@expo/entity 0.53.0 → 0.55.0

package/src/errors/EntityError.ts

@@ -1,5 +1,3 @@
-import ES6Error from 'es6-error';
-
 /**
  * The state of an entity error, indicating whether it may be transient/retryable.
  */
@@ -34,14 +32,15 @@ export enum EntityErrorCode {
 /**
  * Base class for all known errors thrown by the entity system.
  */
-export abstract class EntityError extends ES6Error {
+export abstract class EntityError extends Error {
+  static {
+    this.prototype.name = 'EntityError';
+  }
+
   public abstract readonly state: EntityErrorState;
   public abstract readonly code: EntityErrorCode;
 
-  constructor(
-    message: string,
-    public override readonly cause?: Error,
-  ) {
-    super(message);
+  constructor(message: string, cause?: Error) {
+    super(message, { cause });
   }
 }

package/src/errors/EntityInvalidFieldValueError.ts

@@ -22,8 +22,17 @@ export class EntityInvalidFieldValueError<
   N extends keyof TFields,
   TSelectedFields extends keyof TFields = keyof TFields,
 > extends EntityError {
-  public readonly state = EntityErrorState.PERMANENT;
-  public readonly code = EntityErrorCode.ERR_ENTITY_INVALID_FIELD_VALUE;
+  static {
+    this.prototype.name = 'EntityInvalidFieldValueError';
+  }
+
+  get state(): EntityErrorState.PERMANENT {
+    return EntityErrorState.PERMANENT;
+  }
+
+  get code(): EntityErrorCode.ERR_ENTITY_INVALID_FIELD_VALUE {
+    return EntityErrorCode.ERR_ENTITY_INVALID_FIELD_VALUE;
+  }
 
   constructor(
     entityClass: IEntityClass<

package/src/errors/EntityNotAuthorizedError.ts

@@ -13,8 +13,17 @@ export class EntityNotAuthorizedError<
   TEntity extends ReadonlyEntity<TFields, TIDField, TViewerContext, TSelectedFields>,
   TSelectedFields extends keyof TFields = keyof TFields,
 > extends EntityError {
-  public readonly state = EntityErrorState.PERMANENT;
-  public readonly code = EntityErrorCode.ERR_ENTITY_NOT_AUTHORIZED;
+  static {
+    this.prototype.name = 'EntityNotAuthorizedError';
+  }
+
+  get state(): EntityErrorState.PERMANENT {
+    return EntityErrorState.PERMANENT;
+  }
+
+  get code(): EntityErrorCode.ERR_ENTITY_NOT_AUTHORIZED {
+    return EntityErrorCode.ERR_ENTITY_NOT_AUTHORIZED;
+  }
 
   public readonly entityClassName: string;
 

package/src/errors/EntityNotFoundError.ts

@@ -49,8 +49,17 @@ export class EntityNotFoundError<
   N extends keyof TFields,
   TSelectedFields extends keyof TFields = keyof TFields,
 > extends EntityError {
-  public readonly state = EntityErrorState.PERMANENT;
-  public readonly code = EntityErrorCode.ERR_ENTITY_NOT_FOUND;
+  static {
+    this.prototype.name = 'EntityNotFoundError';
+  }
+
+  get state(): EntityErrorState.PERMANENT {
+    return EntityErrorState.PERMANENT;
+  }
+
+  get code(): EntityErrorCode.ERR_ENTITY_NOT_FOUND {
+    return EntityErrorCode.ERR_ENTITY_NOT_FOUND;
+  }
 
   constructor(message: string);
   constructor(

package/src/errors/__tests__/EntityDatabaseAdapterError-test.ts

@@ -2,7 +2,12 @@ import { describe, expect, it } from '@jest/globals';
 
 import {
   EntityDatabaseAdapterCheckConstraintError,
+  EntityDatabaseAdapterEmptyInsertResultError,
+  EntityDatabaseAdapterEmptyUpdateResultError,
   EntityDatabaseAdapterError,
+  EntityDatabaseAdapterExcessiveDeleteResultError,
+  EntityDatabaseAdapterExcessiveInsertResultError,
+  EntityDatabaseAdapterExcessiveUpdateResultError,
   EntityDatabaseAdapterExclusionConstraintError,
   EntityDatabaseAdapterForeignKeyConstraintError,
   EntityDatabaseAdapterNotNullConstraintError,
@@ -10,20 +15,72 @@ import {
   EntityDatabaseAdapterUniqueConstraintError,
   EntityDatabaseAdapterUnknownError,
 } from '../EntityDatabaseAdapterError';
+import { EntityErrorCode, EntityErrorState } from '../EntityError';
 
