A controller should contain enough logic to interpret what the user has said to do before passing processing off to a service layer.
So if a user says "Mark this post as one I like", by clicking the like button, the controller makes sure that user is authorized, and then let's the service layer handle actually doing the work of marking the post etc.
If the user says "create a new blog entry" then the controller would collect the post, tags, time stamp and other relevant information, and do a minimal validation of the data. Then it would hand off the processing to a service layer. If the service layer finds an issue, then it should throw an exception which you can then handle in the controller.
