Automatic merge of gitlab-org/gitlab master

app/assets/javascripts/diffs/store/actions.js

@@ -114,7 +114,8 @@ export const fetchDiffFilesBatch = ({ commit, state, dispatch }) => {
         }
 
         if (
-          (diffsGradualLoad && totalLoaded === pagination.total_pages) ||
+          (diffsGradualLoad &&
+            (totalLoaded === pagination.total_pages || pagination.total_pages === null)) ||
           (!diffsGradualLoad && !pagination.next_page)
         ) {
           commit(types.SET_RETRIEVING_BATCHES, false);

changelogs/unreleased/chore-disable-admin-mode-in-requests-views.yml

+---
+title: Disable auto admin mode on requests and views specs
+merge_request: 48700
+author: Diego Louzán
+type: other

doc/api/graphql/reference/gitlab_schema.graphql

@@ -3290,6 +3290,11 @@ type ComplianceFrameworkEdge {
   node: ComplianceFramework
 }
 
+"""
+Identifier of ComplianceManagement::Framework
+"""
+scalar ComplianceManagementFrameworkID
+
 """
 Autogenerated input type of ConfigureSast
 """
@@ -6545,6 +6550,36 @@ type DestroyBoardPayload {
   errors: [String!]!
 }
 
+"""
+Autogenerated input type of DestroyComplianceFramework
+"""
+input DestroyComplianceFrameworkInput {
+  """
+  A unique identifier for the client performing the mutation.
+  """
+  clientMutationId: String
+
+  """
+  The global ID of the compliance framework to destroy
+  """
+  id: ComplianceManagementFrameworkID!
+}
+
+"""
+Autogenerated return type of DestroyComplianceFramework
+"""
+type DestroyComplianceFrameworkPayload {
+  """
+  A unique identifier for the client performing the mutation.
+  """
+  clientMutationId: String
+
+  """
+  Errors encountered during execution of the mutation.
+  """
+  errors: [String!]!
+}
+
 """
 Autogenerated input type of DestroyContainerRepository
 """
@@ -14247,6 +14282,7 @@ type Mutation {
   designManagementUpload(input: DesignManagementUploadInput!): DesignManagementUploadPayload
   destroyBoard(input: DestroyBoardInput!): DestroyBoardPayload
   destroyBoardList(input: DestroyBoardListInput!): DestroyBoardListPayload
+  destroyComplianceFramework(input: DestroyComplianceFrameworkInput!): DestroyComplianceFrameworkPayload
   destroyContainerRepository(input: DestroyContainerRepositoryInput!): DestroyContainerRepositoryPayload
   destroyNote(input: DestroyNoteInput!): DestroyNotePayload
   destroySnippet(input: DestroySnippetInput!): DestroySnippetPayload

doc/api/graphql/reference/gitlab_schema.json

@@ -9045,6 +9045,16 @@
           "enumValues": null,
           "possibleTypes": null
         },
+        {
+          "kind": "SCALAR",
+          "name": "ComplianceManagementFrameworkID",
+          "description": "Identifier of ComplianceManagement::Framework",
+          "fields": null,
+          "inputFields": null,
+          "interfaces": null,
+          "enumValues": null,
+          "possibleTypes": null
+        },
         {
           "kind": "INPUT_OBJECT",
           "name": "ConfigureSastInput",
@@ -18130,6 +18140,94 @@
           "enumValues": null,
           "possibleTypes": null
         },
+        {
+          "kind": "INPUT_OBJECT",
+          "name": "DestroyComplianceFrameworkInput",
+          "description": "Autogenerated input type of DestroyComplianceFramework",
+          "fields": null,
+          "inputFields": [
+            {
+              "name": "id",
+              "description": "The global ID of the compliance framework to destroy",
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "SCALAR",
+                  "name": "ComplianceManagementFrameworkID",
+                  "ofType": null
+                }
+              },
+              "defaultValue": null
+            },
+            {
+              "name": "clientMutationId",
+              "description": "A unique identifier for the client performing the mutation.",
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "defaultValue": null
+            }
+          ],
+          "interfaces": null,
+          "enumValues": null,
+          "possibleTypes": null
+        },
+        {
+          "kind": "OBJECT",
+          "name": "DestroyComplianceFrameworkPayload",
+          "description": "Autogenerated return type of DestroyComplianceFramework",
+          "fields": [
+            {
+              "name": "clientMutationId",
+              "description": "A unique identifier for the client performing the mutation.",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
+              "name": "errors",
+              "description": "Errors encountered during execution of the mutation.",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "LIST",
+                  "name": null,
+                  "ofType": {
+                    "kind": "NON_NULL",
+                    "name": null,
+                    "ofType": {
+                      "kind": "SCALAR",
+                      "name": "String",
+                      "ofType": null
+                    }
+                  }
+                }
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            }
+          ],
+          "inputFields": null,
+          "interfaces": [
+
+          ],
+          "enumValues": null,
+          "possibleTypes": null
+        },
         {
           "kind": "INPUT_OBJECT",
           "name": "DestroyContainerRepositoryInput",
@@ -40589,6 +40687,33 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "destroyComplianceFramework",
+              "description": null,
+              "args": [
+                {
+                  "name": "input",
+                  "description": null,
+                  "type": {
+                    "kind": "NON_NULL",
+                    "name": null,
+                    "ofType": {
+                      "kind": "INPUT_OBJECT",
+                      "name": "DestroyComplianceFrameworkInput",
+                      "ofType": null
+                    }
+                  },
+                  "defaultValue": null
+                }
+              ],
+              "type": {
+                "kind": "OBJECT",
+                "name": "DestroyComplianceFrameworkPayload",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "destroyContainerRepository",
               "description": null,

doc/api/graphql/reference/index.md

@@ -1099,6 +1099,15 @@ Autogenerated return type of DestroyBoard.
 | `clientMutationId` | String | A unique identifier for the client performing the mutation. |
 | `errors` | String! => Array | Errors encountered during execution of the mutation. |
 
+### DestroyComplianceFrameworkPayload
+
+Autogenerated return type of DestroyComplianceFramework.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `clientMutationId` | String | A unique identifier for the client performing the mutation. |
+| `errors` | String! => Array | Errors encountered during execution of the mutation. |
+
 ### DestroyContainerRepositoryPayload
 
 Autogenerated return type of DestroyContainerRepository.

