Symfony MVC best practice for controllers

Question

In a Symfony/Doctrine/PHP-project, a client is complaining that we've broken software development best practices. The complaint is about improper layering of the source code, and the lack of unit tests.

• This is a sub $50k-project.
• I believe that the client has an expert from the Java world, perhaps Spring Framework, looking at the source code.

We've been using proper MVC, as we see it.

• View-logic is handled entirely by TWIG.
• Database is handled entirely by Doctrine.
• We're using Symfony Security for access control ($this->get('security.context')->isGranted('ROLE_ADMIN') and $this->get('security.context')->getToken()->getUser().

Beware that Symfony has changed the model a bit, since we started this project - but remains backward compatible.

In the controller the customer is specifically saying that it's wrong for the controller to handle:

• Access Control (via Symfony Security)
• Database Queries (via Doctrine)
• "Parsing and other logic" for sending back responses (return $this->render('some_template.html.twig');)

The question

The client is saying that best practices is for the controller to simply pass on requests to another layer further down in the system.

Further he's saying that user-admin is based on a "custom model" where all users and roles are stored in the database - which makes plugging in a different access control system difficult. Specifically because role names seems to be hard coded such as via commands such as ($this->get('security.context')->isGranted('ROLE_ADMIN').

So; is there a definitive best practice on this field? What belongs in the controller, and is Doctrine, Twig, Symfony Security "sufficiently" a separate layer "below the controller".

Should there be yet another layer between the controller and Doctrine for example?

Answer 1

Source: http://fabien.potencier.org/what-is-symfony2.html

First, what is Symfony2?

First, Symfony2 is a reusable set of standalone, decoupled, and cohesive PHP components that solve common web development problems.

Then, based on these components, Symfony2 is also a full-stack web framework.

Depending on your project and depending on your needs, you can either pick and choose some of the Symfony2 components and start your project with them, or you can use the full-stack framework and benefit from the tight integration it provides out of the box. And choosing between the two different approaches is really up to you.

Is Symfony2 an MVC framework?

Symfony2 is really about providing the tools for the Controller part, the View part, but not the Model part. It's up to you to create your model by hand or use any other tool, like an ORM. Of course, tight integration exists for the most well known ORMs like Doctrine2 and Propel; but they are optional dependencies. The Symfony2 core features do not and will never rely on any ORM.

Symfony2 is an HTTP framework; it is a Request/Response framework. That's the big deal. The fundamental principles of Symfony2 are centered around the HTTP specification.

Symfony about best practices: https://symfony.com/doc/current/best_practices.html

You should rly read this about controller best practices: https://symfony.com/doc/current/best_practices.html#controllers

You can read this answer https://stackoverflow.com/a/21701890/2160958