 describe(EntityDatabaseAdapterError, () => {
   // necessary for coverage within the entity package since these errors are
   // currently only ever instantiated by database adapter implementations
-  it('instantiates all errors successfully', () => {
-    const errors = [
-      new EntityDatabaseAdapterTransientError('test'),
-      new EntityDatabaseAdapterUnknownError('test'),
-      new EntityDatabaseAdapterCheckConstraintError('test'),
-      new EntityDatabaseAdapterExclusionConstraintError('test'),
-      new EntityDatabaseAdapterForeignKeyConstraintError('test'),
-      new EntityDatabaseAdapterNotNullConstraintError('test'),
-      new EntityDatabaseAdapterUniqueConstraintError('test'),
-    ];
-    expect(errors).not.toBeFalsy();
+  it('instantiates all errors with correct state and code', () => {
+    const transientError = new EntityDatabaseAdapterTransientError('test');
+    expect(transientError.state).toBe(EntityErrorState.TRANSIENT);
+    expect(transientError.code).toBe(EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_TRANSIENT);
+
+    const unknownError = new EntityDatabaseAdapterUnknownError('test');
+    expect(unknownError.state).toBe(EntityErrorState.UNKNOWN);
+    expect(unknownError.code).toBe(EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_UNKNOWN);
+
+    const checkError = new EntityDatabaseAdapterCheckConstraintError('test');
+    expect(checkError.state).toBe(EntityErrorState.PERMANENT);
+    expect(checkError.code).toBe(EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_CHECK_CONSTRAINT);
+
+    const exclusionError = new EntityDatabaseAdapterExclusionConstraintError('test');
+    expect(exclusionError.state).toBe(EntityErrorState.PERMANENT);
+    expect(exclusionError.code).toBe(
+      EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_EXCLUSION_CONSTRAINT,
+    );
+
+    const foreignKeyError = new EntityDatabaseAdapterForeignKeyConstraintError('test');
+    expect(foreignKeyError.state).toBe(EntityErrorState.PERMANENT);
+    expect(foreignKeyError.code).toBe(
+      EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_FOREIGN_KEY_CONSTRAINT,
+    );
+
+    const notNullError = new EntityDatabaseAdapterNotNullConstraintError('test');
+    expect(notNullError.state).toBe(EntityErrorState.PERMANENT);
+    expect(notNullError.code).toBe(EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_NOT_NULL_CONSTRAINT);
+
+    const uniqueError = new EntityDatabaseAdapterUniqueConstraintError('test');
+    expect(uniqueError.state).toBe(EntityErrorState.PERMANENT);
+    expect(uniqueError.code).toBe(EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_UNIQUE_CONSTRAINT);
+
+    const excessiveInsertError = new EntityDatabaseAdapterExcessiveInsertResultError('test');
+    expect(excessiveInsertError.state).toBe(EntityErrorState.PERMANENT);
+    expect(excessiveInsertError.code).toBe(
+      EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_EXCESSIVE_INSERT_RESULT,
+    );
+
+    const emptyInsertError = new EntityDatabaseAdapterEmptyInsertResultError('test');
+    expect(emptyInsertError.state).toBe(EntityErrorState.PERMANENT);
+    expect(emptyInsertError.code).toBe(
+      EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_EMPTY_INSERT_RESULT,
+    );
+
+    const excessiveUpdateError = new EntityDatabaseAdapterExcessiveUpdateResultError('test');
+    expect(excessiveUpdateError.state).toBe(EntityErrorState.PERMANENT);
+    expect(excessiveUpdateError.code).toBe(
+      EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_EXCESSIVE_UPDATE_RESULT,
+    );
+
+    const emptyUpdateError = new EntityDatabaseAdapterEmptyUpdateResultError('test');
+    expect(emptyUpdateError.state).toBe(EntityErrorState.PERMANENT);
+    expect(emptyUpdateError.code).toBe(
+      EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_EMPTY_UPDATE_RESULT,
+    );
+
+    const excessiveDeleteError = new EntityDatabaseAdapterExcessiveDeleteResultError('test');
+    expect(excessiveDeleteError.state).toBe(EntityErrorState.PERMANENT);
+    expect(excessiveDeleteError.code).toBe(
+      EntityErrorCode.ERR_ENTITY_DATABASE_ADAPTER_EXCESSIVE_DELETE_RESULT,
+    );
   });
 });

