Merge branch 'chore/disable-admin-mode-remains' into 'master'

Fully disable auto admin mode and migrate remaining specs

See merge request gitlab-org/gitlab!50331

changelogs/unreleased/chore-disable-admin-mode-remains.yml

+---
+title: Fully disable auto admin mode and migrate remaining specs
+merge_request: 50331
+author: Diego Louzán
+type: other

ee/spec/elastic_integration/global_search_spec.rb

@@ -3,8 +3,11 @@
 require 'spec_helper'
 
 RSpec.describe 'GlobalSearch', :elastic do
+  include AdminModeHelper
+
   let(:features) { %i(issues merge_requests repository builds wiki snippets) }
-  let(:admin) { create :user, admin: true }
+  let(:admin_with_admin_mode) { create :user, admin: true }
+  let(:admin_without_admin_mode) { create :user, admin: true }
   let(:auditor) {create :user, auditor: true }
   let(:non_member) { create :user }
   let(:external_non_member) { create :user, external: true }
@@ -19,6 +22,8 @@ RSpec.describe 'GlobalSearch', :elastic do
     project.add_developer(member)
     project.add_developer(external_member)
     project.add_guest(guest)
+
+    enable_admin_mode!(admin_with_admin_mode)
   end
 
   context "Respect feature visibility levels", :aggregate_failures do
@@ -29,7 +34,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "does not find items if features are disabled" do
         create_items(project, feature_settings(:disabled))
 
-        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
         expect_no_items_to_be_found(auditor)
         expect_no_items_to_be_found(member)
         expect_no_items_to_be_found(external_member)
@@ -42,7 +48,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "shows items to member only if features are enabled" do
         create_items(project, feature_settings(:enabled))
 
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
         expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_items_to_be_found(external_member)
@@ -60,7 +67,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "does not find items if features are disabled" do
         create_items(project, feature_settings(:disabled))
 
-        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
         expect_no_items_to_be_found(auditor)
         expect_no_items_to_be_found(member)
         expect_no_items_to_be_found(external_member)
@@ -73,7 +81,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "shows items to member only if features are enabled" do
         create_items(project, feature_settings(:enabled))
 
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_items_to_be_found(admin_without_admin_mode)
         expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_items_to_be_found(external_member)
@@ -86,7 +95,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "shows items to member only if features are private" do
         create_items(project, feature_settings(:private))
 
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
         expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_items_to_be_found(external_member)
@@ -104,7 +114,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "does not find items if features are disabled" do
         create_items(project, feature_settings(:disabled))
 
-        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
         expect_no_items_to_be_found(auditor)
         expect_no_items_to_be_found(member)
         expect_no_items_to_be_found(external_member)
@@ -117,7 +128,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "finds items if features are enabled" do
         create_items(project, feature_settings(:enabled))
 
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_items_to_be_found(admin_without_admin_mode)
         expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_items_to_be_found(external_member)
@@ -130,7 +142,8 @@ RSpec.describe 'GlobalSearch', :elastic do
       it "shows items to member only if features are private", :aggregate_failures do
         create_items(project, feature_settings(:private))
 
-        expect_items_to_be_found(admin)
+        expect_items_to_be_found(admin_with_admin_mode)
+        expect_no_items_to_be_found(admin_without_admin_mode)
         expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_items_to_be_found(external_member)

ee/spec/finders/licenses_finder_spec.rb

@@ -7,16 +7,24 @@ RSpec.describe LicensesFinder do
 
   let_it_be(:user) { create(:admin) }
 
-  it 'returns a license by id' do
-    expect(described_class.new(user, id: license.id).execute.take).to eq(license)
-  end
+  context 'with admin mode enabled', :enable_admin_mode do
+    it 'returns a license by id' do
+      expect(described_class.new(user, id: license.id).execute.take).to eq(license)
+    end
+
+    it 'returns a collection of licenses' do
+      expect(described_class.new(user).execute).to contain_exactly(*License.all)
+    end
 
