diff --git a/spec/controllers/projects/boards/issues_controller_spec.rb b/spec/controllers/projects/boards/issues_controller_spec.rb
index 2c6cdf086b83e9a3a318df5d0cdc077f4dd0e4fa..d0ad5e26dbd077725cfc8bf28d546a9483191998 100644
--- a/spec/controllers/projects/boards/issues_controller_spec.rb
+++ b/spec/controllers/projects/boards/issues_controller_spec.rb
@@ -40,10 +40,12 @@ describe Projects::Boards::IssuesController do
     end
 
     context 'with unauthorized user' do
-      it 'returns a successful 403 response' do
+      before do
         allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
         allow(Ability.abilities).to receive(:allowed?).with(user, :read_issue, project).and_return(false)
+      end
 
+      it 'returns a successful 403 response' do
         list_issues user: user, list_id: list2
 
         expect(response).to have_http_status(403)
diff --git a/spec/controllers/projects/boards/lists_controller_spec.rb b/spec/controllers/projects/boards/lists_controller_spec.rb
index a241e2f363fe138312424d7cba2f75d55ab26468..9496636e3cc4c58d77d4b09aa4882c33bd1f5f71 100644
--- a/spec/controllers/projects/boards/lists_controller_spec.rb
+++ b/spec/controllers/projects/boards/lists_controller_spec.rb
@@ -33,13 +33,17 @@ describe Projects::Boards::ListsController do
       expect(parsed_response.length).to eq 3
     end
 
-    it 'returns a successful 403 response with unauthorized user' do
-      allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-      allow(Ability.abilities).to receive(:allowed?).with(user, :read_list, project).and_return(false)
+    context 'with unauthorized user' do
+      before do
+        allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+        allow(Ability.abilities).to receive(:allowed?).with(user, :read_list, project).and_return(false)
+      end
 
-      read_board_list user: user
+      it 'returns a successful 403 response' do
+        read_board_list user: user
 
-      expect(response).to have_http_status(403)
+        expect(response).to have_http_status(403)
+      end
     end
 
     def read_board_list(user:)
diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb
index 9ed4d8a4218d04f50c9093fdd3b682554ec85041..75a6d39e82c1a84652e750d76dbdfe858e88d99b 100644
--- a/spec/controllers/projects/boards_controller_spec.rb
+++ b/spec/controllers/projects/boards_controller_spec.rb
@@ -21,13 +21,17 @@ describe Projects::BoardsController do
       expect(response.content_type).to eq 'text/html'
     end
 
-    it 'returns a successful 404 response with unauthorized user' do
-      allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-      allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+    context 'with unauthorized user' do
+      before do
+        allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+        allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+      end
 
-      read_board
+      it 'returns a successful 404 response' do
+        read_board
 
-      expect(response).to have_http_status(404)
+        expect(response).to have_http_status(404)
+      end
     end
 
     def read_board(format: :html)