Automatic merge of gitlab-org/gitlab master

59d41c62 · GitLab Bot · 9ad59639 · b94daeb4 · 59d41c62 · 59d41c62
Commit 59d41c62 authored Dec 07, 2020 by GitLab Bot
55 changed files
--- a/app/assets/javascripts/diffs/store/actions.js
+++ b/app/assets/javascripts/diffs/store/actions.js
@@ -114,7 +114,8 @@ export const fetchDiffFilesBatch = ({ commit, state, dispatch }) => {
        }
        if (
-          (diffsGradualLoad && totalLoaded === pagination.total_pages) ||
+          (diffsGradualLoad &&
+            (totalLoaded === pagination.total_pages || pagination.total_pages === null)) ||
          (!diffsGradualLoad && !pagination.next_page)
        ) {
          commit(types.SET_RETRIEVING_BATCHES, false);

--- a/changelogs/unreleased/chore-disable-admin-mode-in-requests-views.yml
+++ b/changelogs/unreleased/chore-disable-admin-mode-in-requests-views.yml
+---
+title: Disable auto admin mode on requests and views specs
+merge_request: 48700
+author: Diego Louzán
+type: other
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -3290,6 +3290,11 @@ type ComplianceFrameworkEdge {
  node: ComplianceFramework
 }
+"""
+Identifier of ComplianceManagement::Framework
+"""
+scalar ComplianceManagementFrameworkID
 """
 Autogenerated input type of ConfigureSast
 """
@@ -6545,6 +6550,36 @@ type DestroyBoardPayload {
  errors: [String!]!
 }
+"""
+Autogenerated input type of DestroyComplianceFramework
+"""
+input DestroyComplianceFrameworkInput {
+  """
+  A unique identifier for the client performing the mutation.
+  """
+  clientMutationId: String
+  """
+  The global ID of the compliance framework to destroy
+  """
+  id: ComplianceManagementFrameworkID!
+}
+"""
+Autogenerated return type of DestroyComplianceFramework
+"""
+type DestroyComplianceFrameworkPayload {
+  """
+  A unique identifier for the client performing the mutation.
+  """
+  clientMutationId: String
+  """
+  Errors encountered during execution of the mutation.
+  """
+  errors: [String!]!
+}
 """
 Autogenerated input type of DestroyContainerRepository
 """
@@ -14247,6 +14282,7 @@ type Mutation {
  designManagementUpload(input: DesignManagementUploadInput!): DesignManagementUploadPayload
  destroyBoard(input: DestroyBoardInput!): DestroyBoardPayload
  destroyBoardList(input: DestroyBoardListInput!): DestroyBoardListPayload
+  destroyComplianceFramework(input: DestroyComplianceFrameworkInput!): DestroyComplianceFrameworkPayload
  destroyContainerRepository(input: DestroyContainerRepositoryInput!): DestroyContainerRepositoryPayload
  destroyNote(input: DestroyNoteInput!): DestroyNotePayload
  destroySnippet(input: DestroySnippetInput!): DestroySnippetPayload

--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -9045,6 +9045,16 @@
          "enumValues": null,
          "possibleTypes": null
        },
+        {
+          "kind": "SCALAR",
+          "name": "ComplianceManagementFrameworkID",
+          "description": "Identifier of ComplianceManagement::Framework",
+          "fields": null,
+          "inputFields": null,
+          "interfaces": null,
+          "enumValues": null,
+          "possibleTypes": null
+        },
        {
          "kind": "INPUT_OBJECT",
          "name": "ConfigureSastInput",
@@ -18130,6 +18140,94 @@
          "enumValues": null,
          "possibleTypes": null
        },
+        {
+          "kind": "INPUT_OBJECT",
+          "name": "DestroyComplianceFrameworkInput",
+          "description": "Autogenerated input type of DestroyComplianceFramework",
+          "fields": null,
+          "inputFields": [
+            {
+              "name": "id",
+              "description": "The global ID of the compliance framework to destroy",
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "SCALAR",
+                  "name": "ComplianceManagementFrameworkID",
+                  "ofType": null
+                }
+              },
+              "defaultValue": null
+            },
+            {
+              "name": "clientMutationId",
+              "description": "A unique identifier for the client performing the mutation.",
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "defaultValue": null
+            }
+          ],
+          "interfaces": null,
+          "enumValues": null,
+          "possibleTypes": null
+        },
+        {
+          "kind": "OBJECT",
+          "name": "DestroyComplianceFrameworkPayload",
+          "description": "Autogenerated return type of DestroyComplianceFramework",
+          "fields": [
+            {
+              "name": "clientMutationId",
+              "description": "A unique identifier for the client performing the mutation.",
+              "args": [
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
+              "name": "errors",
+              "description": "Errors encountered during execution of the mutation.",
+              "args": [
+              ],
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "LIST",
+                  "name": null,
+                  "ofType": {
+                    "kind": "NON_NULL",
+                    "name": null,
+                    "ofType": {
+                      "kind": "SCALAR",
+                      "name": "String",
+                      "ofType": null
+                    }
+                  }
+                }
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            }
+          ],
+          "inputFields": null,
+          "interfaces": [
+          ],
+          "enumValues": null,
+          "possibleTypes": null
+        },
        {
          "kind": "INPUT_OBJECT",
          "name": "DestroyContainerRepositoryInput",
@@ -40589,6 +40687,33 @@
              "isDeprecated": false,
              "deprecationReason": null
            },
+            {
+              "name": "destroyComplianceFramework",
+              "description": null,
+              "args": [
+                {
+                  "name": "input",
+                  "description": null,
+                  "type": {
+                    "kind": "NON_NULL",
+                    "name": null,
+                    "ofType": {
+                      "kind": "INPUT_OBJECT",
+                      "name": "DestroyComplianceFrameworkInput",
+                      "ofType": null
+                    }
+                  },
+                  "defaultValue": null
+                }
+              ],
+              "type": {
+                "kind": "OBJECT",
+                "name": "DestroyComplianceFrameworkPayload",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
            {
              "name": "destroyContainerRepository",
              "description": null,
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1099,6 +1099,15 @@ Autogenerated return type of DestroyBoard.
 | `clientMutationId` | String | A unique identifier for the client performing the mutation. |
 | `errors` | String! => Array | Errors encountered during execution of the mutation. |
+### DestroyComplianceFrameworkPayload
+Autogenerated return type of DestroyComplianceFramework.
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `clientMutationId` | String | A unique identifier for the client performing the mutation. |
+| `errors` | String! => Array | Errors encountered during execution of the mutation. |
 ### DestroyContainerRepositoryPayload
 Autogenerated return type of DestroyContainerRepository.