-  it 'returns a collection of licenses' do
-    expect(described_class.new(user).execute).to contain_exactly(*License.all)
+    it 'returns empty relation if the license doesnt exist' do
+      expect(described_class.new(user, id: 0).execute).to be_empty
+    end
   end
 
-  it 'returns empty relation if the license doesnt exist' do
-    expect(described_class.new(user, id: 0).execute).to be_empty
+  context 'with admin mode disabled' do
+    it 'raises an error' do
+      expect { described_class.new(user, id: 0).execute }.to raise_error Gitlab::Access::AccessDeniedError
+    end
   end
 
   it 'raises an error if the user is not an admin' do

ee/spec/finders/productivity_analytics_finder_spec.rb

@@ -5,7 +5,8 @@ require 'spec_helper'
 RSpec.describe ProductivityAnalyticsFinder do
   subject { described_class.new(current_user, search_params.merge(state: :merged)) }
 
-  let(:current_user) { create(:admin) }
+  let(:project) { create(:project) }
+  let(:current_user) { project.owner }
   let(:search_params) { {} }
 
   describe '.array_params' do
@@ -23,12 +24,12 @@ RSpec.describe ProductivityAnalyticsFinder do
   describe '#execute' do
     let(:long_mr) do
       metrics_data = { merged_at: 1.day.ago }
-      create(:merge_request, :merged, :with_productivity_metrics, created_at: 31.days.ago, metrics_data: metrics_data)
+      create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 31.days.ago, metrics_data: metrics_data)
     end
 
     let(:short_mr) do
       metrics_data = { merged_at: 28.days.ago }
-      create(:merge_request, :merged, :with_productivity_metrics, created_at: 31.days.ago, metrics_data: metrics_data)
+      create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 31.days.ago, metrics_data: metrics_data)
     end
 
     context 'allows to filter by days_to_merge' do
@@ -90,7 +91,7 @@ RSpec.describe ProductivityAnalyticsFinder do
 
         it 'uses start_date as filter value' do
           metrics_data = { merged_at: (2.years + 1.day).ago }
-          create(:merge_request, :merged, :with_productivity_metrics, created_at: 800.days.ago, metrics_data: metrics_data)
+          create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 800.days.ago, metrics_data: metrics_data)
           long_mr
 
           expect(subject.execute).to match_array([long_mr])

ee/spec/serializers/dashboard_operations_project_entity_spec.rb

@@ -95,7 +95,7 @@ RSpec.describe DashboardOperationsProjectEntity do
       expect(subject).not_to include(:alert_count, :upgrade_path)
     end
 
-    context 'the user has permission to upgrade plan' do
+    context 'the user has permission to upgrade plan', :enable_admin_mode do
       let(:user) { build(:user, :admin) }
 
       it 'shows the profile upgrade path' do
@@ -103,7 +103,7 @@ RSpec.describe DashboardOperationsProjectEntity do
       end
     end
 
-    context 'the user has permission to upgrade group' do
+    context 'the user has permission to upgrade group', :enable_admin_mode do
       let(:project) { build(:project, namespace: create(:group)) }
       let(:user) { build(:user, :admin) }
 

ee/spec/support/shared_examples/finders/geo/framework_registry_finder_shared_examples.rb

@@ -20,17 +20,23 @@ RSpec.shared_examples 'a framework registry finder' do |registry_factory|
     context 'when user can read all Geo' do
       let_it_be(:user) { create(:user, :admin) }
 
-      context 'with an ids param' do
-        let(:params) { { ids: [registry3.id, registry1.id] } }
+      context 'when admin mode is disabled' do
+        it { is_expected.to be_empty }
+      end
+
+      context 'when admin mode is enabled', :enable_admin_mode do
+        context 'with an ids param' do
+          let(:params) { { ids: [registry3.id, registry1.id] } }
 
