Add support for per-Object extra commands.

src/cli.rs

@@ -63,7 +63,7 @@ impl RootArgs {
 
         let realm = db
             .realms
-            .unique(&self.realm)
+            .keyed(&self.realm)
             .get()?
             .ok_or(UIDCError::Abort("no such realm"))?;
 
@@ -95,7 +95,7 @@ impl RootArgs {
 
         let primary_realm = "primary".to_string();
 
-        if db.realms.unique(&primary_realm).get()?.is_some() {
+        if db.realms.keyed(&primary_realm).get()?.is_some() {
             log::warn!("Already initialized with primary realm!");
             return Ok(());
         }
@@ -202,7 +202,7 @@ impl ConfigArgs {
                 println!("{:?}", config);
             }
             ConfigCommand::Set { key, value } => {
-                args.db.persistent_config.unique(key).delete()?;
+                args.db.persistent_config.keyed(key).delete()?;
                 args.db.persistent_config.insert(schema::PersistentConfig {
                     key: key.clone(),
                     value: value.clone(),
@@ -442,16 +442,12 @@ struct RoleArgs {
 
 impl RoleArgs {
     async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
-        self.command.perform(&args.realm.roles, &args.realm.roles)
+        self.command.perform(&args.realm, &args.realm.roles, &args.realm.roles)
     }
 }
 
 #[derive(Debug, Subcommand)]
 enum UserCommand {
-    List,
-    Create {
-        username: String,
-    },
     Auth {
         username: String,
 
@@ -461,45 +457,17 @@ enum UserCommand {
         #[clap(short = 't', long, action = clap::ArgAction::Count)]
         change_totp: usize,
     },
-    Inspect {
-        username: String,
-    },
 }
 
 #[derive(Debug, Parser)]
 struct UserArgs {
     #[clap(subcommand)]
-    // command: UserCommand,
     command: ClapInterface<schema::User>,
-    /*
-    #[clap(subcommand)]
-    extra_command: UserCommand,
-    */
-    // command: ClapInterface<schema::User>,
 }
 
 impl UserArgs {
     async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
-        self.command.perform(&args.realm.users, &args.realm.users)
-        /*match &self.command {
-            UserCommand::List => user_management::list(&args.realm),
-            UserCommand::Create { username } => {
-                user_management::create(&args.realm, username)
-            }
-            UserCommand::Auth {
-                username,
-                change_password,
-                change_totp,
-            } => user_management::change_auth(
-                &args.realm,
-                username,
-                *change_password > 0,
-                *change_totp > 0,
-            ),
-            UserCommand::Inspect { username } => {
-                user_management::inspect(&args.realm, username)
-            }
-        }*/
+        self.command.perform(&args.realm, &args.realm.users, &args.realm.users)
     }
 }
 

src/client_management.rs

@@ -16,7 +16,7 @@ pub fn create(realm: &schema::Realm, name: &String, key_type: KeyType) -> Result
 }
 
 pub fn inspect(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
-    if let Some(client) = realm.clients.unique(name).get()? {
+    if let Some(client) = realm.clients.keyed(name).get()? {
         println!("Found client {name}");
         println!("Client secret: {}", client.secret);
         println!("Signature type: {:?}", client.key_type);

src/group_management.rs

@@ -18,7 +18,7 @@ pub fn list_groups(realm: &schema::Realm) -> Result<(), UIDCError> {
 }
 
 pub fn list_members(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
-    for member in realm.groups.unique(name).join(schema::Group::Users).get()? {
+    for member in realm.groups.keyed(name).join(schema::Group::Users).get()? {
         println!("- {}", member.username);
     }
 
@@ -26,7 +26,7 @@ pub fn list_members(realm: &schema::Realm, name: &String) -> Result<(), UIDCErro
 }
 
 pub fn list_roles(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
-    for role in realm.groups.unique(name).join(schema::Group::Roles).get()? {
+    for role in realm.groups.keyed(name).join(schema::Group::Roles).get()? {
         println!("- {}", role.shortname);
     }
 
@@ -38,8 +38,8 @@ pub fn attach_user(
     group_name: &String,
     username: &String,
 ) -> Result<(), UIDCError> {
-    let group = realm.groups.unique(group_name).get()?;
-    let user = realm.users.unique(username).get()?;
+    let group = realm.groups.keyed(group_name).get()?;
+    let user = realm.users.keyed(username).get()?;
 
     match (group, user) {
         (None, _) => Err(UIDCError::Abort("no such group")),
@@ -56,8 +56,8 @@ pub fn detach_user(
     group_name: &String,
     username: &String,
 ) -> Result<(), UIDCError> {
-    let group = realm.groups.unique(group_name).get()?;
-    let user = realm.users.unique(username).get()?;
+    let group = realm.groups.keyed(group_name).get()?;
+    let user = realm.users.keyed(username).get()?;
 
     match (group, user) {
         (None, _) => Err(UIDCError::Abort("no such group")),
@@ -74,8 +74,8 @@ pub fn attach_role(
     group_name: &String,
     role_name: &String,
 ) -> Result<(), UIDCError> {
-    let group = realm.groups.unique(group_name).get()?;
-    let role = realm.roles.unique(role_name).get()?;
+    let group = realm.groups.keyed(group_name).get()?;
+    let role = realm.roles.keyed(role_name).get()?;
 
     match (group, role) {
         (None, _) => Err(UIDCError::Abort("no such group")),
@@ -92,8 +92,8 @@ pub fn detach_role(
     group_name: &String,
     role_name: &String,
 ) -> Result<(), UIDCError> {
-    let group = realm.groups.unique(group_name).get()?;
-    let role = realm.roles.unique(role_name).get()?;
+    let group = realm.groups.keyed(group_name).get()?;
+    let role = realm.roles.keyed(role_name).get()?;
 
     match (group, role) {
         (None, _) => Err(UIDCError::Abort("no such group")),

src/object.rs

@@ -1,9 +1,4 @@
-use microrm::prelude::*;
-use microrm::schema::datum::{Datum, DatumDiscriminatorRef};
-use microrm::schema::entity::{Entity, EntityID, EntityPartList, EntityPartVisitor};
-
-use crate::schema::UIDCDatabase;
-use crate::UIDCError;
+use microrm::{schema::entity::Entity, prelude::{Queryable, Insertable}};
 
 mod clap_interface;
 