package/src/errors/__tests__/EntityError-test.ts

@@ -0,0 +1,36 @@
+import { describe, expect, it } from '@jest/globals';
+
+import { EntityCacheAdapterTransientError } from '../EntityCacheAdapterError';
+import { EntityErrorCode, EntityErrorState } from '../EntityError';
+import { EntityInvalidFieldValueError } from '../EntityInvalidFieldValueError';
+import { EntityNotAuthorizedError } from '../EntityNotAuthorizedError';
+import { EntityNotFoundError } from '../EntityNotFoundError';
+
+describe('EntityError subclasses', () => {
+  it('EntityNotFoundError has correct state and code', () => {
+    const error = new EntityNotFoundError('not found');
+    expect(error.state).toBe(EntityErrorState.PERMANENT);
+    expect(error.code).toBe(EntityErrorCode.ERR_ENTITY_NOT_FOUND);
+  });
+
+  it('EntityNotAuthorizedError has correct state and code', () => {
+    const mockEntity = { constructor: { name: 'TestEntity' }, toString: () => 'TestEntity' } as any;
+    const mockViewerContext = { toString: () => 'TestViewer' } as any;
+    const error = new EntityNotAuthorizedError(mockEntity, mockViewerContext, 0, 0);
+    expect(error.state).toBe(EntityErrorState.PERMANENT);
+    expect(error.code).toBe(EntityErrorCode.ERR_ENTITY_NOT_AUTHORIZED);
+  });
+
+  it('EntityInvalidFieldValueError has correct state and code', () => {
+    const mockEntityClass = { name: 'TestEntity' } as any;
+    const error = new EntityInvalidFieldValueError(mockEntityClass, 'testField', 'badValue');
+    expect(error.state).toBe(EntityErrorState.PERMANENT);
+    expect(error.code).toBe(EntityErrorCode.ERR_ENTITY_INVALID_FIELD_VALUE);
+  });
+
+  it('EntityCacheAdapterTransientError has correct state and code', () => {
+    const error = new EntityCacheAdapterTransientError('cache error');
+    expect(error.state).toBe(EntityErrorState.TRANSIENT);
+    expect(error.code).toBe(EntityErrorCode.ERR_ENTITY_CACHE_ADAPTER_TRANSIENT);
+  });
+});

package/src/index.ts

@@ -66,9 +66,13 @@ export * from './internal/SingleFieldHolder';
 export * from './metrics/EntityMetricsUtils';
 export * from './metrics/IEntityMetricsAdapter';
 export * from './metrics/NoOpEntityMetricsAdapter';
+export * from './rules/AllowIfAllSubRulesAllowPrivacyPolicyRule';
+export * from './rules/AllowIfAnySubRuleAllowsPrivacyPolicyRule';
+export * from './rules/AllowIfInParentCascadeDeletionPrivacyPolicyRule';
 export * from './rules/AlwaysAllowPrivacyPolicyRule';
 export * from './rules/AlwaysDenyPrivacyPolicyRule';
 export * from './rules/AlwaysSkipPrivacyPolicyRule';
+export * from './rules/EvaluateIfEntityFieldPredicatePrivacyPolicyRule';
 export * from './rules/PrivacyPolicyRule';
 export * from './utils/EntityCreationUtils';
 export * from './utils/EntityPrivacyUtils';

