Improper access control lead To delete anyone comment

SUMMURY ======================== Here server dont check the owner of any comment. During Comment deletion it does not check whether the comment is created by user or not. so i can delete a comment of others user. STEP TO REPRODUCE ======================= 1. goto https://localhost:8080/blog/comments . 2. select any commnet which is already aproved. 3.Unaprove it by clicking "Hide Comment". 4. Now delete that commnet and see comment is deleted which is not created by himself. FIX ======== implement proper access control mechanism so that when user try to delete a comment first check the comment is belongs to that user or not.