--- a/ee/app/assets/javascripts/oncall_schedules/components/delete_schedule_modal.vue
+++ b/ee/app/assets/javascripts/oncall_schedules/components/delete_schedule_modal.vue
@@ -47,14 +47,17 @@ export default {
  },
  methods: {
    deleteSchedule() {
-      const { projectPath } = this;
+      const {
+        projectPath,
+        schedule: { iid },
+      } = this;
      this.loading = true;
      this.$apollo
        .mutate({
          mutation: destroyOncallScheduleMutation,
          variables: {
-            id: this.schedule.id,
+            iid,
            projectPath,
          },
          update(store, { data }) {
@@ -87,6 +90,7 @@ export default {
    ref="deleteScheduleModal"
    modal-id="deleteScheduleModal"
    size="sm"
+    :data-testid="`delete-schedule-modal-${schedule.iid}`"
    :title="$options.i18n.deleteSchedule"
    :action-primary="primaryProps"
    :action-cancel="cancelProps"

--- a/ee/app/assets/javascripts/oncall_schedules/graphql/mutations/destroy_oncall_schedule.mutation.graphql
+++ b/ee/app/assets/javascripts/oncall_schedules/graphql/mutations/destroy_oncall_schedule.mutation.graphql
-mutation oncallScheduleDestroy($oncallScheduleDestroyInput: OncallScheduleDestroyInput!) {
+mutation oncallScheduleDestroy($iid: String!, $projectPath: ID!) {
-  oncallScheduleDestroy(input: $oncallScheduleDestroyInput) {
+  oncallScheduleDestroy(input: { iid: $iid, projectPath: $projectPath }) {
    errors
    oncallSchedule {
      iid

--- a/ee/app/graphql/ee/types/mutation_type.rb
+++ b/ee/app/graphql/ee/types/mutation_type.rb
@@ -10,6 +10,7 @@ module EE
        mount_mutation ::Mutations::Clusters::Agents::Delete
        mount_mutation ::Mutations::Clusters::AgentTokens::Create
        mount_mutation ::Mutations::Clusters::AgentTokens::Delete
+        mount_mutation ::Mutations::ComplianceManagement::Frameworks::Destroy
        mount_mutation ::Mutations::Issues::SetIteration
        mount_mutation ::Mutations::Issues::SetWeight
        mount_mutation ::Mutations::Issues::SetEpic

--- a/ee/app/graphql/mutations/compliance_management/frameworks/destroy.rb
+++ b/ee/app/graphql/mutations/compliance_management/frameworks/destroy.rb
+# frozen_string_literal: true
+module Mutations
+  module ComplianceManagement
+    module Frameworks
+      class Destroy < ::Mutations::BaseMutation
+        graphql_name 'DestroyComplianceFramework'
+        authorize :manage_compliance_framework
+        argument :id,
+                 ::Types::GlobalIDType[::ComplianceManagement::Framework],
+                 required: true,
+                 description: 'The global ID of the compliance framework to destroy'
+        def resolve(id:)
+          framework = authorized_find!(id: id)
+          result = ::ComplianceManagement::Frameworks::DestroyService.new(framework: framework, current_user: current_user).execute
+          { errors: result.success? ? [] : Array.wrap(result.message) }
+        end
+        private
+        def find_object(id:)
+          GitlabSchema.object_from_id(id, expected_type: ::ComplianceManagement::Framework)
+        end
+      end
+    end
+  end
+end
--- a/ee/app/policies/compliance_management/framework_policy.rb
+++ b/ee/app/policies/compliance_management/framework_policy.rb
@@ -5,7 +5,7 @@ module ComplianceManagement
    delegate { @subject.namespace }
    condition(:custom_compliance_frameworks_enabled) do
-      License.feature_available?(:custom_compliance_frameworks)
+      License.feature_available?(:custom_compliance_frameworks) && Feature.enabled?(:ff_custom_compliance_frameworks)
    end
    rule { can?(:owner_access) & custom_compliance_frameworks_enabled }.policy do

--- a/ee/changelogs/unreleased/255340-graphql-delete-compliance-frameworks.yml
+++ b/ee/changelogs/unreleased/255340-graphql-delete-compliance-frameworks.yml
+---
+title: Add GraphQL mutation to destroy compliance framework
+merge_request: 48912
+author:
+type: added
--- a/ee/spec/frontend/oncall_schedule/__snapshots__/delete_schedule_modal_spec.js.snap
+++ b/ee/spec/frontend/oncall_schedule/__snapshots__/delete_schedule_modal_spec.js.snap
@@ -4,6 +4,7 @@ exports[`DeleteScheduleModal renders delete schedule modal layout 1`] = `
 <gl-modal-stub
  actioncancel="[object Object]"
  actionprimary="[object Object]"
+  data-testid="delete-schedule-modal-37"
  modalclass=""
  modalid="deleteScheduleModal"
  size="sm"