ee/app/assets/javascripts/oncall_schedules/components/delete_schedule_modal.vue

@@ -47,14 +47,17 @@ export default {
   },
   methods: {
     deleteSchedule() {
-      const { projectPath } = this;
+      const {
+        projectPath,
+        schedule: { iid },
+      } = this;
 
       this.loading = true;
       this.$apollo
         .mutate({
           mutation: destroyOncallScheduleMutation,
           variables: {
-            id: this.schedule.id,
+            iid,
             projectPath,
           },
           update(store, { data }) {
@@ -87,6 +90,7 @@ export default {
     ref="deleteScheduleModal"
     modal-id="deleteScheduleModal"
     size="sm"
+    :data-testid="`delete-schedule-modal-${schedule.iid}`"
     :title="$options.i18n.deleteSchedule"
     :action-primary="primaryProps"
     :action-cancel="cancelProps"

ee/app/assets/javascripts/oncall_schedules/graphql/mutations/destroy_oncall_schedule.mutation.graphql

-mutation oncallScheduleDestroy($oncallScheduleDestroyInput: OncallScheduleDestroyInput!) {
-  oncallScheduleDestroy(input: $oncallScheduleDestroyInput) {
+mutation oncallScheduleDestroy($iid: String!, $projectPath: ID!) {
+  oncallScheduleDestroy(input: { iid: $iid, projectPath: $projectPath }) {
     errors
     oncallSchedule {
       iid

ee/app/graphql/ee/types/mutation_type.rb

@@ -10,6 +10,7 @@ module EE
         mount_mutation ::Mutations::Clusters::Agents::Delete
         mount_mutation ::Mutations::Clusters::AgentTokens::Create
         mount_mutation ::Mutations::Clusters::AgentTokens::Delete
+        mount_mutation ::Mutations::ComplianceManagement::Frameworks::Destroy
         mount_mutation ::Mutations::Issues::SetIteration
         mount_mutation ::Mutations::Issues::SetWeight
         mount_mutation ::Mutations::Issues::SetEpic

ee/app/graphql/mutations/compliance_management/frameworks/destroy.rb

+# frozen_string_literal: true
+
+module Mutations
+  module ComplianceManagement
+    module Frameworks
+      class Destroy < ::Mutations::BaseMutation
+        graphql_name 'DestroyComplianceFramework'
+
+        authorize :manage_compliance_framework
+
+        argument :id,
+                 ::Types::GlobalIDType[::ComplianceManagement::Framework],
+                 required: true,
+                 description: 'The global ID of the compliance framework to destroy'
+
+        def resolve(id:)
+          framework = authorized_find!(id: id)
+          result = ::ComplianceManagement::Frameworks::DestroyService.new(framework: framework, current_user: current_user).execute
+
+          { errors: result.success? ? [] : Array.wrap(result.message) }
+        end
+
+        private
+
+        def find_object(id:)
+          GitlabSchema.object_from_id(id, expected_type: ::ComplianceManagement::Framework)
+        end
+      end
+    end
+  end
+end

ee/app/policies/compliance_management/framework_policy.rb

@@ -5,7 +5,7 @@ module ComplianceManagement
     delegate { @subject.namespace }
 
     condition(:custom_compliance_frameworks_enabled) do
-      License.feature_available?(:custom_compliance_frameworks)
+      License.feature_available?(:custom_compliance_frameworks) && Feature.enabled?(:ff_custom_compliance_frameworks)
     end
 
     rule { can?(:owner_access) & custom_compliance_frameworks_enabled }.policy do

ee/changelogs/unreleased/255340-graphql-delete-compliance-frameworks.yml

+---
+title: Add GraphQL mutation to destroy compliance framework
+merge_request: 48912
+author:
+type: added

ee/spec/frontend/oncall_schedule/__snapshots__/delete_schedule_modal_spec.js.snap

@@ -4,6 +4,7 @@ exports[`DeleteScheduleModal renders delete schedule modal layout 1`] = `
 <gl-modal-stub
   actioncancel="[object Object]"
   actionprimary="[object Object]"
+  data-testid="delete-schedule-modal-37"
   modalclass=""
   modalid="deleteScheduleModal"
   size="sm"

ee/spec/frontend/oncall_schedule/delete_schedule_modal_spec.js

-/* eslint-disable no-unused-vars */
 import { shallowMount, createLocalVue } from '@vue/test-utils';
 import createMockApollo from 'jest/helpers/mock_apollo_helper';
 import { GlModal, GlAlert, GlSprintf } from '@gitlab/ui';
 import VueApollo from 'vue-apollo';
 import waitForPromises from 'helpers/wait_for_promises';
+import getOncallSchedulesQuery from 'ee/oncall_schedules/graphql/queries/get_oncall_schedules.query.graphql';
 import destroyOncallScheduleMutation from 'ee/oncall_schedules/graphql/mutations/destroy_oncall_schedule.mutation.graphql';
 import DeleteScheduleModal, {
   i18n,
 } from 'ee/oncall_schedules/components/delete_schedule_modal.vue';
-import { getOncallSchedulesQueryResponse, destroyScheduleResponse } from './mocks/apollo_mock';
+import {
+  getOncallSchedulesQueryResponse,
+  destroyScheduleResponse,
+  destroyScheduleResponseWithErrors,
+} from './mocks/apollo_mock';
 
 const localVue = createLocalVue();
 const projectPath = 'group/project';
 const mutate = jest.fn();
 const mockHideModal = jest.fn();
+const schedule =
+  getOncallSchedulesQueryResponse.data.project.incidentManagementOncallSchedules.nodes[0];
 
 localVue.use(VueApollo);
 
@@ -29,14 +35,14 @@ describe('DeleteScheduleModal', () => {
   async function awaitApolloDomMock() {
     await wrapper.vm.$nextTick(); // kick off the DOM update
     await jest.runOnlyPendingTimers(); // kick off the mocked GQL stuff (promises)
-    await wrapper.vm.$nextTick(); // kick off the DOM update for flash
+    await wrapper.vm.$nextTick(); // kick off the DOM update
   }
 
   async function destroySchedule(localWrapper) {
     await jest.runOnlyPendingTimers();
     await localWrapper.vm.$nextTick();
 
