I have an application under way that is starting to emit bad code smells. I have a number of parameters related to each record (dates, foreign key values, text, etc.) which I need to evaluate against a number of business rules under two circumstances:
a) each time the record is updated when it is in it's "pending" state
and b) when the user attemts to "issue" the record

To date, I have a model class that is basically a Row Data Gateway to handle retrieveing and saving the data in the database. In my form processing (controller) I have been adding private methods to process some of these business rule checks (smell #1, code in the wrong location - belongs in the model, not in the controller). Having these methods private also makes them hard to test (smell #2, hard to test).

So what I am trying to dig at is resources or peoples experiences in trying to model reasonably complex validation logic. Some of this logic goes way beyond "this field required" or "match this regex" kind of validation. In some cases the logic needs to look up the prior issued revision of these records and compare fields from that revision as part of the logic, etc.

Any links or references to appropriate patterns would be greatly appreciated.