Should controllers implement business logic?
That depends on your design and style of doing things "your" MVC-way. As you're designing a framework you should probably allow both to keep the usage of the framework flexible.
Taking a closer look on your code examples I'd say you're only shifting things around anyway. Why do you have a controller when you use it to access the request? Shouldn't the request lead into the controller call and the controller should not care at all about the request any longer? Just a counter question, if you want to make your framework strict for some reason, think about why.
Now the second question. Should repositories deal with create, edit and delete operations?
Normally that's within the domain of a repository, but whatever suits your design needs, a repository could be just a delegate to different create, edit and delete components as well. Application-wise it shouldn't make a difference whether or not, so probably do a risk analysis and then decide which part of the question you actually need to answer now or if you can solve this by just deciding now, and if the future shows that your design needs change, change your design.
We need to deal with ACLs. Whether a domain object or collection is accessible by the current user is determined by the ACLs.
Isn't it part of the model?
Sure, it's part of the model, the ACL Domain Model (and explicitly not other models).
Should controllers implement business logic?
That depends on your design and style of doing things "your" MVC-way. As you're designing a framework you should probably allow both to keep the usage of the framework flexible.
Taking a closer look on your code examples I'd say you're only shifting things around anyway. Why do you have a controller when you use it to access the request? Shouldn't the request lead into the controller call and the controller should not care at all about the request any longer? Just a counter question, if you want to make your framework strict for some reason, think about why.
Now the second question. Should repositories deal with create, edit and delete operations?
Normally that's within the domain of a repository, but whatever suits your design needs, a repository could be just a delegate to different create, edit and delete components as well. Application-wise it shouldn't make a difference whether or not, so probably do a risk analysis and then decide which part of the question you actually need to answer now or if you can solve this by just deciding now, and if the future shows that your design needs change, change your design.
We need to deal with ACLs. Whether a domain object or collection is accessible by the current user is determined by the ACLs.
Isn't it part of the model?
Sure, it's part of the model, the ACL Domain Model (and explicitly not other models).
Should controllers implement business logic?
That depends on your design and style of doing things "your" MVC-way. As you're designing a framework you should probably allow both to keep the usage of the framework flexible.
Taking a closer look on your code examples I'd say you're only shifting things around anyway. Why do you have a controller when you use it to access the request? Shouldn't the request lead into the controller call and the controller should not care at all about the request any longer? Just a counter question, if you want to make your framework strict for some reason, think about why.
Now the second question. Should repositories deal with create, edit and delete operations?
Normally that's within the domain of a repository, but whatever suits your design needs, a repository could be just a delegate to different create, edit and delete components as well. Application-wise it shouldn't make a difference whether or not, so probably do a risk analysis and then decide which part of the question you actually need to answer now or if you can solve this by just deciding now, and if the future shows that your design needs change, change your design.
We need to deal with ACLs. Whether a domain object or collection is accessible by the current user is determined by the ACLs.
Isn't it part of the model?
Sure, it's part of the model, the ACL Domain Model (and explicitly not other models).
Should controllers implement business logic?
That depends on your design and style of doing things "your" MVC-way. As you're designing a framework you should probably allow both to keep the usage of the framework flexible.
Taking a closer look on your code examples I'd say you're only shifting things around anyway. Why do you have a controller when you use it to access the request? Shouldn't the request lead into the controller call and the controller should not care at all about the request any longer? Just a counter question, if you want to make your framework strict for some reason, think about why.
Now the second question. Should repositories deal with create, edit and delete operations?
Normally that's within the domain of a repository, but whatever suits your design needs, a repository could be just a delegate to different create, edit and delete components as well. Application-wise it shouldn't make a difference whether or not, so probably do a risk analysis and then decide which part of the question you actually need to answer now or if you can solve this by just deciding now, and if the future shows that your design needs change, change your design.
We need to deal with ACLs. Whether a domain object or collection is accessible by the current user is determined by the ACLs.
Isn't it part of the model?
Sure, it's part of the model, the ACL Domain Model (and explicitly not other models).