There has been a fair bit of talk/debate lately in the Zend Framework community about thin controllers. Apparently there is a tendency of ZF users to view the Model as nothing more than the gateway to the database.
The argument is that Models should be "fat" and do more of the work and Controllers shouldn't be chaining methods and doing much work beyond conveying the meaning of the UI to the model.
For some references follow the links in this post:
http://weierophinney.net/matthew/archives/200-Using-Zend_Form-in-Your-Models.html
Along the same lines, I think it's easy to let Zend_Acl and Zend_Auth overtake your controllers and turn them into a complex mess.
I'm building a site right now that requires an admin section and before writing that code, I thought I'd try to get a good discussion/debate started on how best to structure authorization and access control, with a particular eye to well tested methodologies from the OOP world.
Thank you.