-    localWrapper.vm.$emit('primary');
+    localWrapper.find(GlModal).vm.$emit('primary', { preventDefault: jest.fn() });
   }
 
   const createComponent = ({ data = {}, props = {} } = {}) => {
@@ -47,8 +53,7 @@ describe('DeleteScheduleModal', () => {
         };
       },
       propsData: {
-        schedule:
-          getOncallSchedulesQueryResponse.data.project.incidentManagementOncallSchedules.nodes[0],
+        schedule,
         ...props,
       },
       provide: {
@@ -70,13 +75,27 @@ describe('DeleteScheduleModal', () => {
     localVue.use(VueApollo);
     destroyScheduleHandler = destroyHandler;
 
-    const requestHandlers = [[destroyOncallScheduleMutation, destroyScheduleHandler]];
+    const requestHandlers = [
+      [getOncallSchedulesQuery, jest.fn().mockResolvedValue(getOncallSchedulesQueryResponse)],
+      [destroyOncallScheduleMutation, destroyScheduleHandler],
+    ];
 
     fakeApollo = createMockApollo(requestHandlers);
 
+    fakeApollo.clients.defaultClient.cache.writeQuery({
+      query: getOncallSchedulesQuery,
+      variables: {
+        projectPath: 'group/project',
+      },
+      data: getOncallSchedulesQueryResponse.data,
+    });
+
     wrapper = shallowMount(DeleteScheduleModal, {
       localVue,
       apolloProvider: fakeApollo,
+      propsData: {
+        schedule,
+      },
       provide: {
         projectPath,
       },
@@ -109,8 +128,7 @@ describe('DeleteScheduleModal', () => {
       expect(mutate).toHaveBeenCalledWith({
         mutation: expect.any(Object),
         update: expect.anything(),
-        // TODO: Once the BE is complete for the mutation update this spec to use the correct params
-        variables: expect.anything(),
+        variables: { iid: '37', projectPath },
       });
     });
 
@@ -134,6 +152,34 @@ describe('DeleteScheduleModal', () => {
   });
 
   describe('with mocked Apollo client', () => {
-    // TODO: Once the BE is complete for the mutation add specs here for that via a destroyHandler
+    it('has the name of the schedule to delete based on getOncallSchedulesQuery', async () => {
+      createComponentWithApollo();
+
+      await jest.runOnlyPendingTimers();
+      await wrapper.vm.$nextTick();
+
+      expect(findModal().attributes('data-testid')).toBe(`delete-schedule-modal-${schedule.iid}`);
+    });
+
+    it('calls a mutation with correct parameters and destroys a schedule', async () => {
+      createComponentWithApollo();
+
+      await destroySchedule(wrapper);
+
+      expect(destroyScheduleHandler).toHaveBeenCalled();
+    });
+
+    it('displays alert if mutation had a recoverable error', async () => {
+      createComponentWithApollo({
+        destroyHandler: jest.fn().mockResolvedValue(destroyScheduleResponseWithErrors),
+      });
+
+      await destroySchedule(wrapper);
+      await awaitApolloDomMock();
+
+      const alert = findAlert();
+      expect(alert.exists()).toBe(true);
+      expect(alert.text()).toContain('Houston, we have a problem');
+    });
   });
 });

ee/spec/frontend/oncall_schedule/mocks/apollo_mock.js

@@ -22,6 +22,7 @@ export const getOncallSchedulesQueryResponse = {
       incidentManagementOncallSchedules: {
         nodes: [
           {
+            __typename: 'IncidentManagementOncallSchedule',
             iid: '37',
             name: 'Test schedule',
             description: 'Description 1 lives here',
@@ -35,18 +36,12 @@ export const getOncallSchedulesQueryResponse = {
   },
 };
 
-export const scheduleToDestroy = {
-  iid: '37',
-  name: 'Test schedule',
-  description: 'Description 1 lives here',
-  timezone: 'Pacific/Honolulu',
-};
-
 export const destroyScheduleResponse = {
   data: {
     oncallScheduleDestroy: {
       errors: [],
       oncallSchedule: {
+        __typename: 'IncidentManagementOncallSchedule',
         iid: '37',
         name: 'Test schedule',
         description: 'Description 1 lives here',
@@ -61,6 +56,7 @@ export const destroyScheduleResponseWithErrors = {
     oncallScheduleDestroy: {
       errors: ['Houston, we have a problem'],
       oncallSchedule: {
+        __typename: 'IncidentManagementOncallSchedule',
         iid: '37',
         name: 'Test schedule',
         description: 'Description 1 lives here',
@@ -75,6 +71,7 @@ export const updateScheduleResponse = {
     oncallScheduleDestroy: {
       errors: [],
       oncallSchedule: {
+        __typename: 'IncidentManagementOncallSchedule',
         iid: '37',
         name: 'Test schedule 2',
         description: 'Description 2 lives here',

ee/spec/graphql/mutations/compliance_management/frameworks/destroy_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Mutations::ComplianceManagement::Frameworks::Destroy do
+  include GraphqlHelpers
+
+  let_it_be(:framework) { create(:compliance_framework) }
+  let(:user) { framework.namespace.owner }
+  let(:mutation) { described_class.new(object: nil, context: { current_user: user }, field: nil) }
+
+  subject { mutation.resolve(id: global_id_of(framework)) }
+
+  shared_examples 'a compliance framework that cannot be found' do
+    it 'raises an error' do
+      expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+    end
+  end
+
+  shared_examples 'one compliance framework was destroyed' do
+    it 'destroys a compliance framework' do
+      expect { subject }.to change { ComplianceManagement::Framework.count }.by(-1)
+    end
+
+    it 'expects zero errors in the response' do
+      expect(subject[:errors]).to be_empty
+    end
+  end
+
+  context 'feature is unlicensed' do
+    before do
+      stub_licensed_features(custom_compliance_frameworks: false)
+    end
+
+    it_behaves_like 'a compliance framework that cannot be found'
+  end
+
+  context 'feature is disabled but is licensed' do
+    before do
+      stub_feature_flags(ff_custom_compliance_frameworks: false)
+      stub_licensed_features(custom_compliance_frameworks: true)
+    end
+
+    it_behaves_like 'a compliance framework that cannot be found'
+  end
+
+  context 'feature is enabled and licensed' do
+    before do
+      stub_licensed_features(custom_compliance_frameworks: true)
+      stub_feature_flags(ff_custom_compliance_frameworks: true)
+    end
+
+    context 'current_user is namespace owner' do
+      it_behaves_like 'one compliance framework was destroyed'
+    end
+
+    context 'current_user is group owner' do
+      let_it_be(:group) { create(:group) }
+      let_it_be(:user) { create(:user) }
+      let_it_be(:framework) { create(:compliance_framework, namespace: group)}
+
+      before do
+        group.add_owner(user)
+      end
+
+      it_behaves_like 'one compliance framework was destroyed'
+    end
+  end
+end

