr_internal, mr_public)
+        end
      end
    end

--- a/spec/finders/projects_finder_spec.rb
+++ b/spec/finders/projects_finder_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-RSpec.describe ProjectsFinder, :do_not_mock_admin_mode do
+RSpec.describe ProjectsFinder do
  include AdminModeHelper
  describe '#execute' do

--- a/spec/finders/snippets_finder_spec.rb
+++ b/spec/finders/snippets_finder_spec.rb
@@ -106,12 +106,18 @@ RSpec.describe SnippetsFinder do
        expect(snippets).to contain_exactly(public_personal_snippet)
      end
-      it 'returns all snippets for an admin' do
+      it 'returns all snippets for an admin in admin mode', :enable_admin_mode do
        snippets = described_class.new(admin, author: user).execute
        expect(snippets).to contain_exactly(private_personal_snippet, internal_personal_snippet, public_personal_snippet)
      end
+      it 'returns all public and internal snippets for an admin without admin mode' do
+        snippets = described_class.new(admin, author: user).execute
+        expect(snippets).to contain_exactly(internal_personal_snippet, public_personal_snippet)
+      end
      context 'when author is not valid' do
        it 'returns quickly' do
          finder = described_class.new(admin, author: non_existing_record_id)
@@ -180,12 +186,18 @@ RSpec.describe SnippetsFinder do
        expect(snippets).to contain_exactly(private_project_snippet)
      end
-      it 'returns all snippets for an admin' do
+      it 'returns all snippets for an admin in admin mode', :enable_admin_mode do
        snippets = described_class.new(admin, project: project).execute
        expect(snippets).to contain_exactly(private_project_snippet, internal_project_snippet, public_project_snippet)
      end
+      it 'returns public and internal snippets for an admin without admin mode' do
+        snippets = described_class.new(admin, project: project).execute
+        expect(snippets).to contain_exactly(internal_project_snippet, public_project_snippet)
+      end
      context 'filter by author' do
        let!(:other_user) { create(:user) }
        let!(:other_private_project_snippet) { create(:project_snippet, :private, project: project, author: other_user) }
@@ -218,7 +230,7 @@ RSpec.describe SnippetsFinder do
    end
    context 'filter by snippet type' do
-      context 'when filtering by only_personal snippet' do
+      context 'when filtering by only_personal snippet', :enable_admin_mode do
        it 'returns only personal snippet' do
          snippets = described_class.new(admin, only_personal: true).execute
@@ -228,7 +240,7 @@ RSpec.describe SnippetsFinder do
        end
      end
-      context 'when filtering by only_project snippet' do
+      context 'when filtering by only_project snippet', :enable_admin_mode do
        it 'returns only project snippet' do
          snippets = described_class.new(admin, only_project: true).execute
@@ -239,7 +251,7 @@ RSpec.describe SnippetsFinder do
      end
    end
-    context 'filtering by ids' do
+    context 'filtering by ids', :enable_admin_mode do
      it 'returns only personal snippet' do
        snippets = described_class.new(
          admin, ids: [private_personal_snippet.id,
@@ -265,13 +277,21 @@ RSpec.describe SnippetsFinder do
        )
      end
-      it 'returns all personal snippets for admins' do
+      it 'returns all personal snippets for admins when in admin mode', :enable_admin_mode do
        snippets = described_class.new(admin, explore: true).execute
        expect(snippets).to contain_exactly(
          private_personal_snippet, internal_personal_snippet, public_personal_snippet
        )
      end
+      it 'also returns internal personal snippets for admins without admin mode' do
+        snippets = described_class.new(admin, explore: true).execute
+        expect(snippets).to contain_exactly(
+          internal_personal_snippet, public_personal_snippet
+        )
+      end
    end
    context 'when the user cannot read cross project' do
@@ -302,7 +322,7 @@ RSpec.describe SnippetsFinder do
      end
    end
-    context 'no sort param is provided' do
+    context 'no sort param is provided', :enable_admin_mode do
      it 'returns snippets sorted by id' do
        snippets = described_class.new(admin).execute
@@ -310,7 +330,7 @@ RSpec.describe SnippetsFinder do
      end
    end
-    context 'sort param is provided' do
+    context 'sort param is provided', :enable_admin_mode do
      it 'returns snippets sorted by sort param' do
        snippets = described_class.new(admin, sort: 'updated_desc').execute

--- a/spec/finders/users_finder_spec.rb
+++ b/spec/finders/users_finder_spec.rb
@@ -90,7 +90,7 @@ RSpec.describe UsersFinder do
      end
    end
-    context 'with an admin user' do
+    context 'with an admin user', :enable_admin_mode do
      let(:admin) { create(:admin) }
      it 'filters by external users' do