@@ -13,119 +8,42 @@ mod role;
 mod user;
 
 pub trait Object: Sized + Entity + std::fmt::Debug {
+    type Error;
     type CreateParameters: clap::Parser + std::fmt::Debug;
-    fn create_from_params(_: &Self::CreateParameters) -> Result<Self, UIDCError>;
-    fn extra_commands() -> impl Iterator<Item = clap::Command> {
-        vec![].into_iter()
-    }
+    fn create_from_params(_: &Self::CreateParameters) -> Result<Self, Self::Error>;
 
-    /// get the relevant IDMap from the database
-    fn db_object(db: &UIDCDatabase) -> &IDMap<Self>
-    where
-        Self: Sized;
+    type ExtraCommands: clap::Subcommand + std::fmt::Debug;
+    type ExtraCommandData;
+    fn run_extra_command(
+        data: &Self::ExtraCommandData,
+        extra: &Self::ExtraCommands,
+        query_ctx: impl Queryable<EntityOutput = Self>,
+        insert_ctx: &impl Insertable<Self>) -> Result<(), Self::Error> { unreachable!() }
 
     fn shortname(&self) -> &str;
 }
 
-/*
-pub trait ObjectExt: Sized + Object {
-    fn attach<L: Entity, R: Entity>(
-        ctx: impl Queryable<EntityOutput = L>,
-        local_uniques: <L::Uniques as EntityPartList>::DatumList,
-        relation: String,
-        remote_uniques: <R::Uniques as EntityPartList>::DatumList,
-    ) -> Result<(), UIDCError> {
-        ctx.count();
-        // ctx.unique(Self::build_uniques(&local_uniques));
-        // ctx.connect_to
+#[derive(Debug)]
+pub struct EmptyCommand;
 
-        Ok(())
+impl clap::FromArgMatches for EmptyCommand {
+    fn from_arg_matches(matches: &clap::ArgMatches) -> Result<Self, clap::Error> {
+        Ok(EmptyCommand)
     }
 
-    fn create(ctx: &impl Insertable<Self>, cp: &Self::CreateParameters) -> Result<(), UIDCError> {
-        ctx.insert(Self::create_from_params(cp)?)?;
+    fn update_from_arg_matches(&mut self, matches: &clap::ArgMatches) -> Result<(), clap::Error> {
         Ok(())
     }
+}
 
-    fn delete(
-        ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
-        which: <Self::Uniques as EntityPartList>::DatumList,
-    ) -> Result<(), UIDCError> {
-        ctx.unique(which).delete()?;
-        Ok(())
+impl clap::Subcommand for EmptyCommand {
+    fn augment_subcommands(cmd: clap::Command) -> clap::Command {
+        cmd
     }
 
-    fn list_all(
-        ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
-    ) -> Result<(), UIDCError> {
-        println!(
-            "Listing all {}(s): ({})",
-            Self::entity_name(),
-            ctx.clone().count()?
-        );
-        for obj in ctx.get()?.into_iter() {
-            println!(" - {}", obj.shortname());
-        }
-
-        Ok(())
+    fn augment_subcommands_for_update(cmd: clap::Command) -> clap::Command {
+        cmd
     }
 
-    fn inspect(
-        ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
-        which: <Self::Uniques as EntityPartList>::DatumList,
-    ) -> Result<(), UIDCError> {
-        let obj = ctx
-            .unique(which)
-            .get()?
-            .ok_or(UIDCError::Abort("no such element, cannot inspect"))?;
-        println!("{:#?}", obj.as_ref());
-
-        fn inspect_ai<AI: AssocInterface>(name: &'static str, ai: &AI) {
-            println!("{}: ({})", name, ai.count().unwrap());
-            for a in ai.get().expect("couldn't get object associations") {
-                println!("[#{:3}]: {:?}", a.id().into_raw(), a.wrapped());
-            }
-        }
-
-        struct AssocFieldWalker;
-        impl EntityPartVisitor for AssocFieldWalker {
-            fn visit_datum<EP: microrm::schema::entity::EntityPart>(&mut self, datum: &EP::Datum) {
-                struct Discriminator<'l, D: Datum>(&'l D, &'static str);
-
-                impl<'l, D: Datum> DatumDiscriminatorRef for Discriminator<'l, D> {
-                    fn visit_serialized<T: serde::Serialize + serde::de::DeserializeOwned>(
-                        &mut self,
-                        _: &T,
-                    ) {
-                    }
-                    fn visit_bare_field<T: Datum>(&mut self, _: &T) {}
-                    fn visit_entity_id<E: Entity>(&mut self, _: &E::ID) {}
-                    fn visit_assoc_map<E: Entity>(&mut self, amap: &AssocMap<E>) {
-                        inspect_ai(self.1, amap);
-                    }
-                    fn visit_assoc_domain<R: microrm::schema::Relation>(
-                        &mut self,
-                        adomain: &microrm::schema::AssocDomain<R>,
-                    ) {
-                        inspect_ai(self.1, adomain);
-                    }
-                    fn visit_assoc_range<R: microrm::schema::Relation>(
-                        &mut self,
-                        arange: &microrm::schema::AssocRange<R>,
-                    ) {
-                        inspect_ai(self.1, arange);
-                    }
-                }
-
-                datum.accept_discriminator_ref(&mut Discriminator(datum, EP::part_name()));
-            }
-        }
-
-        obj.accept_part_visitor_ref(&mut AssocFieldWalker);
-
-        Ok(())
-    }
+    fn has_subcommand(name: &str) -> bool { false }
 }
-
-impl<T: Object + std::fmt::Debug> ObjectExt for T {}
-*/