--- a/ee/spec/frontend/oncall_schedule/delete_schedule_modal_spec.js
+++ b/ee/spec/frontend/oncall_schedule/delete_schedule_modal_spec.js
-/* eslint-disable no-unused-vars */
 import { shallowMount, createLocalVue } from '@vue/test-utils';
 import createMockApollo from 'jest/helpers/mock_apollo_helper';
 import { GlModal, GlAlert, GlSprintf } from '@gitlab/ui';
 import VueApollo from 'vue-apollo';
 import waitForPromises from 'helpers/wait_for_promises';
+import getOncallSchedulesQuery from 'ee/oncall_schedules/graphql/queries/get_oncall_schedules.query.graphql';
 import destroyOncallScheduleMutation from 'ee/oncall_schedules/graphql/mutations/destroy_oncall_schedule.mutation.graphql';
 import DeleteScheduleModal, {
  i18n,
 } from 'ee/oncall_schedules/components/delete_schedule_modal.vue';
-import { getOncallSchedulesQueryResponse, destroyScheduleResponse } from './mocks/apollo_mock';
+import {
+  getOncallSchedulesQueryResponse,
+  destroyScheduleResponse,
+  destroyScheduleResponseWithErrors,
+} from './mocks/apollo_mock';
 const localVue = createLocalVue();
 const projectPath = 'group/project';
 const mutate = jest.fn();
 const mockHideModal = jest.fn();
+const schedule =
+  getOncallSchedulesQueryResponse.data.project.incidentManagementOncallSchedules.nodes[0];
 localVue.use(VueApollo);
@@ -29,14 +35,14 @@ describe('DeleteScheduleModal', () => {
  async function awaitApolloDomMock() {
    await wrapper.vm.$nextTick(); // kick off the DOM update
    await jest.runOnlyPendingTimers(); // kick off the mocked GQL stuff (promises)
-    await wrapper.vm.$nextTick(); // kick off the DOM update for flash
+    await wrapper.vm.$nextTick(); // kick off the DOM update
  }
  async function destroySchedule(localWrapper) {
    await jest.runOnlyPendingTimers();
    await localWrapper.vm.$nextTick();
-    localWrapper.vm.$emit('primary');
+    localWrapper.find(GlModal).vm.$emit('primary', { preventDefault: jest.fn() });
  }
  const createComponent = ({ data = {}, props = {} } = {}) => {
@@ -47,8 +53,7 @@ describe('DeleteScheduleModal', () => {
        };
      },
      propsData: {
-        schedule:
+        schedule,
-          getOncallSchedulesQueryResponse.data.project.incidentManagementOncallSchedules.nodes[0],
        ...props,
      },
      provide: {
@@ -70,13 +75,27 @@ describe('DeleteScheduleModal', () => {
    localVue.use(VueApollo);
    destroyScheduleHandler = destroyHandler;
-    const requestHandlers = [[destroyOncallScheduleMutation, destroyScheduleHandler]];
+    const requestHandlers = [
+      [getOncallSchedulesQuery, jest.fn().mockResolvedValue(getOncallSchedulesQueryResponse)],
+      [destroyOncallScheduleMutation, destroyScheduleHandler],
+    ];
    fakeApollo = createMockApollo(requestHandlers);
+    fakeApollo.clients.defaultClient.cache.writeQuery({
+      query: getOncallSchedulesQuery,
+      variables: {
+        projectPath: 'group/project',
+      },
+      data: getOncallSchedulesQueryResponse.data,
+    });
    wrapper = shallowMount(DeleteScheduleModal, {
      localVue,
      apolloProvider: fakeApollo,
+      propsData: {
+        schedule,
+      },
      provide: {
        projectPath,
      },
@@ -109,8 +128,7 @@ describe('DeleteScheduleModal', () => {
      expect(mutate).toHaveBeenCalledWith({
        mutation: expect.any(Object),
        update: expect.anything(),
-        // TODO: Once the BE is complete for the mutation update this spec to use the correct params
+        variables: { iid: '37', projectPath },
-        variables: expect.anything(),
      });
    });
@@ -134,6 +152,34 @@ describe('DeleteScheduleModal', () => {
  });
  describe('with mocked Apollo client', () => {
-    // TODO: Once the BE is complete for the mutation add specs here for that via a destroyHandler
+    it('has the name of the schedule to delete based on getOncallSchedulesQuery', async () => {
+      createComponentWithApollo();
+      await jest.runOnlyPendingTimers();
+      await wrapper.vm.$nextTick();
+      expect(findModal().attributes('data-testid')).toBe(`delete-schedule-modal-${schedule.iid}`);
+    });
+    it('calls a mutation with correct parameters and destroys a schedule', async () => {
+      createComponentWithApollo();
+      await destroySchedule(wrapper);
+      expect(destroyScheduleHandler).toHaveBeenCalled();
+    });
+    it('displays alert if mutation had a recoverable error', async () => {
+      createComponentWithApollo({
+        destroyHandler: jest.fn().mockResolvedValue(destroyScheduleResponseWithErrors),
+      });
+      await destroySchedule(wrapper);
+      await awaitApolloDomMock();
+      const alert = findAlert();
+      expect(alert.exists()).toBe(true);
+      expect(alert.text()).toContain('Houston, we have a problem');
+    });
  });
 });
--- a/ee/spec/frontend/oncall_schedule/mocks/apollo_mock.js
+++ b/ee/spec/frontend/oncall_schedule/mocks/apollo_mock.js
@@ -22,6 +22,7 @@ export const getOncallSchedulesQueryResponse = {
      incidentManagementOncallSchedules: {
        nodes: [
          {
+            __typename: 'IncidentManagementOncallSchedule',
            iid: '37',
            name: 'Test schedule',
            description: 'Description 1 lives here',
@@ -35,18 +36,12 @@ export const getOncallSchedulesQueryResponse = {
  },
 };
-export const scheduleToDestroy = {
-  iid: '37',
-  name: 'Test schedule',
-  description: 'Description 1 lives here',
-  timezone: 'Pacific/Honolulu',
-};
 export const destroyScheduleResponse = {
  data: {
    oncallScheduleDestroy: {
      errors: [],
      oncallSchedule: {
+        __typename: 'IncidentManagementOncallSchedule',
        iid: '37',
        name: 'Test schedule',
        description: 'Description 1 lives here',
@@ -61,6 +56,7 @@ export const destroyScheduleResponseWithErrors = {
    oncallScheduleDestroy: {
      errors: ['Houston, we have a problem'],
      oncallSchedule: {
+        __typename: 'IncidentManagementOncallSchedule',
        iid: '37',
        name: 'Test schedule',
        description: 'Description 1 lives here',
@@ -75,6 +71,7 @@ export const updateScheduleResponse = {
    oncallScheduleDestroy: {
      errors: [],
      oncallSchedule: {
+        __typename: 'IncidentManagementOncallSchedule',
        iid: '37',
        name: 'Test schedule 2',
        description: 'Description 2 lives here',

--- a/ee/spec/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
+++ b/ee/spec/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Mutations::ComplianceManagement::Frameworks::Destroy do
+  include GraphqlHelpers
+  let_it_be(:framework) { create(:compliance_framework) }
+  let(:user) { framework.namespace.owner }
+  let(:mutation) { described_class.new(object: nil, context: { current_user: user }, field: nil) }
+  subject { mutation.resolve(id: global_id_of(framework)) }
+  shared_examples 'a compliance framework that cannot be found' do
+    it 'raises an error' do
+      expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+    end
+  end
+  shared_examples 'one compliance framework was destroyed' do
+    it 'destroys a compliance framework' do
+      expect { subject }.to change { ComplianceManagement::Framework.count }.by(-1)
+    end
+    it 'expects zero errors in the response' do
+      expect(subject[:errors]).to be_empty
+    end
+  end
+  context 'feature is unlicensed' do
+    before do
+      stub_licensed_features(custom_compliance_frameworks: false)
+    end
+    it_behaves_like 'a compliance framework that cannot be found'
+  end
+  context 'feature is disabled but is licensed' do
+    before do
+      stub_feature_flags(ff_custom_compliance_frameworks: false)
+      stub_licensed_features(custom_compliance_frameworks: true)
+    end
+    it_behaves_like 'a compliance framework that cannot be found'
+  end
+  context 'feature is enabled and licensed' do
+    before do
+      stub_licensed_features(custom_compliance_frameworks: true)
+      stub_feature_flags(ff_custom_compliance_frameworks: true)
+    end
+    context 'current_user is namespace owner' do
+      it_behaves_like 'one compliance framework was destroyed'
+    end
+    context 'current_user is group owner' do
+      let_it_be(:group) { create(:group) }
+      let_it_be(:user) { create(:user) }
+      let_it_be(:framework) { create(:compliance_framework, namespace: group)}
+      before do
+        group.add_owner(user)
+      end
+      it_behaves_like 'one compliance framework was destroyed'
+    end
+  end
+end
--- a/ee/spec/policies/compliance_management/framework_policy_spec.rb
+++ b/ee/spec/policies/compliance_management/framework_policy_spec.rb
@@ -49,4 +49,12 @@ RSpec.describe ComplianceManagement::FrameworkPolicy do
    it { is_expected.to be_disallowed(:manage_compliance_framework) }
  end
+  context 'feature is disabled' do
+    before do
+      stub_feature_flags(ff_custom_compliance_framework: false)
+    end
+    it { is_expected.to be_disallowed(:manage_compliance_framework) }
+  end
 end
--- a/ee/spec/requests/admin/audit_events_spec.rb
+++ b/ee/spec/requests/admin/audit_events_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 RSpec.describe 'view audit events' do
+  include AdminModeHelper
  describe 'GET /audit_events' do
    let_it_be(:admin) { create(:admin) }
    let_it_be(:audit_event) { create(:user_audit_event) }
@@ -13,23 +15,37 @@ RSpec.describe 'view audit events' do
      login_as(admin)
    end
-    it 'returns 200 response' do
+    context 'when admin mode is enabled' do
-      send_request
+      before do
+        enable_admin_mode!(admin)
+      end
-      expect(response).to have_gitlab_http_status(:ok)
+      it 'returns 200 response' do
-    end
+        send_request
+        expect(response).to have_gitlab_http_status(:ok)
+      end
-    it 'avoids N+1 DB queries', :request_store do
+      it 'avoids N+1 DB queries', :request_store do
-      # warm up cache so these initial queries would not leak in our QueryRecorder
+        # warm up cache so these initial queries would not leak in our QueryRecorder
-      send_request
+        send_request
+        control = ActiveRecord::QueryRecorder.new(skip_cached: false) { send_request }
-      control = ActiveRecord::QueryRecorder.new(skip_cached: false) { send_request }
+        create_list(:user_audit_event, 2)
-      create_list(:user_audit_event, 2)
+        expect do
+          send_request
+        end.not_to exceed_all_query_limit(control)
+      end
+    end
-      expect do
+    context 'when admin mode is disabled' do
+      it 'redirects to admin mode enable' do
        send_request
-      end.not_to exceed_all_query_limit(control)
+        expect(response).to redirect_to(new_admin_session_path)
+      end
    end
    def send_request