package/src/internal/CompositeFieldHolder.ts

@@ -32,14 +32,12 @@ export type SerializedCompositeFieldHolder = string & {
 export class CompositeFieldHolder<
   TFields extends Record<string, any>,
   TIDField extends keyof TFields,
-> implements
-    IEntityLoadKey<
-      TFields,
-      TIDField,
-      SerializedCompositeFieldValueHolder,
-      CompositeFieldValueHolder<TFields, EntityCompositeField<TFields>>
-    >
-{
+> implements IEntityLoadKey<
+  TFields,
+  TIDField,
+  SerializedCompositeFieldValueHolder,
+  CompositeFieldValueHolder<TFields, EntityCompositeField<TFields>>
+> {
   public readonly compositeField: EntityCompositeField<TFields>;
 
   constructor(compositeFieldInput: EntityCompositeField<TFields>) {
@@ -174,8 +172,7 @@ export type SerializedCompositeFieldValueHolder = string & {
 export class CompositeFieldValueHolder<
   TFields extends Record<string, any>,
   TCompositeField extends EntityCompositeField<TFields>,
-> implements IEntityLoadValue<SerializedCompositeFieldValueHolder>
-{
+> implements IEntityLoadValue<SerializedCompositeFieldValueHolder> {
   constructor(
     public readonly compositeFieldValue: EntityCompositeFieldValue<TFields, TCompositeField>,
   ) {}

package/src/internal/CompositeFieldValueMap.ts

@@ -11,8 +11,7 @@ export class CompositeFieldValueMap<
   TFields extends Record<string, any>,
   N extends EntityCompositeField<TFields>,
   TOutput,
-> implements ReadonlyMap<EntityCompositeFieldValue<TFields, N>, TOutput>
-{
+> implements ReadonlyMap<EntityCompositeFieldValue<TFields, N>, TOutput> {
   private readonly map: Map<SerializedCompositeFieldValueHolder, TOutput>;
 
   constructor(entries: [CompositeFieldValueHolder<TFields, N>, TOutput][]) {

package/src/internal/SingleFieldHolder.ts

@@ -18,9 +18,12 @@ export class SingleFieldHolder<
   TFields extends Record<string, any>,
   TIDField extends keyof TFields,
   N extends keyof TFields,
-> implements
-    IEntityLoadKey<TFields, TIDField, NonNullable<TFields[N]>, SingleFieldValueHolder<TFields, N>>
-{
+> implements IEntityLoadKey<
+  TFields,
+  TIDField,
+  NonNullable<TFields[N]>,
+  SingleFieldValueHolder<TFields, N>
+> {
   constructor(public readonly fieldName: N) {}
 
   toString(): string {
@@ -102,9 +105,10 @@ export class SingleFieldHolder<
  *
  * @internal
  */
-export class SingleFieldValueHolder<TFields extends Record<string, any>, N extends keyof TFields>
-  implements IEntityLoadValue<NonNullable<TFields[N]>>
-{
+export class SingleFieldValueHolder<
+  TFields extends Record<string, any>,
+  N extends keyof TFields,
+> implements IEntityLoadValue<NonNullable<TFields[N]>> {
   constructor(public readonly fieldValue: NonNullable<TFields[N]>) {}
 
   toString(): string {

package/src/rules/AllowIfAllSubRulesAllowPrivacyPolicyRule.ts

@@ -0,0 +1,47 @@
+import { EntityPrivacyPolicyEvaluationContext } from '../EntityPrivacyPolicy';
+import { EntityQueryContext } from '../EntityQueryContext';
+import { ReadonlyEntity } from '../ReadonlyEntity';
+import { ViewerContext } from '../ViewerContext';
+import { PrivacyPolicyRule, RuleEvaluationResult } from './PrivacyPolicyRule';
+
+export class AllowIfAllSubRulesAllowPrivacyPolicyRule<
+  TFields extends object,
+  TIDField extends keyof NonNullable<Pick<TFields, TSelectedFields>>,
+  TViewerContext extends ViewerContext,
+  TEntity extends ReadonlyEntity<TFields, TIDField, TViewerContext, TSelectedFields>,
+  TSelectedFields extends keyof TFields = keyof TFields,
+> extends PrivacyPolicyRule<TFields, TIDField, TViewerContext, TEntity, TSelectedFields> {
+  constructor(
+    private readonly subRules: PrivacyPolicyRule<
+      TFields,
+      TIDField,
+      TViewerContext,
+      TEntity,
+      TSelectedFields
+    >[],
+  ) {
+    super();
+  }
+
+  async evaluateAsync(
+    viewerContext: TViewerContext,
+    queryContext: EntityQueryContext,
+    evaluationContext: EntityPrivacyPolicyEvaluationContext<
+      TFields,
+      TIDField,
+      TViewerContext,
+      TEntity,
+      TSelectedFields
+    >,
+    entity: TEntity,
+  ): Promise<RuleEvaluationResult> {
+    const results = await Promise.all(
+      this.subRules.map((subRule) =>
+        subRule.evaluateAsync(viewerContext, queryContext, evaluationContext, entity),
+      ),
+    );
+    return results.every((result) => result === RuleEvaluationResult.ALLOW)
+      ? RuleEvaluationResult.ALLOW
+      : RuleEvaluationResult.SKIP;
+  }
+}