src/object/clap.rs

@@ -13,14 +13,14 @@ impl<O: ObjectExt> ClapInterface<O> {
         insert_ctx: &impl microrm::prelude::Insertable<O>,
     ) -> Result<(), UIDCError> {
         match &self.verb {
-            InterfaceVerb::Attach { relation, remote_uniques } => {
+            InterfaceVerb::Attach { relation, remote_keys } => {
                 todo!()
             }
             InterfaceVerb::Create(params) => {
                 O::create(insert_ctx, &params)?;
             }
-            InterfaceVerb::Delete(uniques) => {
-                O::delete(query_ctx, O::build_uniques(uniques))?;
+            InterfaceVerb::Delete(keys) => {
+                O::delete(query_ctx, O::build_keys(keys))?;
             }
             InterfaceVerb::Detach => {
                 todo!()
@@ -28,15 +28,15 @@ impl<O: ObjectExt> ClapInterface<O> {
             InterfaceVerb::ListAll => {
                 O::list_all(query_ctx)?;
             }
-            InterfaceVerb::Inspect(uniques) => {
-                O::inspect(query_ctx, O::build_uniques(uniques))?;
+            InterfaceVerb::Inspect(keys) => {
+                O::inspect(query_ctx, O::build_keys(keys))?;
             }
         }
         Ok(())
     }
 
-    /// iterate across the list of unique parts (O::Uniques) and add args for each
-    fn add_uniques(mut cmd: clap::Command) -> clap::Command {
+    /// iterate across the list of key parts (O::Uniques) and add args for each
+    fn add_keys(mut cmd: clap::Command) -> clap::Command {
         struct UVisitor<'a>(&'a mut clap::Command);
         impl<'a> EntityPartVisitor for UVisitor<'a> {
             fn visit<EP: microrm::schema::entity::EntityPart>(&mut self) {
@@ -113,13 +113,13 @@ impl<O: ObjectExt> Subcommand for ClapInterface<O> {
 
     fn augment_subcommands(cmd: clap::Command) -> clap::Command {
         cmd.subcommand(
-            Self::add_uniques(clap::Command::new("attach"))
+            Self::add_keys(clap::Command::new("attach"))
                 .subcommands(Self::make_relation_subcommands())
                 .subcommand_required(true),
         )
         .subcommand(<O::CreateParameters as clap::CommandFactory>::command().name("create"))
-        .subcommand(Self::add_uniques(clap::Command::new("delete")))
-        .subcommand(Self::add_uniques(clap::Command::new("inspect")))
+        .subcommand(Self::add_keys(clap::Command::new("delete")))
+        .subcommand(Self::add_keys(clap::Command::new("inspect")))
         .subcommand(clap::Command::new("list"))
         .subcommands(O::extra_commands())
     }

src/object/clap_interface.rs

@@ -1,23 +1,17 @@
 use microrm::{
     prelude::*,
     schema::{
-        datum::{
-            ConcreteDatumList, DatumDiscriminatorRef, DatumList, QueryEquivalentList, StringQuery,
-        },
-        entity::EntityID,
+        datum::{ConcreteDatumList, Datum, DatumDiscriminator, DatumDiscriminatorRef},
+        entity::{Entity, EntityID, EntityPartList, EntityPartVisitor, EntityVisitor},
     },
 };
 
 use super::Object;
 use crate::UIDCError;
 use clap::{FromArgMatches, Subcommand};
-use microrm::schema::{
-    datum::{Datum, DatumDiscriminator},
-    entity::{Entity, EntityPartList, EntityPartVisitor},
-};
 
-/// iterate across the list of unique parts (E::Uniques) and add args for each
-fn add_uniques<E: Entity>(mut cmd: clap::Command) -> clap::Command {
+/// iterate across the list of key parts (E::Keys) and add args for each
+fn add_keys<E: Entity>(mut cmd: clap::Command) -> clap::Command {
     struct UVisitor<'a>(&'a mut clap::Command);
     impl<'a> EntityPartVisitor for UVisitor<'a> {
         fn visit<EP: microrm::schema::entity::EntityPart>(&mut self) {
@@ -28,12 +22,12 @@ fn add_uniques<E: Entity>(mut cmd: clap::Command) -> clap::Command {
         }
     }
 
-    <E::Uniques as EntityPartList>::accept_part_visitor(&mut UVisitor(&mut cmd));
+    <E::Keys as EntityPartList>::accept_part_visitor(&mut UVisitor(&mut cmd));
 
     cmd
 }
 
-fn collect_uniques<E: Entity>(matches: &clap::ArgMatches) -> Vec<String> {
+fn collect_keys<E: Entity>(matches: &clap::ArgMatches) -> Vec<String> {
     struct UVisitor<'a>(&'a clap::ArgMatches, &'a mut Vec<String>);
     impl<'a> EntityPartVisitor for UVisitor<'a> {
         fn visit<EP: microrm::schema::entity::EntityPart>(&mut self) {
@@ -46,37 +40,38 @@ fn collect_uniques<E: Entity>(matches: &clap::ArgMatches) -> Vec<String> {
         }
     }
 
