diff --git a/server/routes/api/comments/comments.ts b/server/routes/api/comments/comments.ts
index fd6b388d3..34143b017 100644
--- a/server/routes/api/comments/comments.ts
+++ b/server/routes/api/comments/comments.ts
@@ -94,6 +94,10 @@ router.post(
         of: Comment,
       },
     });
+    const document = await Document.findByPk(comment.documentId, {
+      userId: user.id
+    });
+    authorize(user, "comment", document);
     authorize(user, "update", comment);
 
     await commentUpdater({
@@ -124,6 +128,10 @@ router.post(
     const comment = await Comment.findByPk(id, {
       transaction,
     });
+    const document = await Document.findByPk(comment.documentId, {
+      userId: user.id
+    });
+    authorize(user, "comment", document);
     authorize(user, "delete", comment);
 
     await commentDestroyer({