-        it 'returns specified registries' do
-          expect(registries.to_a).to eq([registry1, registry3])
+          it 'returns specified registries' do
+            expect(registries.to_a).to contain_exactly(registry1, registry3)
+          end
         end
-      end
 
-      context 'without an ids param' do
-        it 'returns all registries' do
-          expect(registries.to_a).to eq([registry1, registry2, registry3])
+        context 'without an ids param' do
+          it 'returns all registries' do
+            expect(registries.to_a).to contain_exactly(registry1, registry2, registry3)
+          end
         end
       end
     end

ee/spec/support/shared_examples/graphql/geo/geo_registries_resolver_shared_examples.rb

@@ -20,19 +20,27 @@ RSpec.shared_examples_for 'a Geo registries resolver' do |registry_factory_name|
       context 'when the user has permission to view Geo data' do
         let_it_be(:current_user) { create(:admin) }
 
-        context 'when the ids argument is null' do
-          it 'returns registries, in order' do
-            expect(resolve_registries.to_a).to eq(registries)
+        context 'when admin mode is enabled', :enable_admin_mode do
+          context 'when the ids argument is null' do
+            it 'returns registries, in order' do
+              expect(resolve_registries.to_a).to eq(registries)
+            end
           end
-        end
 
-        context 'when the ids argument is present' do
-          it 'returns the requested registries, in order' do
-            requested_ids = [registry3.to_global_id, registry1.to_global_id]
-            args = { ids: requested_ids }
-            expected = [registry1, registry3]
+          context 'when the ids argument is present' do
+            it 'returns the requested registries, in order' do
+              requested_ids = [registry3.to_global_id, registry1.to_global_id]
+              args = { ids: requested_ids }
+              expected = [registry1, registry3]
+
+              expect(resolve_registries(args).to_a).to eq(expected)
+            end
+          end
+        end
 
-            expect(resolve_registries(args).to_a).to eq(expected)
+        context 'when admin mode is disabled' do
+          it 'returns nothing' do
+            expect(resolve_registries).to be_empty
           end
         end
       end

spec/finders/cluster_ancestors_finder_spec.rb

@@ -83,8 +83,16 @@ RSpec.describe ClusterAncestorsFinder, '#execute' do
     let(:clusterable) { Clusters::Instance.new }
     let(:user) { create(:admin) }
 
-    it 'returns the list of instance clusters' do
-      is_expected.to eq([instance_cluster])
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it 'returns the list of instance clusters' do
+        is_expected.to eq([instance_cluster])
+      end
+    end
+
+    context 'when admin mode is disabled' do
+      it 'returns nothing' do
+        is_expected.to be_empty
+      end
     end
   end
 end

spec/finders/group_projects_finder_spec.rb

@@ -142,20 +142,40 @@ RSpec.describe GroupProjectsFinder do
   describe 'with an admin current user' do
     let(:current_user) { create(:admin) }
 
-    context "only shared" do
-      let(:options) { { only_shared: true } }
+    context 'when admin mode is enabled', :enable_admin_mode do
+      context "only shared" do
+        let(:options) { { only_shared: true } }
 
-      it            { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1]) }
-    end
+        it            { is_expected.to contain_exactly(shared_project_3, shared_project_2, shared_project_1) }
+      end
 
-    context "only owned" do
-      let(:options) { { only_owned: true } }
+      context "only owned" do
+        let(:options) { { only_owned: true } }
+
+        it            { is_expected.to contain_exactly(private_project, public_project) }
+      end
 
-      it            { is_expected.to eq([private_project, public_project]) }
+      context "all" do
+        it { is_expected.to contain_exactly(shared_project_3, shared_project_2, shared_project_1, private_project, public_project) }
+      end
     end
 