ee/spec/policies/compliance_management/framework_policy_spec.rb

@@ -49,4 +49,12 @@ RSpec.describe ComplianceManagement::FrameworkPolicy do
 
     it { is_expected.to be_disallowed(:manage_compliance_framework) }
   end
+
+  context 'feature is disabled' do
+    before do
+      stub_feature_flags(ff_custom_compliance_framework: false)
+    end
+
+    it { is_expected.to be_disallowed(:manage_compliance_framework) }
+  end
 end

ee/spec/requests/admin/audit_events_spec.rb

@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe 'view audit events' do
+  include AdminModeHelper
+
   describe 'GET /audit_events' do
     let_it_be(:admin) { create(:admin) }
     let_it_be(:audit_event) { create(:user_audit_event) }
@@ -13,23 +15,37 @@ RSpec.describe 'view audit events' do
       login_as(admin)
     end
 
-    it 'returns 200 response' do
-      send_request
+    context 'when admin mode is enabled' do
+      before do
+        enable_admin_mode!(admin)
+      end
 
-      expect(response).to have_gitlab_http_status(:ok)
-    end
+      it 'returns 200 response' do
+        send_request
+
+        expect(response).to have_gitlab_http_status(:ok)
+      end
 
-    it 'avoids N+1 DB queries', :request_store do
-      # warm up cache so these initial queries would not leak in our QueryRecorder
-      send_request
+      it 'avoids N+1 DB queries', :request_store do
+        # warm up cache so these initial queries would not leak in our QueryRecorder
+        send_request
+
+        control = ActiveRecord::QueryRecorder.new(skip_cached: false) { send_request }
 
-      control = ActiveRecord::QueryRecorder.new(skip_cached: false) { send_request }
+        create_list(:user_audit_event, 2)
 
-      create_list(:user_audit_event, 2)
+        expect do
+          send_request
+        end.not_to exceed_all_query_limit(control)
+      end
+    end
 
-      expect do
+    context 'when admin mode is disabled' do
+      it 'redirects to admin mode enable' do
         send_request
-      end.not_to exceed_all_query_limit(control)
+
+        expect(response).to redirect_to(new_admin_session_path)
+      end
     end
 
     def send_request

ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/destroy_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Delete a compliance framework' do
+  include GraphqlHelpers
+
+  let_it_be(:framework) { create(:compliance_framework) }
+  let(:mutation) { graphql_mutation(:destroy_compliance_framework, { id: global_id_of(framework) }) }
+
+  subject { post_graphql_mutation(mutation, current_user: current_user) }
+
+  def mutation_response
+    graphql_mutation_response(:destroy_compliance_framework)
+  end
+
+  context 'feature is unlicensed' do
+    let_it_be(:current_user) { framework.namespace.owner }
+
+    before do
+      stub_licensed_features(custom_compliance_frameworks: false)
+      stub_feature_flags(ff_custom_compliance_frameworks: true)
+    end
+
+    it 'does not destroy a compliance framework' do
+      expect { subject }.not_to change { ComplianceManagement::Framework.count }
+    end
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                    errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
+  end
+
+  context 'when licensed and enabled' do
+    before do
+      stub_licensed_features(custom_compliance_frameworks: true)
+      stub_feature_flags(ff_custom_compliance_frameworks: true)
+    end
+
+    context 'current_user is namespace owner' do
+      let_it_be(:current_user) { framework.namespace.owner }
+
+      it 'has no errors' do
+        subject
+
+        expect(mutation_response['errors']).to be_empty
+      end
+
+      it 'destroys a compliance framework' do
+        expect { subject }.to change { ComplianceManagement::Framework.count }.by(-1)
+      end
+    end
+
+    context 'current_user is not namespace owner' do
+      let_it_be(:current_user) { create(:user) }
+
+      it 'does not destroy a compliance framework' do
+        expect { subject }.not_to change { ComplianceManagement::Framework.count }
+      end
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
+    end
+  end
+end

spec/frontend/fixtures/abuse_reports.rb

@@ -4,6 +4,7 @@ require 'spec_helper'
 
 RSpec.describe Admin::AbuseReportsController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
+  include AdminModeHelper
 
   let(:admin) { create(:admin) }
   let!(:abuse_report) { create(:abuse_report) }
@@ -18,6 +19,7 @@ RSpec.describe Admin::AbuseReportsController, '(JavaScript fixtures)', type: :co
 
   before do
     sign_in(admin)
+    enable_admin_mode!(admin)
   end
 
   it 'abuse_reports/abuse_reports_list.html' do

spec/frontend/fixtures/admin_users.rb

@@ -5,12 +5,14 @@ require 'spec_helper'
 RSpec.describe Admin::UsersController, '(JavaScript fixtures)', type: :controller do
   include StubENV
   include JavaScriptFixturesHelpers
+  include AdminModeHelper
 
   let(:admin) { create(:admin) }
 
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     sign_in(admin)
+    enable_admin_mode!(admin)
   end
 
   render_views

spec/frontend/fixtures/application_settings.rb

@@ -5,6 +5,7 @@ require 'spec_helper'
 RSpec.describe Admin::ApplicationSettingsController, '(JavaScript fixtures)', type: :controller do
   include StubENV
   include JavaScriptFixturesHelpers
+  include AdminModeHelper
 
   let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
@@ -13,6 +14,7 @@ RSpec.describe Admin::ApplicationSettingsController, '(JavaScript fixtures)', ty
   before do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     sign_in(admin)
+    enable_admin_mode!(admin)
   end
 
   render_views

spec/frontend/fixtures/autocomplete_sources.rb

@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe Projects::AutocompleteSourcesController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let_it_be(:admin) { create(:admin) }
+  let_it_be(:user) { create(:user) }
   let_it_be(:group) { create(:group, name: 'frontend-fixtures') }
   let_it_be(:project) { create(:project, namespace: group, path: 'autocomplete-sources-project') }
   let_it_be(:issue) { create(:issue, project: project) }
@@ -15,7 +15,8 @@ RSpec.describe Projects::AutocompleteSourcesController, '(JavaScript fixtures)',
   end
 
   before do
-    sign_in(admin)
+    group.add_owner(user)
+    sign_in(user)
   end
 
   it 'autocomplete_sources/labels.json' do

spec/frontend/fixtures/blob.rb

@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::BlobController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :repository, namespace: namespace, path: 'branches-project') }
+  let(:user) { project.owner }
 
   render_views
 
@@ -16,7 +16,7 @@ RSpec.describe Projects::BlobController, '(JavaScript fixtures)', type: :control
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
     allow(SecureRandom).to receive(:hex).and_return('securerandomhex:thereisnospoon')
   end
 

spec/frontend/fixtures/branches.rb

@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe 'Branches (JavaScript fixtures)' do
   include JavaScriptFixturesHelpers
 