--- a/spec/serializers/build_details_entity_spec.rb
+++ b/spec/serializers/build_details_entity_spec.rb
@@ -5,14 +5,13 @@ require 'spec_helper'
 RSpec.describe BuildDetailsEntity do
  include ProjectForksHelper
-  let_it_be(:user) { create(:admin) }
  it 'inherits from JobEntity' do
    expect(described_class).to be < JobEntity
  end
  describe '#as_json' do
    let(:project) { create(:project, :repository) }
+    let(:user) { project.owner }
    let(:pipeline) { create(:ci_pipeline, project: project) }
    let(:build) { create(:ci_build, :failed, pipeline: pipeline) }
    let(:request) { double('request', project: project) }
@@ -66,6 +65,7 @@ RSpec.describe BuildDetailsEntity do
        before do
          allow(build).to receive(:merge_request).and_return(merge_request)
+          forked_project.add_developer(user)
        end
        let(:merge_request) do
@@ -186,7 +186,7 @@ RSpec.describe BuildDetailsEntity do
    end
    context 'when the build has expired artifacts' do
-      let!(:build) { create(:ci_build, :artifacts, artifacts_expire_at: 7.days.ago) }
+      let!(:build) { create(:ci_build, :artifacts, pipeline: pipeline, artifacts_expire_at: 7.days.ago) }
      context 'when pipeline is unlocked' do
        before do
@@ -218,7 +218,7 @@ RSpec.describe BuildDetailsEntity do
    end
    context 'when the build has archive type artifacts' do
-      let!(:build) { create(:ci_build, :artifacts, artifacts_expire_at: 7.days.from_now) }
+      let!(:build) { create(:ci_build, :artifacts, pipeline: pipeline, artifacts_expire_at: 7.days.from_now) }
      let!(:report) { create(:ci_job_artifact, :codequality, job: build) }
      it 'exposes artifact details' do

--- a/spec/serializers/deploy_key_entity_spec.rb
+++ b/spec/serializers/deploy_key_entity_spec.rb
@@ -52,7 +52,13 @@ RSpec.describe DeployKeyEntity do
  context 'user is an admin' do
    let(:user) { create(:user, :admin) }
-    it { expect(entity.as_json).to include(can_edit: true) }
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it { expect(entity.as_json).to include(can_edit: true) }
+    end
+    context 'when admin mode is disabled' do
+      it { expect(entity.as_json).not_to include(can_edit: true) }
+    end
  end
  context 'user is a project maintainer' do

--- a/spec/serializers/runner_entity_spec.rb
+++ b/spec/serializers/runner_entity_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe RunnerEntity do
  let(:runner) { create(:ci_runner, :project, projects: [project]) }
  let(:entity) { described_class.new(runner, request: request, current_user: user) }
  let(:request) { double('request') }
-  let(:user) { create(:admin) }
+  let(:user) { project.owner }
  before do
    allow(request).to receive(:current_user).and_return(user)

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -272,38 +272,6 @@ RSpec.configure do |config|
    Sidekiq::Worker.clear_all
-    # Temporary patch to force admin mode to be active by default in tests when
-    # using the feature flag :user_mode_in_session, since this will require
-    # modifying a significant number of specs to test both states for admin
-    # mode enabled / disabled.
-    #
-    # This will only be applied to specs below dirs in `admin_mode_mock_dirs`
-    #
-    # See ongoing migration: https://gitlab.com/gitlab-org/gitlab/-/issues/31511
-    #
-    # Until the migration is finished, if it is required to have the real
-    # behaviour in any of the mocked dirs specs that an admin is signed in
-    # with normal user mode and needs to switch to admin mode, it is possible to
-    # mark such tests with the `do_not_mock_admin_mode` metadata tag, e.g:
-    #
-    # context 'some test in mocked dir', :do_not_mock_admin_mode do ... end
-    admin_mode_mock_dirs = %w(
-      ./ee/spec/elastic_integration
-      ./ee/spec/finders
-      ./ee/spec/serializers
-      ./ee/spec/support/shared_examples/finders/geo
-      ./ee/spec/support/shared_examples/graphql/geo
-      ./spec/finders
-      ./spec/serializers
-      ./spec/workers
-    )
-    if !example.metadata[:do_not_mock_admin_mode] && example.metadata[:file_path].start_with?(*admin_mode_mock_dirs)
-      allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|
-        current_user_mode.send(:user)&.admin?
-      end
-    end
    # Administrators have to re-authenticate in order to access administrative
    # functionality when feature flag :user_mode_in_session is active. Any spec
    # that requires administrative access can use the tag :enable_admin_mode
@@ -311,6 +279,10 @@ RSpec.configure do |config|
    #
    # context 'some test that requires admin mode', :enable_admin_mode do ... end
    #
+    # Some specs do get admin mode enabled automatically (e.g. `spec/controllers/admin`).
+    # In this case, specs that need to test both admin mode states can use the
+    # :do_not_mock_admin_mode tag to disable auto admin mode.
+    #
    # See also spec/support/helpers/admin_mode_helpers.rb
    if example.metadata[:enable_admin_mode] && !example.metadata[:do_not_mock_admin_mode]
      allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|

--- a/spec/workers/group_destroy_worker_spec.rb
+++ b/spec/workers/group_destroy_worker_spec.rb
@@ -4,8 +4,12 @@ require 'spec_helper'
 RSpec.describe GroupDestroyWorker do
  let(:group) { create(:group) }
-  let(:user) { create(:admin) }
  let!(:project) { create(:project, namespace: group) }
+  let(:user) { create(:user) }
+  before do
+    group.add_owner(user)
+  end
  subject { described_class.new }