-    context "all" do
-      it { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1, private_project, public_project]) }
+    context 'when admin mode is disabled' do
+      context "only shared" do
+        let(:options) { { only_shared: true } }
+
+        it            { is_expected.to contain_exactly(shared_project_3, shared_project_1) }
+      end
+
+      context "only owned" do
+        let(:options) { { only_owned: true } }
+
+        it            { is_expected.to contain_exactly(public_project) }
+      end
+
+      context "all" do
+        it { is_expected.to contain_exactly(shared_project_3, shared_project_1, public_project) }
+      end
     end
   end
 

spec/finders/groups_finder_spec.rb

@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe GroupsFinder do
+  include AdminModeHelper
+
   describe '#execute' do
     let(:user) { create(:user) }
 
@@ -23,11 +25,16 @@ RSpec.describe GroupsFinder do
         :external | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
         :external | {} | %i(public_group user_public_group user_internal_group user_private_group)
 
-        :admin | { all_available: true } | %i(public_group internal_group private_group user_public_group
-                                              user_internal_group user_private_group)
-        :admin | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
-        :admin | {} | %i(public_group internal_group private_group user_public_group user_internal_group
-                         user_private_group)
+        :admin_without_admin_mode | { all_available: true } | %i(public_group internal_group user_public_group
+                                                                 user_internal_group user_private_group)
+        :admin_without_admin_mode | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
+        :admin_without_admin_mode | {} | %i(public_group internal_group user_public_group user_internal_group user_private_group)
+
+        :admin_with_admin_mode | { all_available: true } | %i(public_group internal_group private_group user_public_group
+                                                              user_internal_group user_private_group)
+        :admin_with_admin_mode | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
+        :admin_with_admin_mode | {} | %i(public_group internal_group private_group user_public_group user_internal_group
+                                         user_private_group)
       end
 
       with_them do
@@ -52,8 +59,12 @@ RSpec.describe GroupsFinder do
                 create(:user)
               when :external
                 create(:user, external: true)
-              when :admin
+              when :admin_without_admin_mode
                 create(:user, :admin)
+              when :admin_with_admin_mode
+                admin = create(:user, :admin)
+                enable_admin_mode!(admin)
+                admin
               end
             @groups.values_at(:user_private_group, :user_internal_group, :user_public_group).each do |group|
               group.add_developer(user)

spec/finders/issues_finder_spec.rb

@@ -918,16 +918,26 @@ RSpec.describe IssuesFinder do
   describe '#row_count', :request_store do
     let_it_be(:admin) { create(:admin) }
 
-    it 'returns the number of rows for the default state' do
-      finder = described_class.new(admin)
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it 'returns the number of rows for the default state' do
+        finder = described_class.new(admin)
+
+        expect(finder.row_count).to eq(5)
+      end
+
+      it 'returns the number of rows for a given state' do
+        finder = described_class.new(admin, state: 'closed')
 
-      expect(finder.row_count).to eq(5)
+        expect(finder.row_count).to be_zero
+      end
     end
 
-    it 'returns the number of rows for a given state' do
-      finder = described_class.new(admin, state: 'closed')
+    context 'when admin mode is disabled' do
+      it 'returns no rows' do
+        finder = described_class.new(admin)
 
-      expect(finder.row_count).to be_zero
+        expect(finder.row_count).to be_zero
+      end
     end
 
     it 'returns -1 if the query times out' do
@@ -996,8 +1006,17 @@ RSpec.describe IssuesFinder do
 
         subject { described_class.new(admin_user, params).with_confidentiality_access_check }
 
-        it 'returns all issues' do
-          expect(subject).to include(public_issue, confidential_issue)
+        context 'when admin mode is enabled', :enable_admin_mode do
+          it 'returns all issues' do
+            expect(subject).to include(public_issue, confidential_issue)
+          end
+        end
+
+        context 'when admin mode is disabled' do
+          it 'returns only public issues' do
+            expect(subject).to include(public_issue)
+            expect(subject).not_to include(confidential_issue)
+          end
         end
       end
     end
@@ -1069,14 +1088,27 @@ RSpec.describe IssuesFinder do
 
         subject { described_class.new(admin_user, params).with_confidentiality_access_check }
 