--- a/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe 'Delete a compliance framework' do
+  include GraphqlHelpers
+  let_it_be(:framework) { create(:compliance_framework) }
+  let(:mutation) { graphql_mutation(:destroy_compliance_framework, { id: global_id_of(framework) }) }
+  subject { post_graphql_mutation(mutation, current_user: current_user) }
+  def mutation_response
+    graphql_mutation_response(:destroy_compliance_framework)
+  end
+  context 'feature is unlicensed' do
+    let_it_be(:current_user) { framework.namespace.owner }
+    before do
+      stub_licensed_features(custom_compliance_frameworks: false)
+      stub_feature_flags(ff_custom_compliance_frameworks: true)
+    end
+    it 'does not destroy a compliance framework' do
+      expect { subject }.not_to change { ComplianceManagement::Framework.count }
+    end
+    it_behaves_like 'a mutation that returns top-level errors',
+                    errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
+  end
+  context 'when licensed and enabled' do
+    before do
+      stub_licensed_features(custom_compliance_frameworks: true)
+      stub_feature_flags(ff_custom_compliance_frameworks: true)
+    end
+    context 'current_user is namespace owner' do
+      let_it_be(:current_user) { framework.namespace.owner }
+      it 'has no errors' do
+        subject
+        expect(mutation_response['errors']).to be_empty
+      end
+      it 'destroys a compliance framework' do
+        expect { subject }.to change { ComplianceManagement::Framework.count }.by(-1)
+      end
+    end
+    context 'current_user is not namespace owner' do
+      let_it_be(:current_user) { create(:user) }
+      it 'does not destroy a compliance framework' do
+        expect { subject }.not_to change { ComplianceManagement::Framework.count }
+      end
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
+    end
+  end
+end
--- a/spec/frontend/fixtures/abuse_reports.rb
+++ b/spec/frontend/fixtures/abuse_reports.rb
@@ -4,6 +4,7 @@ require 'spec_helper'
 RSpec.describe Admin::AbuseReportsController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
+  include AdminModeHelper
  let(:admin) { create(:admin) }
  let!(:abuse_report) { create(:abuse_report) }
@@ -18,6 +19,7 @@ RSpec.describe Admin::AbuseReportsController, '(JavaScript fixtures)', type: :co
  before do
    sign_in(admin)
+    enable_admin_mode!(admin)
  end
  it 'abuse_reports/abuse_reports_list.html' do

--- a/spec/frontend/fixtures/admin_users.rb
+++ b/spec/frontend/fixtures/admin_users.rb
@@ -5,12 +5,14 @@ require 'spec_helper'
 RSpec.describe Admin::UsersController, '(JavaScript fixtures)', type: :controller do
  include StubENV
  include JavaScriptFixturesHelpers
+  include AdminModeHelper
  let(:admin) { create(:admin) }
  before do
    stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
    sign_in(admin)
+    enable_admin_mode!(admin)
  end
  render_views

--- a/spec/frontend/fixtures/application_settings.rb
+++ b/spec/frontend/fixtures/application_settings.rb
@@ -5,6 +5,7 @@ require 'spec_helper'
 RSpec.describe Admin::ApplicationSettingsController, '(JavaScript fixtures)', type: :controller do
  include StubENV
  include JavaScriptFixturesHelpers
+  include AdminModeHelper
  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
@@ -13,6 +14,7 @@ RSpec.describe Admin::ApplicationSettingsController, '(JavaScript fixtures)', ty
  before do
    stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
    sign_in(admin)
+    enable_admin_mode!(admin)
  end
  render_views

--- a/spec/frontend/fixtures/autocomplete_sources.rb
+++ b/spec/frontend/fixtures/autocomplete_sources.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe Projects::AutocompleteSourcesController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let_it_be(:admin) { create(:admin) }
+  let_it_be(:user) { create(:user) }
  let_it_be(:group) { create(:group, name: 'frontend-fixtures') }
  let_it_be(:project) { create(:project, namespace: group, path: 'autocomplete-sources-project') }
  let_it_be(:issue) { create(:issue, project: project) }
@@ -15,7 +15,8 @@ RSpec.describe Projects::AutocompleteSourcesController, '(JavaScript fixtures)',
  end
  before do
-    sign_in(admin)
+    group.add_owner(user)
+    sign_in(user)
  end
  it 'autocomplete_sources/labels.json' do

--- a/spec/frontend/fixtures/blob.rb
+++ b/spec/frontend/fixtures/blob.rb
@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::BlobController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :repository, namespace: namespace, path: 'branches-project') }
+  let(:user) { project.owner }
  render_views
@@ -16,7 +16,7 @@ RSpec.describe Projects::BlobController, '(JavaScript fixtures)', type: :control
  end
  before do
-    sign_in(admin)
+    sign_in(user)
    allow(SecureRandom).to receive(:hex).and_return('securerandomhex:thereisnospoon')
  end