-    let mut unique_values = vec![];
-    <E::Uniques as EntityPartList>::accept_part_visitor(&mut UVisitor(matches, &mut unique_values));
-    unique_values
+    let mut key_values = vec![];
+    <E::Keys as EntityPartList>::accept_part_visitor(&mut UVisitor(matches, &mut key_values));
+    key_values
 }
 
 #[derive(Clone, Debug)]
 pub enum InterfaceVerb<O: Object> {
     Attach {
-        local_uniques: Vec<String>,
+        local_keys: Vec<String>,
         relation: String,
-        remote_uniques: Vec<String>,
+        remote_keys: Vec<String>,
     },
     Create(O::CreateParameters),
     Delete(Vec<String>),
     Detach {
-        local_uniques: Vec<String>,
+        local_keys: Vec<String>,
         relation: String,
-        remote_uniques: Vec<String>,
+        remote_keys: Vec<String>,
     },
     ListAll,
     Inspect(Vec<String>),
+    Extra(O::ExtraCommands),
 }
 
 // helper alias for later
-type UniqueList<O> = <<O as Entity>::Uniques as EntityPartList>::DatumList;
+type UniqueList<E> = <<E as Entity>::Keys as EntityPartList>::DatumList;
 
 impl<O: Object> InterfaceVerb<O> {
     fn parse_attachment(
         matches: &clap::ArgMatches,
     ) -> Result<(Vec<String>, String, Vec<String>), clap::Error> {
-        let local_uniques = collect_uniques::<O>(matches);
+        let local_keys = collect_keys::<O>(matches);
 
         let (subcommand, submatches) = matches
             .subcommand()
@@ -86,7 +81,7 @@ impl<O: Object> InterfaceVerb<O> {
         struct RelationFinder<'l> {
             subcommand: &'l str,
             submatches: &'l clap::ArgMatches,
-            uniques: &'l mut Vec<String>,
+            keys: &'l mut Vec<String>,
         }
         impl<'l> EntityPartVisitor for RelationFinder<'l> {
             fn visit<EP: microrm::schema::entity::EntityPart>(&mut self) {
@@ -94,88 +89,220 @@ impl<O: Object> InterfaceVerb<O> {
                     return;
                 }
 
-                *self.uniques = collect_uniques::<EP::Entity>(self.submatches);
+                println!(
+                    "RelationFinder found correct part for subcommand {}!",
+                    self.subcommand
+                );
+                println!("EP: {}", std::any::type_name::<EP>());
+                // println!("EP: {}", std::any::
+                EP::Datum::accept_entity_visitor(self);
+            }
+        }
+
+        impl<'l> EntityVisitor for RelationFinder<'l> {
+            fn visit<E: Entity>(&mut self) {
+                println!("\trelationfinder visiting entity {}", E::entity_name());
+                *self.keys = collect_keys::<E>(self.submatches);
             }
         }
 
-        let mut remote_uniques = vec![];
+        let mut remote_keys = vec![];
         O::accept_part_visitor(&mut RelationFinder {
             subcommand,
             submatches,
-            uniques: &mut remote_uniques,
+            keys: &mut remote_keys,
         });
 
-        Ok((local_uniques, subcommand.into(), remote_uniques))
+        Ok((local_keys, subcommand.into(), remote_keys))
     }
 
-    fn from_matches(matches: &clap::ArgMatches) -> Result<Self, clap::Error> {
-        let (subcommand, matches) = matches
+    fn from_matches(parent_matches: &clap::ArgMatches) -> Result<Self, clap::Error> {
+        let (subcommand, matches) = parent_matches
             .subcommand()
             .ok_or(clap::Error::new(clap::error::ErrorKind::MissingSubcommand))?;
 
         Ok(match subcommand {
             "attach" => {
-                let (local_uniques, relation, remote_uniques) = Self::parse_attachment(matches)?;
+                let (local_keys, relation, remote_keys) = Self::parse_attachment(matches)?;
                 InterfaceVerb::Attach {
-                    local_uniques,
+                    local_keys,
                     relation,
-                    remote_uniques,
+                    remote_keys,
                 }
             }
             "create" => InterfaceVerb::Create(
                 <O::CreateParameters as clap::FromArgMatches>::from_arg_matches(matches)?,
             ),
-            "delete" => InterfaceVerb::Delete(collect_uniques::<O>(matches)),
+            "delete" => InterfaceVerb::Delete(collect_keys::<O>(matches)),
             "detach" => {
-                let (local_uniques, relation, remote_uniques) = Self::parse_attachment(matches)?;
+                let (local_keys, relation, remote_keys) = Self::parse_attachment(matches)?;
                 InterfaceVerb::Detach {
-                    local_uniques,
+                    local_keys,
                     relation,
-                    remote_uniques,
+                    remote_keys,
                 }
             }
             "list" => InterfaceVerb::ListAll,
-            "inspect" => InterfaceVerb::Inspect(collect_uniques::<O>(matches)),
-            _ => unreachable!(),
+            "inspect" => InterfaceVerb::Inspect(collect_keys::<O>(matches)),
+            cmd => {
+                if <O::ExtraCommands>::has_subcommand(cmd) {
+                    InterfaceVerb::Extra(<O::ExtraCommands>::from_arg_matches(parent_matches)?)
+                }
+                else {
+                    unreachable!()
+                }
+            },
         })
     }
 }
 