-        it 'returns all issues' do
-          expect(subject).to include(public_issue, confidential_issue)
+        context 'when admin mode is enabled', :enable_admin_mode do
+          it 'returns all issues' do
+            expect(subject).to include(public_issue, confidential_issue)
+          end
+
+          it 'does not filter by confidentiality' do
+            expect(Issue).not_to receive(:where).with(a_string_matching('confidential'), anything)
+
+            subject
+          end
         end
 
-        it 'does not filter by confidentiality' do
-          expect(Issue).not_to receive(:where).with(a_string_matching('confidential'), anything)
+        context 'when admin mode is disabled' do
+          it 'returns only public issues' do
+            expect(subject).to include(public_issue)
+            expect(subject).not_to include(confidential_issue)
+          end
 
-          subject
+          it 'filters by confidentiality' do
+            expect(subject.to_sql).to match("issues.confidential")
+          end
         end
       end
     end

spec/finders/merge_requests_finder_spec.rb

@@ -697,10 +697,18 @@ RSpec.describe MergeRequestsFinder do
     context 'with admin user' do
       let(:user) { create(:user, :admin) }
 
-      it 'returns all merge requests' do
-        expect(merge_requests).to eq(
-          [mr_internal_private_repo_access, mr_private_repo_access, mr_internal, mr_private, mr_public]
-        )
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it 'returns all merge requests' do
+          expect(merge_requests).to contain_exactly(
+            mr_internal_private_repo_access, mr_private_repo_access, mr_internal, mr_private, mr_public
+          )
+        end
+      end
+
+      context 'when admin mode is disabled' do
+        it 'returns public and internal merge requests' do
+          expect(merge_requests).to contain_exactly(mr_internal, mr_public)
+        end
       end
     end
 

spec/finders/projects_finder_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe ProjectsFinder, :do_not_mock_admin_mode do
+RSpec.describe ProjectsFinder do
   include AdminModeHelper
 
   describe '#execute' do

spec/finders/snippets_finder_spec.rb

@@ -106,12 +106,18 @@ RSpec.describe SnippetsFinder do
         expect(snippets).to contain_exactly(public_personal_snippet)
       end
 
-      it 'returns all snippets for an admin' do
+      it 'returns all snippets for an admin in admin mode', :enable_admin_mode do
         snippets = described_class.new(admin, author: user).execute
 
         expect(snippets).to contain_exactly(private_personal_snippet, internal_personal_snippet, public_personal_snippet)
       end
 
+      it 'returns all public and internal snippets for an admin without admin mode' do
+        snippets = described_class.new(admin, author: user).execute
+
+        expect(snippets).to contain_exactly(internal_personal_snippet, public_personal_snippet)
+      end
+
       context 'when author is not valid' do
         it 'returns quickly' do
           finder = described_class.new(admin, author: non_existing_record_id)
@@ -180,12 +186,18 @@ RSpec.describe SnippetsFinder do
         expect(snippets).to contain_exactly(private_project_snippet)
       end
 
-      it 'returns all snippets for an admin' do
+      it 'returns all snippets for an admin in admin mode', :enable_admin_mode do
         snippets = described_class.new(admin, project: project).execute
 
         expect(snippets).to contain_exactly(private_project_snippet, internal_project_snippet, public_project_snippet)
       end
 
+      it 'returns public and internal snippets for an admin without admin mode' do
+        snippets = described_class.new(admin, project: project).execute
+
+        expect(snippets).to contain_exactly(internal_project_snippet, public_project_snippet)
+      end
+
       context 'filter by author' do
         let!(:other_user) { create(:user) }
         let!(:other_private_project_snippet) { create(:project_snippet, :private, project: project, author: other_user) }
@@ -218,7 +230,7 @@ RSpec.describe SnippetsFinder do
     end
 
     context 'filter by snippet type' do
-      context 'when filtering by only_personal snippet' do
+      context 'when filtering by only_personal snippet', :enable_admin_mode do
         it 'returns only personal snippet' do
           snippets = described_class.new(admin, only_personal: true).execute
 
