diff --git a/conservancy/usethesource/views.py b/conservancy/usethesource/views.py
index 4b7a6be9ff2697a98750bc3c00b6f06a617e00b9..6d6446ede701dc1e9203f947a340b95175eb853a 100644
--- a/conservancy/usethesource/views.py
+++ b/conservancy/usethesource/views.py
@@ -1,4 +1,5 @@
 from django.contrib.admin.views.decorators import staff_member_required
+from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404, redirect, render
 
 from .models import Candidate, Comment
@@ -53,6 +54,8 @@ def create_comment(request, slug):
 @staff_member_required
 def edit_comment(request, comment_id):
     comment = get_object_or_404(Comment, id=comment_id)
+    if request.user != comment.user and not request.user.has_perm('usethesource.change_comment'):
+        raise PermissionDenied
     if request.method == 'GET':
         form = CommentForm(instance=comment)
     else:
@@ -72,8 +75,11 @@ def view_comment(request, comment_id, show_add):
 
 @staff_member_required
 def delete_comment(request, comment_id, show_add):
+    comment = get_object_or_404(Comment, id=comment_id)
+    if request.user != comment.user and not request.user.has_perm('usethesource.delete_comment'):
+        raise PermissionDenied
+    comment.delete()
     show_add = show_add == 'true'
-    Comment.objects.filter(id=comment_id).delete()
     return render(request, 'usethesource/comment_deleted.html', {'comment': None, 'add': show_add})