diff --git a/db/migrate/20160301124843_add_visibility_level_to_groups.rb b/db/migrate/20160301124843_add_visibility_level_to_groups.rb
index 8121a0c6f90a72ef178ce6e9a2ebe578ada2a793..d1b921bb208e897aa23322e942d7fc3571433438 100644
--- a/db/migrate/20160301124843_add_visibility_level_to_groups.rb
+++ b/db/migrate/20160301124843_add_visibility_level_to_groups.rb
@@ -17,7 +17,6 @@ class AddVisibilityLevelToGroups < ActiveRecord::Migration
   private
 
   def allowed_visibility_level
-    return 20
     application_settings = select_one("SELECT restricted_visibility_levels FROM application_settings ORDER BY id DESC LIMIT 1")
     if application_settings
       restricted_visibility_levels = YAML.safe_load(application_settings["restricted_visibility_levels"]) rescue nil
diff --git a/db/migrate/20160308212903_add_default_group_visibility_to_application_settings.rb b/db/migrate/20160308212903_add_default_group_visibility_to_application_settings.rb
index 37179926d42041d9de2fbeb8b22dda315cd30f9d..75de5f70fa299e93f2dfe369610f505d6e878fdc 100644
--- a/db/migrate/20160308212903_add_default_group_visibility_to_application_settings.rb
+++ b/db/migrate/20160308212903_add_default_group_visibility_to_application_settings.rb
@@ -5,6 +5,8 @@
 class AddDefaultGroupVisibilityToApplicationSettings < ActiveRecord::Migration
   def up
     add_column :application_settings, :default_group_visibility, :integer
+    # Unfortunately, this can't be a `default`, since we don't want the configuration specific
+    # `allowed_visibility_level` to end up in schema.rb
     execute("UPDATE application_settings SET default_group_visibility = #{allowed_visibility_level}")
   end
 
diff --git a/spec/finders/joined_groups_finder_spec.rb b/spec/finders/joined_groups_finder_spec.rb
index 66a250f9dd119a6f56889783a70302f1075d24ba..f90a8e007c8e10b3dc212ba7dc2358e1d4929e1f 100644
--- a/spec/finders/joined_groups_finder_spec.rb
+++ b/spec/finders/joined_groups_finder_spec.rb
@@ -26,33 +26,34 @@ describe JoinedGroupsFinder do
     context "with a user" do
       before do
         private_group.add_master(profile_owner)
-        private_group.add_developer(profile_visitor)
         internal_group.add_master(profile_owner)
         public_group.add_master(profile_owner)
       end
 
-      it 'only shows groups where both users are authorized to see' do
-        expect(finder.execute(profile_visitor)).to eq([public_group, internal_group, private_group])
+      context "when the profile visitor is in the private group" do
+        before do
+          private_group.add_developer(profile_visitor)
+        end
+
+        it 'only shows groups where both users are authorized to see' do
+          expect(finder.execute(profile_visitor)).to eq([public_group, internal_group, private_group])
+        end
       end
 
-      context 'if profile visitor is in one of its projects' do
+      context 'if profile visitor is in one of the private group projects' do
         before do
-          public_group.add_master(profile_owner)
-          private_group.add_master(profile_owner)
           project = create(:project, :private, group: private_group, name: 'B', path: 'B')
-          project.team.add_developer(profile_visitor)
+          project.team.add_user(profile_visitor, Gitlab::Access::DEVELOPER)
         end
 
         it 'shows group' do
-          expect(finder.execute(profile_visitor)).to eq([public_group, private_group])
+          expect(finder.execute(profile_visitor)).to eq([public_group, internal_group, private_group])
         end
       end
 
       context 'external users' do
         before do
           profile_visitor.update_attributes(external: true)
-          public_group.add_master(profile_owner)
-          internal_group.add_master(profile_owner)
         end
 
         context 'if not a member' do