@@ -228,7 +240,7 @@ RSpec.describe SnippetsFinder do
         end
       end
 
-      context 'when filtering by only_project snippet' do
+      context 'when filtering by only_project snippet', :enable_admin_mode do
         it 'returns only project snippet' do
           snippets = described_class.new(admin, only_project: true).execute
 
@@ -239,7 +251,7 @@ RSpec.describe SnippetsFinder do
       end
     end
 
-    context 'filtering by ids' do
+    context 'filtering by ids', :enable_admin_mode do
       it 'returns only personal snippet' do
         snippets = described_class.new(
           admin, ids: [private_personal_snippet.id,
@@ -265,13 +277,21 @@ RSpec.describe SnippetsFinder do
         )
       end
 
-      it 'returns all personal snippets for admins' do
+      it 'returns all personal snippets for admins when in admin mode', :enable_admin_mode do
         snippets = described_class.new(admin, explore: true).execute
 
         expect(snippets).to contain_exactly(
           private_personal_snippet, internal_personal_snippet, public_personal_snippet
         )
       end
+
+      it 'also returns internal personal snippets for admins without admin mode' do
+        snippets = described_class.new(admin, explore: true).execute
+
+        expect(snippets).to contain_exactly(
+          internal_personal_snippet, public_personal_snippet
+        )
+      end
     end
 
     context 'when the user cannot read cross project' do
@@ -302,7 +322,7 @@ RSpec.describe SnippetsFinder do
       end
     end
 
-    context 'no sort param is provided' do
+    context 'no sort param is provided', :enable_admin_mode do
       it 'returns snippets sorted by id' do
         snippets = described_class.new(admin).execute
 
@@ -310,7 +330,7 @@ RSpec.describe SnippetsFinder do
       end
     end
 
-    context 'sort param is provided' do
+    context 'sort param is provided', :enable_admin_mode do
       it 'returns snippets sorted by sort param' do
         snippets = described_class.new(admin, sort: 'updated_desc').execute
 

spec/finders/users_finder_spec.rb

@@ -90,7 +90,7 @@ RSpec.describe UsersFinder do
       end
     end
 
-    context 'with an admin user' do
+    context 'with an admin user', :enable_admin_mode do
       let(:admin) { create(:admin) }
 
       it 'filters by external users' do

spec/serializers/build_details_entity_spec.rb

@@ -5,14 +5,13 @@ require 'spec_helper'
 RSpec.describe BuildDetailsEntity do
   include ProjectForksHelper
 
-  let_it_be(:user) { create(:admin) }
-
   it 'inherits from JobEntity' do
     expect(described_class).to be < JobEntity
   end
 
   describe '#as_json' do
     let(:project) { create(:project, :repository) }
+    let(:user) { project.owner }
     let(:pipeline) { create(:ci_pipeline, project: project) }
     let(:build) { create(:ci_build, :failed, pipeline: pipeline) }
     let(:request) { double('request', project: project) }
@@ -66,6 +65,7 @@ RSpec.describe BuildDetailsEntity do
 
         before do
           allow(build).to receive(:merge_request).and_return(merge_request)
+          forked_project.add_developer(user)
         end
 
         let(:merge_request) do
@@ -186,7 +186,7 @@ RSpec.describe BuildDetailsEntity do
     end
 
     context 'when the build has expired artifacts' do
-      let!(:build) { create(:ci_build, :artifacts, artifacts_expire_at: 7.days.ago) }
+      let!(:build) { create(:ci_build, :artifacts, pipeline: pipeline, artifacts_expire_at: 7.days.ago) }
 
       context 'when pipeline is unlocked' do
         before do
@@ -218,7 +218,7 @@ RSpec.describe BuildDetailsEntity do
     end
 
     context 'when the build has archive type artifacts' do
-      let!(:build) { create(:ci_build, :artifacts, artifacts_expire_at: 7.days.from_now) }
+      let!(:build) { create(:ci_build, :artifacts, pipeline: pipeline, artifacts_expire_at: 7.days.from_now) }
       let!(:report) { create(:ci_job_artifact, :codequality, job: build) }
 
       it 'exposes artifact details' do

spec/serializers/deploy_key_entity_spec.rb

@@ -52,7 +52,13 @@ RSpec.describe DeployKeyEntity do
   context 'user is an admin' do
     let(:user) { create(:user, :admin) }
 