+/// helper type for attach and detach verbs
+struct Attacher<'l> {
+    do_attach: bool,
+    relation: &'l str,
+    remote_keys: &'l Vec<String>,
+    err: Option<UIDCError>,
+}
+
+impl<'l> Attacher<'l> {
+    fn do_operation<E: Entity>(&mut self, map: &impl AssocInterface<RemoteEntity = E>) {
+        match map
+            .query_all()
+            .keyed(
+                UniqueList::<E>::build_equivalent(self.remote_keys.iter().map(String::as_str))
+                    .unwrap(),
+            )
+            .get()
+        {
+            Ok(Some(obj)) => {
+                if self.do_attach {
+                    self.err = map.connect_to(obj.id()).err().map(Into::into);
+                } else {
+                    self.err = map.disconnect_from(obj.id()).err().map(Into::into);
+                }
+            }
+            Ok(None) => {
+                self.err = Some(UIDCError::Abort("No such entity to connect to"));
+            }
+            Err(e) => {
+                self.err = Some(e.into());
+            }
+        }
+    }
+}
+
+impl<'l> EntityPartVisitor for Attacher<'l> {
+    fn visit_datum<EP: microrm::schema::entity::EntityPart>(&mut self, datum: &EP::Datum) {
+        if EP::part_name() != self.relation {
+            return;
+        }
+
+        datum.accept_discriminator_ref(self);
+    }
+}
+
+impl<'l> DatumDiscriminatorRef for Attacher<'l> {
+    fn visit_entity_id<E: Entity>(&mut self, _: &E::ID) {
+        unreachable!()
+    }
+    fn visit_serialized<T: serde::Serialize + serde::de::DeserializeOwned>(&mut self, _: &T) {
+        unreachable!()
+    }
+    fn visit_bare_field<T: Datum>(&mut self, _: &T) {
+        unreachable!()
+    }
+
+    fn visit_assoc_map<E: Entity>(&mut self, map: &AssocMap<E>) {
+        self.do_operation(map);
+    }
+    fn visit_assoc_range<R: microrm::schema::Relation>(
+        &mut self,
+        map: &microrm::schema::AssocRange<R>,
+    ) {
+        self.do_operation(map);
+    }
+    fn visit_assoc_domain<R: microrm::schema::Relation>(
+        &mut self,
+        map: &microrm::schema::AssocDomain<R>,
+    ) {
+        self.do_operation(map);
+    }
+}
+
 #[derive(Debug)]
 pub struct ClapInterface<O: Object> {
     verb: InterfaceVerb<O>,
     _ghost: std::marker::PhantomData<O>,
 }
 
-impl<O: Object> ClapInterface<O> {
+impl<O: Object<Error = UIDCError>> ClapInterface<O> {
     pub fn perform(
         &self,
+        data: &O::ExtraCommandData,
         query_ctx: impl microrm::prelude::Queryable<EntityOutput = O>,
         insert_ctx: &impl microrm::prelude::Insertable<O>,
     ) -> Result<(), UIDCError> {
         match &self.verb {
             InterfaceVerb::Attach {
-                local_uniques,
+                local_keys,
                 relation,
-                remote_uniques,
+                remote_keys,
             } => {
-                // O::attach(query_ctx, local_uniques, relation, remote_uniques)?;
-                todo!()
+                let outer_obj = query_ctx
+                    .keyed(
+                        UniqueList::<O>::build_equivalent(local_keys.iter().map(String::as_str))
+                            .unwrap(),
+                    )
+                    .get()?
+                    .ok_or(UIDCError::Abort("Could not find object to attach to"))?;
+
+                let mut attacher = Attacher {
+                    do_attach: true,
+                    relation,
+                    remote_keys,
+                    err: None,
+                };
+                outer_obj.accept_part_visitor_ref(&mut attacher);
+
+                if let Some(err) = attacher.err {
+                    return Err(err);
+                }
             }
             InterfaceVerb::Create(params) => {
                 insert_ctx.insert(O::create_from_params(params)?)?;
             }
-            InterfaceVerb::Delete(uniques) => {
+            InterfaceVerb::Delete(keys) => {
                 query_ctx
-                    .unique(UniqueList::<O>::build_equivalent(uniques.iter().map(String::as_str)).unwrap())
+                    .keyed(
+                        UniqueList::<O>::build_equivalent(keys.iter().map(String::as_str))
+                            .unwrap(),
+                    )
                     .delete()?;
             }
             InterfaceVerb::Detach {
-                local_uniques,
+                local_keys,
                 relation,
-                remote_uniques,
+                remote_keys,
             } => {
-                todo!()
+                let outer_obj = query_ctx
+                    .keyed(
+                        UniqueList::<O>::build_equivalent(local_keys.iter().map(String::as_str))
+                            .unwrap(),
+                    )
+                    .get()?
+                    .ok_or(UIDCError::Abort("Could not find object to detach from"))?;
+
+                let mut attacher = Attacher {
+                    do_attach: false,
+                    relation,
+                    remote_keys,
+                    err: None,
+                };
+                outer_obj.accept_part_visitor_ref(&mut attacher);
+
+                if let Some(err) = attacher.err {
+                    return Err(err);
+                }
             }
             InterfaceVerb::ListAll => {
                 println!(
@@ -187,9 +314,12 @@ impl<O: Object> ClapInterface<O> {
                     println!(" - {}", obj.shortname());
                 }
             }
-            InterfaceVerb::Inspect(uniques) => {
+            InterfaceVerb::Inspect(keys) => {
                 let obj = query_ctx
-                    .unique(UniqueList::<O>::build_equivalent(uniques.iter().map(String::as_str)).unwrap())
+                    .keyed(
+                        UniqueList::<O>::build_equivalent(keys.iter().map(String::as_str))
+                            .unwrap(),
+                    )
                     .get()?
                     .ok_or(UIDCError::Abort("no such element, cannot inspect"))?;
                 println!("{:#?}", obj.as_ref());
@@ -241,7 +371,10 @@ impl<O: Object> ClapInterface<O> {
                 }
 