package/src/rules/AllowIfAnySubRuleAllowsPrivacyPolicyRule.ts

@@ -0,0 +1,47 @@
+import { EntityPrivacyPolicyEvaluationContext } from '../EntityPrivacyPolicy';
+import { EntityQueryContext } from '../EntityQueryContext';
+import { ReadonlyEntity } from '../ReadonlyEntity';
+import { ViewerContext } from '../ViewerContext';
+import { PrivacyPolicyRule, RuleEvaluationResult } from './PrivacyPolicyRule';
+
+export class AllowIfAnySubRuleAllowsPrivacyPolicyRule<
+  TFields extends object,
+  TIDField extends keyof NonNullable<Pick<TFields, TSelectedFields>>,
+  TViewerContext extends ViewerContext,
+  TEntity extends ReadonlyEntity<TFields, TIDField, TViewerContext, TSelectedFields>,
+  TSelectedFields extends keyof TFields = keyof TFields,
+> extends PrivacyPolicyRule<TFields, TIDField, TViewerContext, TEntity, TSelectedFields> {
+  constructor(
+    private readonly subRules: PrivacyPolicyRule<
+      TFields,
+      TIDField,
+      TViewerContext,
+      TEntity,
+      TSelectedFields
+    >[],
+  ) {
+    super();
+  }
+
+  async evaluateAsync(
+    viewerContext: TViewerContext,
+    queryContext: EntityQueryContext,
+    evaluationContext: EntityPrivacyPolicyEvaluationContext<
+      TFields,
+      TIDField,
+      TViewerContext,
+      TEntity,
+      TSelectedFields
+    >,
+    entity: TEntity,
+  ): Promise<RuleEvaluationResult> {
+    const results = await Promise.all(
+      this.subRules.map((subRule) =>
+        subRule.evaluateAsync(viewerContext, queryContext, evaluationContext, entity),
+      ),
+    );
+    return results.includes(RuleEvaluationResult.ALLOW)
+      ? RuleEvaluationResult.ALLOW
+      : RuleEvaluationResult.SKIP;
+  }
+}

