| 1 | // SPDX-License-Identifier: AGPL-3.0-or-later |
| 2 | |
| 3 | package fork |
| 4 | |
| 5 | // allowedTargetVisibility enforces the visibility floor: a fork's |
| 6 | // visibility must be ≤ source's. Forking public → private is fine |
| 7 | // (the user is just choosing to keep their copy private); forking |
| 8 | // private → public would expose previously-private content and is |
| 9 | // always rejected. |
| 10 | // |
| 11 | // Returns "" + false when the proposed shape isn't allowed. |
| 12 | func allowedTargetVisibility(source, target string) (string, bool) { |
| 13 | switch source { |
| 14 | case "public": |
| 15 | // Any target visibility is allowed; default to public if blank. |
| 16 | if target == "" { |
| 17 | return "public", true |
| 18 | } |
| 19 | return target, target == "public" || target == "private" |
| 20 | case "private": |
| 21 | // Forking a private repo never expands its reach; target must |
| 22 | // stay private. Empty defaults to private. |
| 23 | if target == "" || target == "private" { |
| 24 | return "private", true |
| 25 | } |
| 26 | return "", false |
| 27 | } |
| 28 | return "", false |
| 29 | } |
| 30 |