                 obj.accept_part_visitor_ref(&mut AssocFieldWalker);
-            }
+            },
+            InterfaceVerb::Extra(extra) => {
+                O::run_extra_command(data, extra, query_ctx, insert_ctx)?;
+            },
         }
         Ok(())
     }
@@ -262,15 +395,15 @@ impl<O: Object> ClapInterface<O> {
                     }
                     fn visit_bare_field<T: Datum>(&mut self) {}
                     fn visit_assoc_map<E: Entity>(&mut self) {
-                        self.0.push(add_uniques::<E>(clap::Command::new(self.1)));
+                        self.0.push(add_keys::<E>(clap::Command::new(self.1)));
                     }
                     fn visit_assoc_domain<R: microrm::schema::Relation>(&mut self) {
                         self.0
-                            .push(add_uniques::<R::Range>(clap::Command::new(self.1)));
+                            .push(add_keys::<R::Range>(clap::Command::new(self.1)));
                     }
                     fn visit_assoc_range<R: microrm::schema::Relation>(&mut self) {
                         self.0
-                            .push(add_uniques::<R::Domain>(clap::Command::new(self.1)));
+                            .push(add_keys::<R::Domain>(clap::Command::new(self.1)));
                     }
                 }
 
@@ -302,22 +435,28 @@ impl<O: Object> FromArgMatches for ClapInterface<O> {
     }
 }
 
-impl<O: Object> Subcommand for ClapInterface<O> {
+impl<O: Object<Error = UIDCError>> Subcommand for ClapInterface<O> {
     fn has_subcommand(name: &str) -> bool {
         todo!()
     }
 
     fn augment_subcommands(cmd: clap::Command) -> clap::Command {
-        cmd.subcommand(
-            add_uniques::<O>(clap::Command::new("attach"))
+        let cmd = cmd.subcommand(
+            add_keys::<O>(clap::Command::new("attach"))
+                .subcommands(Self::make_relation_subcommands())
+                .subcommand_required(true),
+        )
+        .subcommand(
+            add_keys::<O>(clap::Command::new("detach"))
                 .subcommands(Self::make_relation_subcommands())
                 .subcommand_required(true),
         )
         .subcommand(<O::CreateParameters as clap::CommandFactory>::command().name("create"))
-        .subcommand(add_uniques::<O>(clap::Command::new("delete")))
-        .subcommand(add_uniques::<O>(clap::Command::new("inspect")))
-        .subcommand(clap::Command::new("list"))
-        .subcommands(O::extra_commands())
+        .subcommand(add_keys::<O>(clap::Command::new("delete")))
+        .subcommand(add_keys::<O>(clap::Command::new("inspect")))
+        .subcommand(clap::Command::new("list"));
+
+        <O::ExtraCommands>::augment_subcommands(cmd)
     }
 
     fn augment_subcommands_for_update(cmd: clap::Command) -> clap::Command {

src/object/role.rs

@@ -1,5 +1,3 @@
-use microrm::schema::entity::EntityPartList;
-
 use super::Object;
 use crate::{schema, UIDCError};
 
@@ -9,6 +7,7 @@ pub struct CreateParameters {
 }
 
 impl Object for schema::Role {
+    type Error = UIDCError;
     type CreateParameters = CreateParameters;
 
     fn create_from_params(cp: &Self::CreateParameters) -> Result<Self, UIDCError> {
@@ -18,12 +17,8 @@ impl Object for schema::Role {
         })
     }
 
-    fn db_object(db: &schema::UIDCDatabase) -> &microrm::prelude::IDMap<Self>
-    where
-        Self: Sized,
-    {
-        todo!()
-    }
+    type ExtraCommands = super::EmptyCommand;
+    type ExtraCommandData = schema::Realm;
 
     fn shortname(&self) -> &str {
         &self.shortname

src/object/user.rs

@@ -1,14 +1,24 @@
-use microrm::schema::entity::EntityPartList;
-
 use super::Object;
-use crate::{schema, UIDCError};
+use crate::{schema, UIDCError, user_management};
 
 #[derive(clap::Parser, Debug)]
 pub struct CreateParameters {
     username: String,
 }
 
+#[derive(Debug, clap::Subcommand)]
+pub enum UserCommands {
+    UpdateAuth {
+        username: String,
+        #[clap(short, long, default_value_t = false)]
+        password: bool,
+        #[clap(short, long, default_value_t = false)]
+        totp: bool,
+    }
+}
+
 impl Object for schema::User {
+    type Error = UIDCError;
     type CreateParameters = CreateParameters;
 
     fn create_from_params(cp: &Self::CreateParameters) -> Result<Self, UIDCError> {
@@ -19,11 +29,21 @@ impl Object for schema::User {
         })
     }
 