-  let_it_be(:admin) { create(:admin) }
   let_it_be(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let_it_be(:project) { create(:project, :repository, namespace: namespace, path: 'branches-project') }
+  let_it_be(:user) { project.owner }
 
   before(:all) do
     clean_frontend_fixtures('branches/')
@@ -22,7 +22,7 @@ RSpec.describe 'Branches (JavaScript fixtures)' do
     render_views
 
     before do
-      sign_in(admin)
+      sign_in(user)
     end
 
     it 'branches/new_branch.html' do
@@ -44,7 +44,7 @@ RSpec.describe 'Branches (JavaScript fixtures)' do
       # - "master": default, protected
       # - "markdown": non-default, protected
       # - "many_files": non-default, not protected
-      get api("/projects/#{project.id}/repository/branches?search=ma", admin)
+      get api("/projects/#{project.id}/repository/branches?search=ma", user)
 
       expect(response).to be_successful
     end

spec/frontend/fixtures/clusters.rb

@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Projects::ClustersController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :repository, namespace: namespace) }
   let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
+  let(:user) { project.owner }
 
   render_views
 
@@ -17,7 +17,7 @@ RSpec.describe Projects::ClustersController, '(JavaScript fixtures)', type: :con
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
   end
 
   after do

spec/frontend/fixtures/commit.rb

@@ -6,14 +6,12 @@ RSpec.describe 'Commit (JavaScript fixtures)' do
   include JavaScriptFixturesHelpers
 
   let_it_be(:project) { create(:project, :repository) }
-  let_it_be(:user)    { create(:user) }
+  let_it_be(:user)    { project.owner }
   let_it_be(:commit)  { project.commit("master") }
 
   before(:all) do
     clean_frontend_fixtures('commit/')
     clean_frontend_fixtures('api/commits/')
-
-    project.add_maintainer(user)
   end
 
   before do

spec/frontend/fixtures/deploy_keys.rb

@@ -4,6 +4,7 @@ require 'spec_helper'
 
 RSpec.describe Projects::DeployKeysController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
+  include AdminModeHelper
 
   let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
@@ -17,7 +18,10 @@ RSpec.describe Projects::DeployKeysController, '(JavaScript fixtures)', type: :c
   end
 
   before do
+    # Using an admin for these fixtures because they are used for verifying a frontend
+    # component that would normally get its data from `Admin::DeployKeysController`
     sign_in(admin)
+    enable_admin_mode!(admin)
   end
 
   after do

spec/frontend/fixtures/freeze_period.rb

@@ -6,8 +6,8 @@ RSpec.describe 'Freeze Periods (JavaScript fixtures)' do
   include JavaScriptFixturesHelpers
   include TimeZoneHelper
 
-  let_it_be(:admin) { create(:admin) }
   let_it_be(:project) { create(:project, :repository, path: 'freeze-periods-project') }
+  let_it_be(:user) { project.owner }
 
   before(:all) do
     clean_frontend_fixtures('api/freeze-periods/')
@@ -34,7 +34,7 @@ RSpec.describe 'Freeze Periods (JavaScript fixtures)' do
       create(:ci_freeze_period, project: project, freeze_start: '0 12 * * 1-5', freeze_end: '0 1 5 * *', cron_timezone: 'Etc/UTC')
       create(:ci_freeze_period, project: project, freeze_start: '0 12 * * 1-5', freeze_end: '0 16 * * 6', cron_timezone: 'Europe/Berlin')
 
-      get api("/projects/#{project.id}/freeze_periods", admin)
+      get api("/projects/#{project.id}/freeze_periods", user)
 
       expect(response).to be_successful
     end

spec/frontend/fixtures/groups.rb

@@ -5,20 +5,20 @@ require 'spec_helper'
 RSpec.describe 'Groups (JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
+  let(:user) { create(:user) }
   let(:group) { create(:group, name: 'frontend-fixtures-group', runners_token: 'runnerstoken:intabulasreferre')}
 
-  render_views
-
   before(:all) do
     clean_frontend_fixtures('groups/')
   end
 
   before do
-    group.add_maintainer(admin)
-    sign_in(admin)
+    group.add_owner(user)
+    sign_in(user)
   end
 
+  render_views
+
   describe GroupsController, '(JavaScript fixtures)', type: :controller do
     it 'groups/edit.html' do
       get :edit, params: { id: group }

spec/frontend/fixtures/issues.rb

@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe Projects::IssuesController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin, feed_token: 'feedtoken:coldfeed') }
+  let(:user) { create(:user, feed_token: 'feedtoken:coldfeed') }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project_empty_repo, namespace: namespace, path: 'issues-project') }
 
@@ -16,7 +16,8 @@ RSpec.describe Projects::IssuesController, '(JavaScript fixtures)', type: :contr
   end
 
   before do
-    sign_in(admin)
+    project.add_maintainer(user)
+    sign_in(user)
   end
 
   after do

spec/frontend/fixtures/jobs.rb

@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::JobsController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :repository, namespace: namespace, path: 'builds-project') }
+  let(:user) { project.owner }
   let(:pipeline) { create(:ci_empty_pipeline, project: project, sha: project.commit.id) }
   let!(:build_with_artifacts) { create(:ci_build, :success, :artifacts, :trace_artifact, pipeline: pipeline, stage: 'test', artifacts_expire_at: Time.now + 18.months) }
   let!(:failed_build) { create(:ci_build, :failed, pipeline: pipeline, stage: 'build') }
@@ -26,7 +26,7 @@ RSpec.describe Projects::JobsController, '(JavaScript fixtures)', type: :control
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
   end
 
   after do

spec/frontend/fixtures/labels.rb

@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe 'Labels (JavaScript fixtures)' do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
+  let(:user) { create(:user) }
   let(:group) { create(:group, name: 'frontend-fixtures-group' )}
   let(:project) { create(:project_empty_repo, namespace: group, path: 'labels-project') }
 