--- a/spec/frontend/fixtures/branches.rb
+++ b/spec/frontend/fixtures/branches.rb
@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe 'Branches (JavaScript fixtures)' do
  include JavaScriptFixturesHelpers
-  let_it_be(:admin) { create(:admin) }
  let_it_be(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let_it_be(:project) { create(:project, :repository, namespace: namespace, path: 'branches-project') }
+  let_it_be(:user) { project.owner }
  before(:all) do
    clean_frontend_fixtures('branches/')
@@ -22,7 +22,7 @@ RSpec.describe 'Branches (JavaScript fixtures)' do
    render_views
    before do
-      sign_in(admin)
+      sign_in(user)
    end
    it 'branches/new_branch.html' do
@@ -44,7 +44,7 @@ RSpec.describe 'Branches (JavaScript fixtures)' do
      # - "master": default, protected
      # - "markdown": non-default, protected
      # - "many_files": non-default, not protected
-      get api("/projects/#{project.id}/repository/branches?search=ma", admin)
+      get api("/projects/#{project.id}/repository/branches?search=ma", user)
      expect(response).to be_successful
    end

--- a/spec/frontend/fixtures/clusters.rb
+++ b/spec/frontend/fixtures/clusters.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Projects::ClustersController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :repository, namespace: namespace) }
  let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
+  let(:user) { project.owner }
  render_views
@@ -17,7 +17,7 @@ RSpec.describe Projects::ClustersController, '(JavaScript fixtures)', type: :con
  end
  before do
-    sign_in(admin)
+    sign_in(user)
  end
  after do

--- a/spec/frontend/fixtures/commit.rb
+++ b/spec/frontend/fixtures/commit.rb
@@ -6,14 +6,12 @@ RSpec.describe 'Commit (JavaScript fixtures)' do
  include JavaScriptFixturesHelpers
  let_it_be(:project) { create(:project, :repository) }
-  let_it_be(:user)    { create(:user) }
+  let_it_be(:user)    { project.owner }
  let_it_be(:commit)  { project.commit("master") }
  before(:all) do
    clean_frontend_fixtures('commit/')
    clean_frontend_fixtures('api/commits/')
-    project.add_maintainer(user)
  end
  before do

--- a/spec/frontend/fixtures/deploy_keys.rb
+++ b/spec/frontend/fixtures/deploy_keys.rb
@@ -4,6 +4,7 @@ require 'spec_helper'
 RSpec.describe Projects::DeployKeysController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
+  include AdminModeHelper
  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
@@ -17,7 +18,10 @@ RSpec.describe Projects::DeployKeysController, '(JavaScript fixtures)', type: :c
  end
  before do
+    # Using an admin for these fixtures because they are used for verifying a frontend
+    # component that would normally get its data from `Admin::DeployKeysController`
    sign_in(admin)
+    enable_admin_mode!(admin)
  end
  after do

--- a/spec/frontend/fixtures/freeze_period.rb
+++ b/spec/frontend/fixtures/freeze_period.rb
@@ -6,8 +6,8 @@ RSpec.describe 'Freeze Periods (JavaScript fixtures)' do
  include JavaScriptFixturesHelpers
  include TimeZoneHelper
-  let_it_be(:admin) { create(:admin) }
  let_it_be(:project) { create(:project, :repository, path: 'freeze-periods-project') }
+  let_it_be(:user) { project.owner }
  before(:all) do
    clean_frontend_fixtures('api/freeze-periods/')
@@ -34,7 +34,7 @@ RSpec.describe 'Freeze Periods (JavaScript fixtures)' do
      create(:ci_freeze_period, project: project, freeze_start: '0 12 * * 1-5', freeze_end: '0 1 5 * *', cron_timezone: 'Etc/UTC')
      create(:ci_freeze_period, project: project, freeze_start: '0 12 * * 1-5', freeze_end: '0 16 * * 6', cron_timezone: 'Europe/Berlin')
-      get api("/projects/#{project.id}/freeze_periods", admin)
+      get api("/projects/#{project.id}/freeze_periods", user)
      expect(response).to be_successful
    end

--- a/spec/frontend/fixtures/groups.rb
+++ b/spec/frontend/fixtures/groups.rb
@@ -5,20 +5,20 @@ require 'spec_helper'
 RSpec.describe 'Groups (JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
+  let(:user) { create(:user) }
  let(:group) { create(:group, name: 'frontend-fixtures-group', runners_token: 'runnerstoken:intabulasreferre')}
-  render_views
  before(:all) do
    clean_frontend_fixtures('groups/')
  end
  before do
-    group.add_maintainer(admin)
+    group.add_owner(user)
-    sign_in(admin)
+    sign_in(user)
  end
+  render_views
  describe GroupsController, '(JavaScript fixtures)', type: :controller do
    it 'groups/edit.html' do
      get :edit, params: { id: group }

--- a/spec/frontend/fixtures/issues.rb
+++ b/spec/frontend/fixtures/issues.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe Projects::IssuesController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin, feed_token: 'feedtoken:coldfeed') }
+  let(:user) { create(:user, feed_token: 'feedtoken:coldfeed') }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project_empty_repo, namespace: namespace, path: 'issues-project') }
@@ -16,7 +16,8 @@ RSpec.describe Projects::IssuesController, '(JavaScript fixtures)', type: :contr
  end
  before do
-    sign_in(admin)
+    project.add_maintainer(user)
+    sign_in(user)
  end
  after do

--- a/spec/frontend/fixtures/jobs.rb
+++ b/spec/frontend/fixtures/jobs.rb
@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::JobsController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :repository, namespace: namespace, path: 'builds-project') }
+  let(:user) { project.owner }
  let(:pipeline) { create(:ci_empty_pipeline, project: project, sha: project.commit.id) }
  let!(:build_with_artifacts) { create(:ci_build, :success, :artifacts, :trace_artifact, pipeline: pipeline, stage: 'test', artifacts_expire_at: Time.now + 18.months) }
  let!(:failed_build) { create(:ci_build, :failed, pipeline: pipeline, stage: 'build') }
@@ -26,7 +26,7 @@ RSpec.describe Projects::JobsController, '(JavaScript fixtures)', type: :control
  end
  before do
-    sign_in(admin)
+    sign_in(user)
  end
  after do

--- a/spec/frontend/fixtures/labels.rb
+++ b/spec/frontend/fixtures/labels.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe 'Labels (JavaScript fixtures)' do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
+  let(:user) { create(:user) }
  let(:group) { create(:group, name: 'frontend-fixtures-group' )}
  let(:project) { create(:project_empty_repo, namespace: group, path: 'labels-project') }
@@ -29,8 +29,6 @@ RSpec.describe 'Labels (JavaScript fixtures)' do
    include JavaScriptFixturesHelpers
    include ApiHelpers
-    let(:user) { create(:user) }
    before do
      group.add_owner(user)
    end
@@ -46,7 +44,8 @@ RSpec.describe 'Labels (JavaScript fixtures)' do
    render_views
    before do
-      sign_in(admin)
+      group.add_owner(user)
+      sign_in(user)
    end
    it 'labels/project_labels.json' do