-    fn db_object(db: &schema::UIDCDatabase) -> &microrm::prelude::IDMap<Self>
-    where
-        Self: Sized,
-    {
-        todo!()
+    type ExtraCommands = UserCommands;
+    type ExtraCommandData = schema::Realm;
+    fn run_extra_command(
+        realm: &schema::Realm,
+        extra: &Self::ExtraCommands,
+        _query_ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
+        _insert_ctx: &impl microrm::prelude::Insertable<Self>) -> Result<(), UIDCError> {
+
+        match extra {
+            UserCommands::UpdateAuth { username, password, totp } => {
+                user_management::change_auth(realm, username, *password, *totp)?;
+            }
+        }
+
+        Ok(())
     }
 
     fn shortname(&self) -> &str {

src/schema.rs

@@ -11,7 +11,7 @@ use crate::key::KeyType;
 /// Simple key-value store for persistent configuration
 #[derive(Entity)]
 pub struct PersistentConfig {
-    #[unique]
+    #[key]
     pub key: String,
     pub value: String,
 }
@@ -22,7 +22,7 @@ pub struct PersistentConfig {
 
 #[derive(Entity)]
 pub struct Session {
-    #[unique]
+    #[key]
     pub session_id: String,
     pub auth: AssocMap<SessionAuth>,
     pub expiry: time::OffsetDateTime,
@@ -49,7 +49,9 @@ pub enum AuthChallengeType {
 
 #[derive(Entity)]
 pub struct AuthChallenge {
-    #[unique]
+    #[key]
+    pub user_id: UserID,
+    #[key]
     pub challenge_type: Serialized<AuthChallengeType>,
     #[elide]
     pub public: Vec<u8>,
@@ -78,7 +80,7 @@ impl Relation for GroupRoleRelation {
 
 #[derive(Clone, Default, Entity)]
 pub struct Realm {
-    #[unique]
+    #[key]
     pub shortname: String,
 
     pub clients: AssocMap<Client>,
@@ -91,7 +93,7 @@ pub struct Realm {
 
 #[derive(Entity)]
 pub struct Key {
-    #[unique]
+    #[key]
     pub key_id: String,
     pub key_type: Serialized<KeyType>,
     pub public_data: Vec<u8>,
@@ -101,7 +103,7 @@ pub struct Key {
 
 #[derive(Entity)]
 pub struct User {
-    #[unique]
+    #[key]
     pub username: String,
     pub auth: AssocMap<AuthChallenge>,
     pub groups: AssocDomain<UserGroupRelation>,
@@ -109,7 +111,7 @@ pub struct User {
 
 #[derive(Entity)]
 pub struct Group {
-    #[unique]
+    #[key]
     pub shortname: String,
     pub users: AssocRange<UserGroupRelation>,
     pub roles: AssocDomain<GroupRoleRelation>,
@@ -117,8 +119,8 @@ pub struct Group {
 
 #[derive(Entity)]
 pub struct Role {
-    /// unique publicly-visible name for role
-    #[unique]
+    /// key publicly-visible name for role
+    #[key]
     pub shortname: String,
     pub groups: AssocRange<GroupRoleRelation>,
 }
@@ -126,7 +128,7 @@ pub struct Role {
 /// OAuth2 client representation
 #[derive(Entity)]
 pub struct Client {
-    #[unique]
+    #[key]
     pub shortname: String,
     pub secret: String,
     pub key_type: Serialized<KeyType>,
@@ -142,7 +144,7 @@ pub struct ClientRedirect {
 /// Requested group of permissions
 #[derive(Entity)]
 pub struct Scope {
-    #[unique]
+    #[key]
     pub shortname: String,
     pub roles: AssocMap<Role>,
 }

src/scope_management.rs

@@ -19,7 +19,7 @@ pub fn list_scopes(realm: &schema::Realm) -> Result<(), UIDCError> {
 pub fn inspect_scope(realm: &schema::Realm, scope_name: &String) -> Result<(), UIDCError> {
     let scope = realm
         .scopes
-        .unique(scope_name)
+        .keyed(scope_name)
         .get()?
         .ok_or(UIDCError::Abort("no such scope"))?;
 
@@ -38,8 +38,8 @@ pub fn attach_role(
     scope_name: &String,
     role_name: &String,
 ) -> Result<(), UIDCError> {
-    let scope = realm.scopes.unique(scope_name).get()?;
-    let role = realm.roles.unique(role_name).get()?;
+    let scope = realm.scopes.keyed(scope_name).get()?;
+    let role = realm.roles.keyed(role_name).get()?;
 
     match (scope, role) {
         (None, _) => Err(UIDCError::Abort("no such scope")),
@@ -56,8 +56,8 @@ pub fn detach_role(
     scope_name: &String,
     role_name: &String,
 ) -> Result<(), UIDCError> {
-    let scope = realm.scopes.unique(scope_name).get()?;
-    let role = realm.roles.unique(role_name).get()?;
+    let scope = realm.scopes.keyed(scope_name).get()?;
+    let role = realm.roles.keyed(role_name).get()?;
 
     if let Some((scope, role)) = scope.as_ref().zip(role) {
         scope.roles.disconnect_from(role.id())?;

src/server/session.rs

@@ -25,7 +25,7 @@ impl<'l> SessionHelper<'l> {
     pub fn get_realm(&self) -> tide::Result<Stored<schema::Realm>> {
         self.db
             .realms
-            .unique(self.realm_str)
+            .keyed(self.realm_str)
             .get()?
             .ok_or(tide::Error::from_str(404, "No such realm"))
     }
@@ -71,7 +71,7 @@ impl<'l> SessionHelper<'l> {
         req.cookie(SESSION_COOKIE_NAME).and_then(|sid| {
             self.db
                 .sessions
-                .unique(sid.value())
+                .keyed(sid.value())
                 .get()
                 .ok()
                 .flatten()
@@ -274,7 +274,7 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
         ChallengeType::Username => {
             shelper.destroy_auth(realm.id(), &session)?;
 