package/src/rules/AllowIfInParentCascadeDeletionPrivacyPolicyRule.ts

@@ -0,0 +1,177 @@
+import { IEntityClass } from '../Entity';
+import { EntityPrivacyPolicy, EntityPrivacyPolicyEvaluationContext } from '../EntityPrivacyPolicy';
+import { EntityQueryContext } from '../EntityQueryContext';
+import { ReadonlyEntity } from '../ReadonlyEntity';
+import { ViewerContext } from '../ViewerContext';
+import { PrivacyPolicyRule, RuleEvaluationResult } from './PrivacyPolicyRule';
+
+/**
+ * Directive for specifying the parent relationship in AllowIfInParentCascadeDeletionPrivacyPolicyRule.
+ */
+export interface AllowIfInParentCascadeDeletionDirective<
+  TViewerContext extends ViewerContext,
+  TFields,
+  TParentFields extends object,
+  TParentIDField extends keyof NonNullable<Pick<TParentFields, TParentSelectedFields>>,
+  TParentEntity extends ReadonlyEntity<
+    TParentFields,
+    TParentIDField,
+    TViewerContext,
+    TParentSelectedFields
+  >,
+  TParentPrivacyPolicy extends EntityPrivacyPolicy<
+    TParentFields,
+    TParentIDField,
+    TViewerContext,
+    TParentEntity,
+    TParentSelectedFields
+  >,
+  TSelectedFields extends keyof TFields = keyof TFields,
+  TParentSelectedFields extends keyof TParentFields = keyof TParentFields,
+> {
+  /**
+   * Class of parent entity that should trigger a cascade set null update to a field within
+   * the entity being authorized.
+   */
+  parentEntityClass: IEntityClass<
+    TParentFields,
+    TParentIDField,
+    TViewerContext,
+    TParentEntity,
+    TParentPrivacyPolicy,
+    TParentSelectedFields
+  >;
+
+  /**
+   * Field of the current entity with references the deleting instace of parentEntityClass.
+   */
+  fieldIdentifyingParentEntity: keyof Pick<TFields, TSelectedFields>;
+
+  /**
+   * Field in parentEntityClass referenced by the value of fieldIdentifyingParentEntity.
+   * If not provided, ID is assumed.
+   */
+  parentEntityLookupByField?: keyof Pick<TParentFields, TParentSelectedFields>;
+}
+
+/**
+ * A generic privacy policy rule that allows when an entity is being authorized
+ * as part of a cascading delete from a parent entity. Handles two cases:
+ * - When the field has not yet been null'ed out due to a cascading set null. This is often
+ *   required for read rules to authorize the initial re-read of the entity being update set null'ed.
+ * - When the field has been null'ed out due to a cascading set null. This is often required
+ *   the update rules for the field nullification.
+ *
+ * These two cases could theoretically be handled by two separate (stricter) rules, but are combined
+ * to simplify configuration since practically there are few cases where having them be combined would
+ * preset an issue.
+ *
+ * @example
+ * Billing info owned by an account, but records who created the billing info in creating_user_id. User is a member of that account.
+ * User can delete themselves, and the billing info's creating_user_id field is cascade set null'ed when the user is deleted.
+ *
+ * ```ts
+ *  class BillingInfoEntityPrivacyPolicy extends EntityPrivacyPolicy<...> {
+ *    protected override readonly readRules = [
+ *      ...,
+ *      new AllowIfInParentCascadeDeletionPrivacyPolicyRule<...>({
+ *        fieldIdentifyingParentEntity: 'creating_user_id',
+ *        parentEntityClass: UserEntity,
+ *      }),
+ *    ];
+ *
+ *    protected override readonly updateRules = [
+ *      ...,
+ *      new AllowIfInParentCascadeDeletionPrivacyPolicyRule<...>({
+ *        fieldIdentifyingParentEntity: 'creating_user_id',
+ *        parentEntityClass: UserEntity,
+ *      }),
+ *    ];
+ *  }
+ * ```
+ */
+export class AllowIfInParentCascadeDeletionPrivacyPolicyRule<
+  TFields extends object,
+  TIDField extends keyof NonNullable<Pick<TFields, TSelectedFields>>,
+  TViewerContext extends ViewerContext,
+  TEntity extends ReadonlyEntity<TFields, TIDField, TViewerContext, TSelectedFields>,
+  TFields2 extends object,
+  TIDField2 extends keyof NonNullable<Pick<TFields2, TSelectedFields2>>,
+  TEntity2 extends ReadonlyEntity<TFields2, TIDField2, TViewerContext, TSelectedFields2>,
+  TPrivacyPolicy2 extends EntityPrivacyPolicy<
+    TFields2,
+    TIDField2,
+    TViewerContext,
+    TEntity2,
+    TSelectedFields2
+  >,
+  TSelectedFields extends keyof TFields = keyof TFields,
+  TSelectedFields2 extends keyof TFields2 = keyof TFields2,
+> extends PrivacyPolicyRule<TFields, TIDField, TViewerContext, TEntity, TSelectedFields> {
+  constructor(
+    private readonly directive: AllowIfInParentCascadeDeletionDirective<
+      TViewerContext,
+      TFields,
+      TFields2,
+      TIDField2,
+      TEntity2,
+      TPrivacyPolicy2,
+      TSelectedFields,
+      TSelectedFields2
+    >,
+  ) {
+    super();
+  }
+
+  async evaluateAsync(
+    _viewerContext: TViewerContext,
+    _queryContext: EntityQueryContext,
+    evaluationContext: EntityPrivacyPolicyEvaluationContext<
+      TFields,
+      TIDField,
+      TViewerContext,
+      TEntity,
+      TSelectedFields
+    >,
+    entity: TEntity,
+  ): Promise<RuleEvaluationResult> {
+    const parentEntityClass = this.directive.parentEntityClass;
+
+    const deleteCause = evaluationContext.cascadingDeleteCause;
+    if (!deleteCause || !(deleteCause.entity instanceof parentEntityClass)) {
+      return RuleEvaluationResult.SKIP;
+    }
+
+    const entityBeingDeleted = deleteCause.entity;
+
+    // allow if parent foreign key field matches specified field in the entity being authorized
+    const valueInThisEntityReferencingParent = entity.getField(
+      this.directive.fieldIdentifyingParentEntity,
+    );
+    const valueInParent = this.directive.parentEntityLookupByField
+      ? entityBeingDeleted.getField(this.directive.parentEntityLookupByField)
+      : entityBeingDeleted.getID();
+
+    if (
+      valueInThisEntityReferencingParent &&
+      valueInThisEntityReferencingParent === valueInParent
+    ) {
+      return RuleEvaluationResult.ALLOW;
+    }
+
+    // allow if parent foreign key field matches specified field in the entity being authorized, and the
+    // field in the entity being authorized has been null'ed out  due to cascading set null
+    const valueInPreviousValueOfThisEntityReferencingParent =
+      evaluationContext.previousValue?.getField(this.directive.fieldIdentifyingParentEntity);
+
+    if (
+      valueInPreviousValueOfThisEntityReferencingParent &&
+      valueInPreviousValueOfThisEntityReferencingParent === valueInParent &&
+      valueInThisEntityReferencingParent === null
+    ) {
+      return RuleEvaluationResult.ALLOW;
+    }
+
+    return RuleEvaluationResult.SKIP;
+  }
+}