--- a/spec/frontend/fixtures/merge_requests.rb
+++ b/spec/frontend/fixtures/merge_requests.rb
@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :repository, namespace: namespace, path: 'merge-requests-project') }
+  let(:user) { project.owner }
  # rubocop: disable Layout/TrailingWhitespace
  let(:description) do
@@ -55,7 +55,7 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
  end
  before do
-    sign_in(admin)
+    sign_in(user)
    allow(Discussion).to receive(:build_discussion_id).and_return(['discussionid:ceterumcenseo'])
  end
@@ -64,7 +64,7 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
  end
  it 'merge_requests/merge_request_of_current_user.html' do
-    merge_request.update(author: admin)
+    merge_request.update(author: user)
    render_merge_request(merge_request)
  end
@@ -76,19 +76,19 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
  end
  it 'merge_requests/diff_comment.html' do
-    create(:diff_note_on_merge_request, project: project, author: admin, position: position, noteable: merge_request)
+    create(:diff_note_on_merge_request, project: project, author: user, position: position, noteable: merge_request)
-    create(:note_on_merge_request, author: admin, project: project, noteable: merge_request)
+    create(:note_on_merge_request, author: user, project: project, noteable: merge_request)
    render_merge_request(merge_request)
  end
  it 'merge_requests/diff_discussion.json' do
-    create(:diff_note_on_merge_request, project: project, author: admin, position: position, noteable: merge_request)
+    create(:diff_note_on_merge_request, project: project, author: user, position: position, noteable: merge_request)
    render_discussions_json(merge_request)
  end
  it 'merge_requests/resolved_diff_discussion.json' do
-    note = create(:discussion_note_on_merge_request, :resolved, project: project, author: admin, position: position, noteable: merge_request)
+    note = create(:discussion_note_on_merge_request, :resolved, project: project, author: user, position: position, noteable: merge_request)
-    create(:system_note, project: project, author: admin, noteable: merge_request, discussion_id: note.discussion.id)
+    create(:system_note, project: project, author: user, noteable: merge_request, discussion_id: note.discussion.id)
    render_discussions_json(merge_request)
  end
@@ -111,7 +111,7 @@ RSpec.describe Projects::MergeRequestsController, '(JavaScript fixtures)', type:
  context 'with mentions' do
    let(:group) { create(:group) }
-    let(:description) { "@#{group.full_path} @all @#{admin.username}" }
+    let(:description) { "@#{group.full_path} @all @#{user.username}" }
    it 'merge_requests/merge_request_with_mentions.html' do
      render_merge_request(merge_request)

--- a/spec/frontend/fixtures/merge_requests_diffs.rb
+++ b/spec/frontend/fixtures/merge_requests_diffs.rb
@@ -5,9 +5,9 @@ require 'spec_helper'
 RSpec.describe Projects::MergeRequests::DiffsController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :repository, namespace: namespace, path: 'merge-requests-project') }
+  let(:user) { project.owner }
  let(:merge_request) { create(:merge_request, :with_diffs, source_project: project, target_project: project, description: '- [ ] Task List Item') }
  let(:path) { "files/ruby/popen.rb" }
  let(:position) do
@@ -25,7 +25,7 @@ RSpec.describe Projects::MergeRequests::DiffsController, '(JavaScript fixtures)'
  end
  before do
-    sign_in(admin)
+    sign_in(user)
  end
  after do

--- a/spec/frontend/fixtures/pipeline_schedules.rb
+++ b/spec/frontend/fixtures/pipeline_schedules.rb
@@ -5,11 +5,11 @@ require 'spec_helper'
 RSpec.describe Projects::PipelineSchedulesController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :public, :repository) }
-  let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: admin) }
+  let(:user) { project.owner }
-  let!(:pipeline_schedule_populated) { create(:ci_pipeline_schedule, project: project, owner: admin) }
+  let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: user) }
+  let!(:pipeline_schedule_populated) { create(:ci_pipeline_schedule, project: project, owner: user) }
  let!(:pipeline_schedule_variable1) { create(:ci_pipeline_schedule_variable, key: 'foo', value: 'foovalue', pipeline_schedule: pipeline_schedule_populated) }
  let!(:pipeline_schedule_variable2) { create(:ci_pipeline_schedule_variable, key: 'bar', value: 'barvalue', pipeline_schedule: pipeline_schedule_populated) }
@@ -20,7 +20,7 @@ RSpec.describe Projects::PipelineSchedulesController, '(JavaScript fixtures)', t
  end
  before do
-    sign_in(admin)
+    sign_in(user)
  end
  it 'pipeline_schedules/edit.html' do

--- a/spec/frontend/fixtures/pipelines.rb
+++ b/spec/frontend/fixtures/pipelines.rb
@@ -5,7 +5,6 @@ require 'spec_helper'
 RSpec.describe Projects::PipelinesController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :repository, namespace: namespace, path: 'pipelines-project') }
  let(:commit) { create(:commit, project: project) }
@@ -22,7 +21,7 @@ RSpec.describe Projects::PipelinesController, '(JavaScript fixtures)', type: :co
  end
  before do
-    sign_in(admin)
+    sign_in(user)
  end
  it 'pipelines/pipelines.json' do

--- a/spec/frontend/fixtures/projects.rb
+++ b/spec/frontend/fixtures/projects.rb
@@ -7,11 +7,11 @@ RSpec.describe 'Projects (JavaScript fixtures)', type: :controller do
  runners_token = 'runnerstoken:intabulasreferre'
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, namespace: namespace, path: 'builds-project', runners_token: runners_token) }
  let(:project_with_repo) { create(:project, :repository, description: 'Code and stuff') }
  let(:project_variable_populated) { create(:project, namespace: namespace, path: 'builds-project2', runners_token: runners_token) }
+  let(:user) { project.owner }
  render_views
@@ -20,8 +20,8 @@ RSpec.describe 'Projects (JavaScript fixtures)', type: :controller do
  end
  before do
-    project.add_maintainer(admin)
+    project_with_repo.add_maintainer(user)
-    sign_in(admin)
+    sign_in(user)
    allow(SecureRandom).to receive(:hex).and_return('securerandomhex:thereisnospoon')
  end

--- a/spec/frontend/fixtures/prometheus_service.rb
+++ b/spec/frontend/fixtures/prometheus_service.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin)     { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project)   { create(:project_empty_repo, namespace: namespace, path: 'services-project') }
  let!(:service)  { create(:prometheus_service, project: project) }
+  let(:user) { project.owner }
  render_views
@@ -17,7 +17,7 @@ RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :con
  end
  before do
-    sign_in(admin)
+    sign_in(user)
  end
  after do