-            let user = realm.users.unique(&body.challenge).get()?;
+            let user = realm.users.keyed(&body.challenge).get()?;
             if user.is_none() {
                 error = Some(format!("No such user {}", body.challenge));
             } else {

src/token.rs

@@ -38,7 +38,7 @@ pub fn generate_auth_token<'a>(
     // find all roles requested by the scopes
     let mut requested_roles = vec![];
     for scope_name in scopes {
-        if let Some(scope) = realm.scopes.unique(&scope_name.to_string()).get()? {
+        if let Some(scope) = realm.scopes.keyed(&scope_name.to_string()).get()? {
             requested_roles.extend(scope.roles.get()?.into_iter());
         }
     }

src/token_management.rs

@@ -13,13 +13,13 @@ pub fn create_auth_token(
         realm,
         &realm
             .clients
-            .unique(client)
+            .keyed(client)
             .get()?
             .ok_or(UIDCError::Abort("no such client"))?
             .wrapped(),
         &realm
             .users
-            .unique(username)
+            .keyed(username)
             .get()?
             .ok_or(UIDCError::Abort("no such user"))?
             .wrapped(),
@@ -39,13 +39,13 @@ pub fn create_refresh_token(
         realm,
         &realm
             .clients
-            .unique(client)
+            .keyed(client)
             .get()?
             .ok_or(UIDCError::Abort("no such client"))?
             .wrapped(),
         &realm
             .users
-            .unique(username)
+            .keyed(username)
             .get()?
             .ok_or(UIDCError::Abort("no such user"))?
             .wrapped(),

src/user.rs

@@ -46,7 +46,7 @@ impl<'a> User<'a> {
 
     pub fn change_username(&mut self, new_name: &String) -> Result<(), UIDCError> {
         // check to ensure the new username isn't already in use
-        if self.realm.users.unique(new_name).get()?.is_some() {
+        if self.realm.users.keyed(new_name).get()?.is_some() {
             Err(UIDCError::Abort("username already in use"))
         } else {
             self.user.username = new_name.clone();
@@ -103,6 +103,7 @@ impl<'a> User<'a> {
         );
 
         self.user.auth.insert(schema::AuthChallenge {
+            user_id: self.user.id(),
             challenge_type: schema::AuthChallengeType::Password.into(),
             public: salt.into(),
             secret: generated.into(),
@@ -134,6 +135,7 @@ impl<'a> User<'a> {
     pub fn set_new_totp(&self, secret: &[u8]) -> Result<(), UIDCError> {
         self.clear_totp()?;
         self.user.auth.insert(schema::AuthChallenge {
+            user_id: self.user.id(),
             challenge_type: schema::AuthChallengeType::TOTP.into(),
             public: vec![],
             secret: secret.into(),

src/user_management.rs

@@ -1,43 +1,6 @@
 use crate::{schema, UIDCError};
 use microrm::prelude::*;
 
-pub fn list(realm: &schema::Realm) -> Result<(), UIDCError> {
-    let users = realm.users.get()?;
-
-    println!("User list ({} users):", users.len());
-
-    for user in &users {
-        println!("- {:20}", user.username);
-        let auth_challenges = user.auth.get()?;
-        for ch in &auth_challenges {
-            println!("    - Has {:?} authentication challenge", ch.challenge_type);
-        }
-    }
-
-    Ok(())
-}
-
-pub fn create(realm: &schema::Realm, username: &str) -> Result<(), UIDCError> {
-    // check that the user doesn't exist already
-    let existing_user = realm.users.unique(username).get()?;
-
-    if existing_user.is_some() {
-        log::error!(
-            "Can't create user {} in realm, as a user with that username already exists",
-            username,
-        );
-        return Ok(());
-    }
-
-    realm.users.insert(schema::User {
-        username: username.into(),
-        auth: Default::default(),
-        groups: Default::default(),
-    })?;
-
-    Ok(())
-}
-
 pub fn change_auth(
     realm: &schema::Realm,
     username: &String,
@@ -47,10 +10,11 @@ pub fn change_auth(
     // check that the user exists
     let user = realm
         .users
-        .unique(username)
+        .keyed(username)
         .get()?
         .ok_or(UIDCError::Abort("no such user"))?;
 
+    let user_id = user.id();
     let user = crate::user::User::from_schema(realm, user);
 
     if change_password {
@@ -63,6 +27,7 @@ pub fn change_auth(
         qr2term::print_qr(new_uri.as_str())
             .map_err(|_| UIDCError::Abort("could not display QR code"))?;
         let new_challenge = schema::AuthChallenge {
+            user_id: user_id,
             challenge_type: schema::AuthChallengeType::TOTP.into(),
             public: vec![],
             secret: new_secret.clone(),
@@ -79,25 +44,3 @@ pub fn change_auth(
     }
     Ok(())
 }
-
-pub fn inspect(realm: &schema::Realm, username: &String) -> Result<(), UIDCError> {
-    let user = realm.users.unique(username).get()?;
-
-    if let Some(user) = user {
-        println!("User found: {}", username);
-        println!("Groups:");
-        for group in user.groups.get()? {
-            println!(" - {}", group.shortname);
-        }
-
-        println!("Authentication methods:");
-
-        for challenge in user.auth.get()? {
-            println!(" - {:?}", challenge.challenge_type);
-        }
-    } else {
-        println!("No such user {} in realm", username);
-    }
-
-    Ok(())
-}