package/src/rules/EvaluateIfEntityFieldPredicatePrivacyPolicyRule.ts

@@ -0,0 +1,46 @@
+import { EntityPrivacyPolicyEvaluationContext } from '../EntityPrivacyPolicy';
+import { EntityQueryContext } from '../EntityQueryContext';
+import { ReadonlyEntity } from '../ReadonlyEntity';
+import { ViewerContext } from '../ViewerContext';
+import { PrivacyPolicyRule, RuleEvaluationResult } from './PrivacyPolicyRule';
+
+export class EvaluateIfEntityFieldPredicatePrivacyPolicyRule<
+  TFields extends object,
+  TIDField extends keyof NonNullable<Pick<TFields, TSelectedFields>>,
+  TViewerContext extends ViewerContext,
+  TEntity extends ReadonlyEntity<TFields, TIDField, TViewerContext, TSelectedFields>,
+  N extends TSelectedFields,
+  TSelectedFields extends keyof TFields = keyof TFields,
+> extends PrivacyPolicyRule<TFields, TIDField, TViewerContext, TEntity, TSelectedFields> {
+  constructor(
+    private readonly fieldName: N,
+    private readonly shouldEvaluatePredicate: (fieldValue: TFields[N]) => boolean,
+    private readonly rule: PrivacyPolicyRule<
+      TFields,
+      TIDField,
+      TViewerContext,
+      TEntity,
+      TSelectedFields
+    >,
+  ) {
+    super();
+  }
+
+  async evaluateAsync(
+    viewerContext: TViewerContext,
+    queryContext: EntityQueryContext,
+    evaluationContext: EntityPrivacyPolicyEvaluationContext<
+      TFields,
+      TIDField,
+      TViewerContext,
+      TEntity,
+      TSelectedFields
+    >,
+    entity: TEntity,
+  ): Promise<RuleEvaluationResult> {
+    const fieldValue = entity.getField(this.fieldName);
+    return this.shouldEvaluatePredicate(fieldValue)
+      ? await this.rule.evaluateAsync(viewerContext, queryContext, evaluationContext, entity)
+      : RuleEvaluationResult.SKIP;
+  }
+}