@@ -29,8 +29,6 @@ RSpec.describe 'Labels (JavaScript fixtures)' do
     include JavaScriptFixturesHelpers
     include ApiHelpers
 
-    let(:user) { create(:user) }
-
     before do
       group.add_owner(user)
     end
@@ -46,7 +44,8 @@ RSpec.describe 'Labels (JavaScript fixtures)' do
     render_views
 
     before do
-      sign_in(admin)
+      group.add_owner(user)
+      sign_in(user)
     end
 
     it 'labels/project_labels.json' do

spec/frontend/fixtures/merge_requests.rb

@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :repository, namespace: namespace, path: 'merge-requests-project') }
+  let(:user) { project.owner }
 
   # rubocop: disable Layout/TrailingWhitespace
   let(:description) do
@@ -55,7 +55,7 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
     allow(Discussion).to receive(:build_discussion_id).and_return(['discussionid:ceterumcenseo'])
   end
 
@@ -64,7 +64,7 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
   end
 
   it 'merge_requests/merge_request_of_current_user.html' do
-    merge_request.update(author: admin)
+    merge_request.update(author: user)
 
     render_merge_request(merge_request)
   end
@@ -76,19 +76,19 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
   end
 
   it 'merge_requests/diff_comment.html' do
-    create(:diff_note_on_merge_request, project: project, author: admin, position: position, noteable: merge_request)
-    create(:note_on_merge_request, author: admin, project: project, noteable: merge_request)
+    create(:diff_note_on_merge_request, project: project, author: user, position: position, noteable: merge_request)
+    create(:note_on_merge_request, author: user, project: project, noteable: merge_request)
     render_merge_request(merge_request)
   end
 
   it 'merge_requests/diff_discussion.json' do
-    create(:diff_note_on_merge_request, project: project, author: admin, position: position, noteable: merge_request)
+    create(:diff_note_on_merge_request, project: project, author: user, position: position, noteable: merge_request)
     render_discussions_json(merge_request)
   end
 
   it 'merge_requests/resolved_diff_discussion.json' do
-    note = create(:discussion_note_on_merge_request, :resolved, project: project, author: admin, position: position, noteable: merge_request)
-    create(:system_note, project: project, author: admin, noteable: merge_request, discussion_id: note.discussion.id)
+    note = create(:discussion_note_on_merge_request, :resolved, project: project, author: user, position: position, noteable: merge_request)
+    create(:system_note, project: project, author: user, noteable: merge_request, discussion_id: note.discussion.id)
 
     render_discussions_json(merge_request)
   end
@@ -111,7 +111,7 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
 
   context 'with mentions' do
     let(:group) { create(:group) }
-    let(:description) { "@#{group.full_path} @all @#{admin.username}" }
+    let(:description) { "@#{group.full_path} @all @#{user.username}" }
 
     it 'merge_requests/merge_request_with_mentions.html' do
       render_merge_request(merge_request)

spec/frontend/fixtures/merge_requests_diffs.rb

@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::MergeRequests::DiffsController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :repository, namespace: namespace, path: 'merge-requests-project') }
+  let(:user) { project.owner }
   let(:merge_request) { create(:merge_request, :with_diffs, source_project: project, target_project: project, description: '- [ ] Task List Item') }
   let(:path) { "files/ruby/popen.rb" }
   let(:position) do
@@ -25,7 +25,7 @@ RSpec.describe Projects::MergeRequests::DiffsController, '(JavaScript fixtures)'
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
   end
 
   after do

spec/frontend/fixtures/pipeline_schedules.rb

@@ -5,11 +5,11 @@ require 'spec_helper'
 RSpec.describe Projects::PipelineSchedulesController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :public, :repository) }
-  let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: admin) }
-  let!(:pipeline_schedule_populated) { create(:ci_pipeline_schedule, project: project, owner: admin) }
+  let(:user) { project.owner }
+  let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: user) }
+  let!(:pipeline_schedule_populated) { create(:ci_pipeline_schedule, project: project, owner: user) }
   let!(:pipeline_schedule_variable1) { create(:ci_pipeline_schedule_variable, key: 'foo', value: 'foovalue', pipeline_schedule: pipeline_schedule_populated) }
   let!(:pipeline_schedule_variable2) { create(:ci_pipeline_schedule_variable, key: 'bar', value: 'barvalue', pipeline_schedule: pipeline_schedule_populated) }
 
@@ -20,7 +20,7 @@ RSpec.describe Projects::PipelineSchedulesController, '(JavaScript fixtures)', t
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
   end
 
   it 'pipeline_schedules/edit.html' do

spec/frontend/fixtures/pipelines.rb

@@ -5,7 +5,6 @@ require 'spec_helper'
 RSpec.describe Projects::PipelinesController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :repository, namespace: namespace, path: 'pipelines-project') }
   let(:commit) { create(:commit, project: project) }
@@ -22,7 +21,7 @@ RSpec.describe Projects::PipelinesController, '(JavaScript fixtures)', type: :co
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
   end
 
   it 'pipelines/pipelines.json' do

spec/frontend/fixtures/projects.rb

@@ -7,11 +7,11 @@ RSpec.describe 'Projects (JavaScript fixtures)', type: :controller do
 
   runners_token = 'runnerstoken:intabulasreferre'
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, namespace: namespace, path: 'builds-project', runners_token: runners_token) }
   let(:project_with_repo) { create(:project, :repository, description: 'Code and stuff') }
   let(:project_variable_populated) { create(:project, namespace: namespace, path: 'builds-project2', runners_token: runners_token) }
+  let(:user) { project.owner }
 
   render_views
 
@@ -20,8 +20,8 @@ RSpec.describe 'Projects (JavaScript fixtures)', type: :controller do
   end
 
   before do
-    project.add_maintainer(admin)
-    sign_in(admin)
+    project_with_repo.add_maintainer(user)
+    sign_in(user)
     allow(SecureRandom).to receive(:hex).and_return('securerandomhex:thereisnospoon')
   end
 

spec/frontend/fixtures/prometheus_service.rb

@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin)     { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project)   { create(:project_empty_repo, namespace: namespace, path: 'services-project') }
   let!(:service)  { create(:prometheus_service, project: project) }
+  let(:user) { project.owner }
 
   render_views
 
@@ -17,7 +17,7 @@ RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :con
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
   end
 
   after do

spec/frontend/fixtures/search.rb

@@ -7,7 +7,7 @@ RSpec.describe SearchController, '(JavaScript fixtures)', type: :controller do
 
   render_views
 
-  let_it_be(:user) { create(:admin) }
+  let_it_be(:user) { create(:user) }
 
   before(:all) do
     clean_frontend_fixtures('search/')
@@ -66,6 +66,10 @@ RSpec.describe SearchController, '(JavaScript fixtures)', type: :controller do
      offset: 0)
     end
 