--- a/spec/frontend/fixtures/search.rb
+++ b/spec/frontend/fixtures/search.rb
@@ -7,7 +7,7 @@ RSpec.describe SearchController, '(JavaScript fixtures)', type: :controller do
  render_views
-  let_it_be(:user) { create(:admin) }
+  let_it_be(:user) { create(:user) }
  before(:all) do
    clean_frontend_fixtures('search/')
@@ -66,6 +66,10 @@ RSpec.describe SearchController, '(JavaScript fixtures)', type: :controller do
     offset: 0)
    end
+    before do
+      project.add_developer(user)
+    end
    it 'search/blob_search_result.html' do
      allow_next_instance_of(SearchServicePresenter) do |search_service|
        allow(search_service).to receive(:search_objects).and_return(blobs)

--- a/spec/frontend/fixtures/services.rb
+++ b/spec/frontend/fixtures/services.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin)     { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project)   { create(:project_empty_repo, namespace: namespace, path: 'services-project') }
  let!(:service)  { create(:custom_issue_tracker_service, project: project) }
+  let(:user) { project.owner }
  render_views
@@ -17,7 +17,7 @@ RSpec.describe Projects::ServicesController, '(JavaScript fixtures)', type: :con
  end
  before do
-    sign_in(admin)
+    sign_in(user)
  end
  after do

--- a/spec/frontend/fixtures/snippet.rb
+++ b/spec/frontend/fixtures/snippet.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe SnippetsController, '(JavaScript fixtures)', type: :controller do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project, :repository, namespace: namespace, path: 'branches-project') }
-  let(:snippet) { create(:personal_snippet, :public, title: 'snippet.md', content: '# snippet', file_name: 'snippet.md', author: admin) }
+  let(:user) { project.owner }
+  let(:snippet) { create(:personal_snippet, :public, title: 'snippet.md', content: '# snippet', file_name: 'snippet.md', author: user) }
  render_views
@@ -17,7 +17,7 @@ RSpec.describe SnippetsController, '(JavaScript fixtures)', type: :controller do
  end
  before do
-    sign_in(admin)
+    sign_in(user)
    allow(Discussion).to receive(:build_discussion_id).and_return(['discussionid:ceterumcenseo'])
  end
@@ -26,7 +26,7 @@ RSpec.describe SnippetsController, '(JavaScript fixtures)', type: :controller do
  end
  it 'snippets/show.html' do
-    create(:discussion_note_on_project_snippet, noteable: snippet, project: project, author: admin, note: '- [ ] Task List Item')
+    create(:discussion_note_on_project_snippet, noteable: snippet, project: project, author: user, note: '- [ ] Task List Item')
    get(:show, params: { id: snippet.to_param })

--- a/spec/frontend/fixtures/tags.rb
+++ b/spec/frontend/fixtures/tags.rb
@@ -5,8 +5,8 @@ require 'spec_helper'
 RSpec.describe 'Tags (JavaScript fixtures)' do
  include JavaScriptFixturesHelpers
-  let_it_be(:admin) { create(:admin) }
  let_it_be(:project) { create(:project, :repository, path: 'tags-project') }
+  let_it_be(:user) { project.owner }
  before(:all) do
    clean_frontend_fixtures('api/tags/')
@@ -20,7 +20,7 @@ RSpec.describe 'Tags (JavaScript fixtures)' do
    include ApiHelpers
    it 'api/tags/tags.json' do
-      get api("/projects/#{project.id}/repository/tags", admin)
+      get api("/projects/#{project.id}/repository/tags", user)
      expect(response).to be_successful
    end

--- a/spec/frontend/fixtures/todos.rb
+++ b/spec/frontend/fixtures/todos.rb
@@ -5,13 +5,13 @@ require 'spec_helper'
 RSpec.describe 'Todos (JavaScript fixtures)' do
  include JavaScriptFixturesHelpers
-  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
  let(:project) { create(:project_empty_repo, namespace: namespace, path: 'todos-project') }
+  let(:user) { project.owner }
  let(:issue_1) { create(:issue, title: 'issue_1', project: project) }
-  let!(:todo_1) { create(:todo, user: admin, project: project, target: issue_1, created_at: 5.hours.ago) }
+  let!(:todo_1) { create(:todo, user: user, project: project, target: issue_1, created_at: 5.hours.ago) }
  let(:issue_2) { create(:issue, title: 'issue_2', project: project) }
-  let!(:todo_2) { create(:todo, :done, user: admin, project: project, target: issue_2, created_at: 50.hours.ago) }
+  let!(:todo_2) { create(:todo, :done, user: user, project: project, target: issue_2, created_at: 50.hours.ago) }
  before(:all) do
    clean_frontend_fixtures('todos/')
@@ -25,7 +25,7 @@ RSpec.describe 'Todos (JavaScript fixtures)' do
    render_views
    before do
-      sign_in(admin)
+      sign_in(user)
    end
    it 'todos/todos.html' do
@@ -39,7 +39,7 @@ RSpec.describe 'Todos (JavaScript fixtures)' do
    render_views
    before do
-      sign_in(admin)
+      sign_in(user)
    end
    it 'todos/todos.json' do

--- a/spec/helpers/nav_helper_spec.rb
+++ b/spec/helpers/nav_helper_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-RSpec.describe NavHelper, :do_not_mock_admin_mode do
+RSpec.describe NavHelper do
  describe '#header_links' do
    include_context 'custom session'

--- a/spec/requests/api/api_guard/admin_mode_middleware_spec.rb
+++ b/spec/requests/api/api_guard/admin_mode_middleware_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-RSpec.describe API::APIGuard::AdminModeMiddleware, :do_not_mock_admin_mode, :request_store do
+RSpec.describe API::APIGuard::AdminModeMiddleware, :request_store do
  let(:user) { create(:admin) }
  it 'is loaded' do

--- a/spec/requests/api/graphql/group_query_spec.rb
+++ b/spec/requests/api/graphql/group_query_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'
 # Based on spec/requests/api/groups_spec.rb
 # Should follow closely in order to ensure all situations are covered
-RSpec.describe 'getting group information', :do_not_mock_admin_mode do
+RSpec.describe 'getting group information' do
  include GraphqlHelpers
  include UploadHelpers

--- a/spec/requests/api/graphql/mutations/snippets/mark_as_spam_spec.rb
+++ b/spec/requests/api/graphql/mutations/snippets/mark_as_spam_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-RSpec.describe 'Mark snippet as spam', :do_not_mock_admin_mode do
+RSpec.describe 'Mark snippet as spam' do
  include GraphqlHelpers
  let_it_be(:admin) { create(:admin) }

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-RSpec.describe API::Users, :do_not_mock_admin_mode do
+RSpec.describe API::Users do
  let_it_be(:admin) { create(:admin) }
  let_it_be(:user, reload: true) { create(:user, username: 'user.with.dot') }
  let_it_be(:key) { create(:key, user: user) }