-    it { expect(entity.as_json).to include(can_edit: true) }
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it { expect(entity.as_json).to include(can_edit: true) }
+    end
+
+    context 'when admin mode is disabled' do
+      it { expect(entity.as_json).not_to include(can_edit: true) }
+    end
   end
 
   context 'user is a project maintainer' do

spec/serializers/runner_entity_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe RunnerEntity do
   let(:runner) { create(:ci_runner, :project, projects: [project]) }
   let(:entity) { described_class.new(runner, request: request, current_user: user) }
   let(:request) { double('request') }
-  let(:user) { create(:admin) }
+  let(:user) { project.owner }
 
   before do
     allow(request).to receive(:current_user).and_return(user)

spec/spec_helper.rb

@@ -272,38 +272,6 @@ RSpec.configure do |config|
 
     Sidekiq::Worker.clear_all
 
-    # Temporary patch to force admin mode to be active by default in tests when
-    # using the feature flag :user_mode_in_session, since this will require
-    # modifying a significant number of specs to test both states for admin
-    # mode enabled / disabled.
-    #
-    # This will only be applied to specs below dirs in `admin_mode_mock_dirs`
-    #
-    # See ongoing migration: https://gitlab.com/gitlab-org/gitlab/-/issues/31511
-    #
-    # Until the migration is finished, if it is required to have the real
-    # behaviour in any of the mocked dirs specs that an admin is signed in
-    # with normal user mode and needs to switch to admin mode, it is possible to
-    # mark such tests with the `do_not_mock_admin_mode` metadata tag, e.g:
-    #
-    # context 'some test in mocked dir', :do_not_mock_admin_mode do ... end
-    admin_mode_mock_dirs = %w(
-      ./ee/spec/elastic_integration
-      ./ee/spec/finders
-      ./ee/spec/serializers
-      ./ee/spec/support/shared_examples/finders/geo
-      ./ee/spec/support/shared_examples/graphql/geo
-      ./spec/finders
-      ./spec/serializers
-      ./spec/workers
-    )
-
-    if !example.metadata[:do_not_mock_admin_mode] && example.metadata[:file_path].start_with?(*admin_mode_mock_dirs)
-      allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|
-        current_user_mode.send(:user)&.admin?
-      end
-    end
-
     # Administrators have to re-authenticate in order to access administrative
     # functionality when feature flag :user_mode_in_session is active. Any spec
     # that requires administrative access can use the tag :enable_admin_mode
@@ -311,6 +279,10 @@ RSpec.configure do |config|
     #
     # context 'some test that requires admin mode', :enable_admin_mode do ... end
     #
+    # Some specs do get admin mode enabled automatically (e.g. `spec/controllers/admin`).
+    # In this case, specs that need to test both admin mode states can use the
+    # :do_not_mock_admin_mode tag to disable auto admin mode.
+    #
     # See also spec/support/helpers/admin_mode_helpers.rb
     if example.metadata[:enable_admin_mode] && !example.metadata[:do_not_mock_admin_mode]
       allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|

spec/workers/group_destroy_worker_spec.rb

@@ -4,8 +4,12 @@ require 'spec_helper'
 
 RSpec.describe GroupDestroyWorker do
   let(:group) { create(:group) }
-  let(:user) { create(:admin) }
   let!(:project) { create(:project, namespace: group) }
+  let(:user) { create(:user) }
+
+  before do
+    group.add_owner(user)
+  end
 
   subject { described_class.new }