+    before do
+      project.add_developer(user)
+    end
+
     it 'search/blob_search_result.html' do
       allow_next_instance_of(SearchServicePresenter) do |search_service|
         allow(search_service).to receive(:search_objects).and_return(blobs)

spec/frontend/fixtures/services.rb

@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin)     { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project)   { create(:project_empty_repo, namespace: namespace, path: 'services-project') }
   let!(:service)  { create(:custom_issue_tracker_service, project: project) }
+  let(:user) { project.owner }
 
   render_views
 
@@ -17,7 +17,7 @@ RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :con
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
   end
 
   after do

spec/frontend/fixtures/snippet.rb

@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe SnippetsController, '(JavaScript fixtures)', type: :controller do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project, :repository, namespace: namespace, path: 'branches-project') }
-  let(:snippet) { create(:personal_snippet, :public, title: 'snippet.md', content: '# snippet', file_name: 'snippet.md', author: admin) }
+  let(:user) { project.owner }
+  let(:snippet) { create(:personal_snippet, :public, title: 'snippet.md', content: '# snippet', file_name: 'snippet.md', author: user) }
 
   render_views
 
@@ -17,7 +17,7 @@ RSpec.describe SnippetsController, '(JavaScript fixtures)', type: :controller do
   end
 
   before do
-    sign_in(admin)
+    sign_in(user)
     allow(Discussion).to receive(:build_discussion_id).and_return(['discussionid:ceterumcenseo'])
   end
 
@@ -26,7 +26,7 @@ RSpec.describe SnippetsController, '(JavaScript fixtures)', type: :controller do
   end
 
   it 'snippets/show.html' do
-    create(:discussion_note_on_project_snippet, noteable: snippet, project: project, author: admin, note: '- [ ] Task List Item')
+    create(:discussion_note_on_project_snippet, noteable: snippet, project: project, author: user, note: '- [ ] Task List Item')
 
     get(:show, params: { id: snippet.to_param })
 

spec/frontend/fixtures/tags.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 RSpec.describe 'Tags (JavaScript fixtures)' do
   include JavaScriptFixturesHelpers
 
-  let_it_be(:admin) { create(:admin) }
   let_it_be(:project) { create(:project, :repository, path: 'tags-project') }
+  let_it_be(:user) { project.owner }
 
   before(:all) do
     clean_frontend_fixtures('api/tags/')
@@ -20,7 +20,7 @@ RSpec.describe 'Tags (JavaScript fixtures)' do
     include ApiHelpers
 
     it 'api/tags/tags.json' do
-      get api("/projects/#{project.id}/repository/tags", admin)
+      get api("/projects/#{project.id}/repository/tags", user)
 
       expect(response).to be_successful
     end

spec/frontend/fixtures/todos.rb

@@ -5,13 +5,13 @@ require 'spec_helper'
 RSpec.describe 'Todos (JavaScript fixtures)' do
   include JavaScriptFixturesHelpers
 
-  let(:admin) { create(:admin) }
   let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
   let(:project) { create(:project_empty_repo, namespace: namespace, path: 'todos-project') }
+  let(:user) { project.owner }
   let(:issue_1) { create(:issue, title: 'issue_1', project: project) }
-  let!(:todo_1) { create(:todo, user: admin, project: project, target: issue_1, created_at: 5.hours.ago) }
+  let!(:todo_1) { create(:todo, user: user, project: project, target: issue_1, created_at: 5.hours.ago) }
   let(:issue_2) { create(:issue, title: 'issue_2', project: project) }
-  let!(:todo_2) { create(:todo, :done, user: admin, project: project, target: issue_2, created_at: 50.hours.ago) }
+  let!(:todo_2) { create(:todo, :done, user: user, project: project, target: issue_2, created_at: 50.hours.ago) }
 
   before(:all) do
     clean_frontend_fixtures('todos/')
@@ -25,7 +25,7 @@ RSpec.describe 'Todos (JavaScript fixtures)' do
     render_views
 
     before do
-      sign_in(admin)
+      sign_in(user)
     end
 
     it 'todos/todos.html' do
@@ -39,7 +39,7 @@ RSpec.describe 'Todos (JavaScript fixtures)' do
     render_views
 
     before do
-      sign_in(admin)
+      sign_in(user)
     end
 
     it 'todos/todos.json' do

spec/helpers/nav_helper_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe NavHelper, :do_not_mock_admin_mode do
+RSpec.describe NavHelper do
   describe '#header_links' do
     include_context 'custom session'
 

spec/requests/api/api_guard/admin_mode_middleware_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe API::APIGuard::AdminModeMiddleware, :do_not_mock_admin_mode, :request_store do
+RSpec.describe API::APIGuard::AdminModeMiddleware, :request_store do
   let(:user) { create(:admin) }
 
   it 'is loaded' do

spec/requests/api/graphql/group_query_spec.rb

@@ -4,7 +4,7 @@ require 'spec_helper'
 
 # Based on spec/requests/api/groups_spec.rb
 # Should follow closely in order to ensure all situations are covered
-RSpec.describe 'getting group information', :do_not_mock_admin_mode do
+RSpec.describe 'getting group information' do
   include GraphqlHelpers
   include UploadHelpers
 

spec/requests/api/graphql/mutations/snippets/mark_as_spam_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Mark snippet as spam', :do_not_mock_admin_mode do
+RSpec.describe 'Mark snippet as spam' do
   include GraphqlHelpers
 
   let_it_be(:admin) { create(:admin) }

spec/requests/api/users_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe API::Users, :do_not_mock_admin_mode do
+RSpec.describe API::Users do
   let_it_be(:admin) { create(:admin) }
   let_it_be(:user, reload: true) { create(:user, username: 'user.with.dot') }
   let_it_be(:key) { create(:key, user: user) }

spec/requests/git_http_spec.rb

@@ -795,12 +795,24 @@ RSpec.describe 'Git HTTP requests' do
             context 'administrator' do
               let(:user) { create(:admin) }
 
-              it_behaves_like 'can download code only'
+              context 'when admin mode is enabled', :enable_admin_mode do
+                it_behaves_like 'can download code only'
 