--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -795,12 +795,24 @@ RSpec.describe 'Git HTTP requests' do
            context 'administrator' do
              let(:user) { create(:admin) }
-              it_behaves_like 'can download code only'
+              context 'when admin mode is enabled', :enable_admin_mode do
+                it_behaves_like 'can download code only'
-              it 'downloads from other project get status 403' do
+                it 'downloads from other project get status 403' do
-                clone_get "#{other_project.full_path}.git", user: 'gitlab-ci-token', password: build.token
+                  clone_get "#{other_project.full_path}.git", user: 'gitlab-ci-token', password: build.token
-                expect(response).to have_gitlab_http_status(:forbidden)
+                  expect(response).to have_gitlab_http_status(:forbidden)
+                end
+              end
+              context 'when admin mode is disabled' do
+                it_behaves_like 'can download code only'
+                it 'downloads from other project get status 404' do
+                  clone_get "#{other_project.full_path}.git", user: 'gitlab-ci-token', password: build.token
+                  expect(response).to have_gitlab_http_status(:not_found)
+                end
              end
            end

--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -195,7 +195,7 @@ RSpec.describe 'Git LFS API and storage' do
        end
      end
-      context 'administrator' do
+      context 'administrator', :enable_admin_mode do
        let(:user) { create(:admin) }
        let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
@@ -453,7 +453,7 @@ RSpec.describe 'Git LFS API and storage' do
          end
        end
-        context 'administrator' do
+        context 'administrator', :enable_admin_mode do
          let(:user) { create(:admin) }
          let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }

--- a/spec/requests/self_monitoring_project_spec.rb
+++ b/spec/requests/self_monitoring_project_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe 'Self-Monitoring project requests' do
    it_behaves_like 'not accessible to non-admin users'
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
      before do
        login_as(admin)
      end
@@ -36,7 +36,7 @@ RSpec.describe 'Self-Monitoring project requests' do
    it_behaves_like 'not accessible to non-admin users'
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
      before do
        login_as(admin)
      end
@@ -116,7 +116,7 @@ RSpec.describe 'Self-Monitoring project requests' do
    it_behaves_like 'not accessible to non-admin users'
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
      before do
        login_as(admin)
      end
@@ -140,7 +140,7 @@ RSpec.describe 'Self-Monitoring project requests' do
    it_behaves_like 'not accessible to non-admin users'
-    context 'with admin user' do
+    context 'with admin user', :enable_admin_mode do
      before do
        login_as(admin)
      end

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -286,19 +286,13 @@ RSpec.configure do |config|
      ./ee/spec/elastic_integration
      ./ee/spec/finders
      ./ee/spec/lib
-      ./ee/spec/requests/admin
      ./ee/spec/serializers
      ./ee/spec/support/shared_examples/finders/geo
      ./ee/spec/support/shared_examples/graphql/geo
      ./spec/finders
-      ./spec/frontend
-      ./spec/helpers
      ./spec/lib
-      ./spec/requests
      ./spec/serializers
-      ./spec/support/shared_examples/requests
      ./spec/support/shared_examples/lib/gitlab
-      ./spec/views
      ./spec/workers
    )

--- a/spec/support/shared_examples/requests/self_monitoring_shared_examples.rb
+++ b/spec/support/shared_examples/requests/self_monitoring_shared_examples.rb
@@ -20,6 +20,18 @@ RSpec.shared_examples 'not accessible to non-admin users' do
      expect(response).to have_gitlab_http_status(:not_found)
    end
  end
+  context 'with authenticated admin user without admin mode' do
+    before do
+      login_as(create(:admin))
+    end
+    it 'redirects to enable admin mode' do
+      subject
+      expect(response).to redirect_to(new_admin_session_path)
+    end
+  end
 end
 # Requires subject and worker_class and status_api to be defined

--- a/spec/views/projects/artifacts/_artifact.html.haml_spec.rb
+++ b/spec/views/projects/artifacts/_artifact.html.haml_spec.rb
@@ -16,10 +16,21 @@ RSpec.describe "projects/artifacts/_artifact.html.haml" do
    context 'with admin' do
      let(:user) { build(:admin) }
-      it 'has a delete button' do
+      context 'when admin mode is enabled', :enable_admin_mode do
-        render_partial
+        it 'has a delete button' do
+          render_partial
-        expect(rendered).to have_link('Delete artifacts', href: project_artifact_path(project, project.job_artifacts.first))
+          expect(rendered).to have_link('Delete artifacts', href: project_artifact_path(project, project.job_artifacts.first))
+        end
+      end
+      context 'when admin mode is disabled' do
+        it 'has no delete button' do
+          project.add_reporter(user)
+          render_partial
+          expect(rendered).not_to have_link('Delete artifacts')
+        end
      end
    end

--- a/spec/views/search/_results.html.haml_spec.rb
+++ b/spec/views/search/_results.html.haml_spec.rb
@@ -54,11 +54,22 @@ RSpec.describe 'search/_results' do
        let(:scope) { search_scope }
        let(:search_objects) { Gitlab::ProjectSearchResults.new(user, '*', project: project).objects(scope) }
-        it 'renders the click text event tracking attributes' do
+        context 'when admin mode is enabled', :enable_admin_mode do
-          render
+          it 'renders the click text event tracking attributes' do
+            render
+            expect(rendered).to have_selector('[data-track-event=click_text]')
+            expect(rendered).to have_selector('[data-track-property=search_result]')
+          end
+        end
+        context 'when admin mode is disabled' do
+          it 'does not render the click text event tracking attributes' do
+            render
-          expect(rendered).to have_selector('[data-track-event=click_text]')
+            expect(rendered).not_to have_selector('[data-track-event=click_text]')
-          expect(rendered).to have_selector('[data-track-property=search_result]')
+            expect(rendered).not_to have_selector('[data-track-property=search_result]')
+          end
        end
        it 'does render the sidebar' do
@@ -74,11 +85,22 @@ RSpec.describe 'search/_results' do
        let(:scope) { search_scope }
        let(:search_objects) { Gitlab::ProjectSearchResults.new(user, '*', project: project).objects(scope) }
-        it 'renders the click text event tracking attributes' do
+        context 'when admin mode is enabled', :enable_admin_mode do
-          render
+          it 'renders the click text event tracking attributes' do
+            render
+            expect(rendered).to have_selector('[data-track-event=click_text]')
+            expect(rendered).to have_selector('[data-track-property=search_result]')
+          end
+        end
+        context 'when admin mode is disabled' do
+          it 'does not render the click text event tracking attributes' do
+            render
-          expect(rendered).to have_selector('[data-track-event=click_text]')
+            expect(rendered).not_to have_selector('[data-track-event=click_text]')
-          expect(rendered).to have_selector('[data-track-property=search_result]')
+            expect(rendered).not_to have_selector('[data-track-property=search_result]')
+          end
        end
        it 'does not render the sidebar' do