-              it 'downloads from other project get status 403' do
-                clone_get "#{other_project.full_path}.git", user: 'gitlab-ci-token', password: build.token
+                it 'downloads from other project get status 403' do
+                  clone_get "#{other_project.full_path}.git", user: 'gitlab-ci-token', password: build.token
 
-                expect(response).to have_gitlab_http_status(:forbidden)
+                  expect(response).to have_gitlab_http_status(:forbidden)
+                end
+              end
+
+              context 'when admin mode is disabled' do
+                it_behaves_like 'can download code only'
+
+                it 'downloads from other project get status 404' do
+                  clone_get "#{other_project.full_path}.git", user: 'gitlab-ci-token', password: build.token
+
+                  expect(response).to have_gitlab_http_status(:not_found)
+                end
               end
             end
 

spec/requests/lfs_http_spec.rb

@@ -195,7 +195,7 @@ RSpec.describe 'Git LFS API and storage' do
         end
       end
 
-      context 'administrator' do
+      context 'administrator', :enable_admin_mode do
         let(:user) { create(:admin) }
         let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 
@@ -453,7 +453,7 @@ RSpec.describe 'Git LFS API and storage' do
           end
         end
 
-        context 'administrator' do
+        context 'administrator', :enable_admin_mode do
           let(:user) { create(:admin) }
           let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 

spec/requests/self_monitoring_project_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe 'Self-Monitoring project requests' do
 
     it_behaves_like 'not accessible to non-admin users'
 
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
       before do
         login_as(admin)
       end
@@ -36,7 +36,7 @@ RSpec.describe 'Self-Monitoring project requests' do
 
     it_behaves_like 'not accessible to non-admin users'
 
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
       before do
         login_as(admin)
       end
@@ -116,7 +116,7 @@ RSpec.describe 'Self-Monitoring project requests' do
 
     it_behaves_like 'not accessible to non-admin users'
 
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
       before do
         login_as(admin)
       end
@@ -140,7 +140,7 @@ RSpec.describe 'Self-Monitoring project requests' do
 
     it_behaves_like 'not accessible to non-admin users'
 
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
       before do
         login_as(admin)
       end

spec/spec_helper.rb

@@ -286,19 +286,13 @@ RSpec.configure do |config|
       ./ee/spec/elastic_integration
       ./ee/spec/finders
       ./ee/spec/lib
-      ./ee/spec/requests/admin
       ./ee/spec/serializers
       ./ee/spec/support/shared_examples/finders/geo
       ./ee/spec/support/shared_examples/graphql/geo
       ./spec/finders
-      ./spec/frontend
-      ./spec/helpers
       ./spec/lib
-      ./spec/requests
       ./spec/serializers
-      ./spec/support/shared_examples/requests
       ./spec/support/shared_examples/lib/gitlab
-      ./spec/views
       ./spec/workers
     )
 

spec/support/shared_examples/requests/self_monitoring_shared_examples.rb

@@ -20,6 +20,18 @@ RSpec.shared_examples 'not accessible to non-admin users' do
       expect(response).to have_gitlab_http_status(:not_found)
     end
   end
+
+  context 'with authenticated admin user without admin mode' do
+    before do
+      login_as(create(:admin))
+    end
+
+    it 'redirects to enable admin mode' do
+      subject
+
+      expect(response).to redirect_to(new_admin_session_path)
+    end
+  end
 end
 
 # Requires subject and worker_class and status_api to be defined

spec/views/projects/artifacts/_artifact.html.haml_spec.rb

@@ -16,10 +16,21 @@ RSpec.describe "projects/artifacts/_artifact.html.haml" do
     context 'with admin' do
       let(:user) { build(:admin) }
 
-      it 'has a delete button' do
-        render_partial
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it 'has a delete button' do
+          render_partial
 
-        expect(rendered).to have_link('Delete artifacts', href: project_artifact_path(project, project.job_artifacts.first))
+          expect(rendered).to have_link('Delete artifacts', href: project_artifact_path(project, project.job_artifacts.first))
+        end
+      end
+
+      context 'when admin mode is disabled' do
+        it 'has no delete button' do
+          project.add_reporter(user)
+          render_partial
+
+          expect(rendered).not_to have_link('Delete artifacts')
+        end
       end
     end
 

spec/views/search/_results.html.haml_spec.rb

@@ -54,11 +54,22 @@ RSpec.describe 'search/_results' do
         let(:scope) { search_scope }
         let(:search_objects) { Gitlab::ProjectSearchResults.new(user, '*', project: project).objects(scope) }
 
-        it 'renders the click text event tracking attributes' do
-          render
+        context 'when admin mode is enabled', :enable_admin_mode do
+          it 'renders the click text event tracking attributes' do
+            render
+
+            expect(rendered).to have_selector('[data-track-event=click_text]')
+            expect(rendered).to have_selector('[data-track-property=search_result]')
+          end
+        end
+
+        context 'when admin mode is disabled' do
+          it 'does not render the click text event tracking attributes' do
+            render
 
-          expect(rendered).to have_selector('[data-track-event=click_text]')
-          expect(rendered).to have_selector('[data-track-property=search_result]')
+            expect(rendered).not_to have_selector('[data-track-event=click_text]')
+            expect(rendered).not_to have_selector('[data-track-property=search_result]')
+          end
         end
 
         it 'does render the sidebar' do
@@ -74,11 +85,22 @@ RSpec.describe 'search/_results' do
         let(:scope) { search_scope }
         let(:search_objects) { Gitlab::ProjectSearchResults.new(user, '*', project: project).objects(scope) }
 
-        it 'renders the click text event tracking attributes' do
-          render
+        context 'when admin mode is enabled', :enable_admin_mode do
+          it 'renders the click text event tracking attributes' do
+            render
+
+            expect(rendered).to have_selector('[data-track-event=click_text]')
+            expect(rendered).to have_selector('[data-track-property=search_result]')
+          end
+        end
+
+        context 'when admin mode is disabled' do
+          it 'does not render the click text event tracking attributes' do
+            render
 
-          expect(rendered).to have_selector('[data-track-event=click_text]')
-          expect(rendered).to have_selector('[data-track-property=search_result]')
+            expect(rendered).not_to have_selector('[data-track-event=click_text]')
+            expect(rendered).not_to have_selector('[data-track-property=search_result]')
+          end
         end
 
         it 'does not render the sidebar' do