diff --git a/app/tests.py b/app/tests.py
index 303ed2861d9c2761193e344b0a297854bdb9d2f2..6f040bdb2730f9345e35723f04c5731ff4681194 100644
--- a/app/tests.py
+++ b/app/tests.py
@@ -466,18 +466,43 @@ class DetailMateriTest(TestCase):
         self.assertNotContains(response, "Beri komentar...")
         self.assertContains(response, "Login terlebih dahulu untuk berkomentar")
 
-    def test_delete_comments_by_admin(self):
-        self.client.login(**self.contributor_credential)
+    def create_and_delete_comment(self, is_admin=False, is_contributor=False):
         url = self.url
+        self.client.login(**self.admin_credential)
         self.client.post(url, {"comment": "This is new comment by Anonymous"})
-        deleteURL = (
-            "/delete/"
-            + str(self.materi1.id)
-            + "/"
-            + str(Comment.objects.get(comment="This is new comment by Anonymous").id)
-        )
-        self.client.get(deleteURL)
-        self.assertEqual(Comment.objects.all().filter(comment="This is new comment by Anonymous").count(), 0)
+        deleteURL = "/delete/" + str(self.materi1.id) + "/" + str(
+            Comment.objects.get(comment="This is new comment by Anonymous").id)
+        if is_admin:
+            self.client.login(**self.admin_credential)
+        if is_contributor:
+            self.client.login(**self.contributor_credential)
+        if not is_admin and not is_contributor:
+            self.client.login(**self.anonymous_credential)
+        response = self.client.get(deleteURL)
+        return response
+
+    def test_delete_comments_by_admin(self):
+        self.create_and_delete_comment(is_admin=True)
+        count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count()
+        self.assertEqual(count, 0)
+
+    def test_delete_comments_by_contributor(self):
+        response = self.create_and_delete_comment(is_contributor=True)
+
+        self.assertRaises(PermissionDenied)
+        self.assertEqual(response.status_code, 403)
+
+        count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count()
+        self.assertEqual(count, 1)
+
+    def test_delete_comments_by_anonymous(self):
+        response = self.create_and_delete_comment()
+
+        self.assertRaises(PermissionDenied)
+        self.assertEqual(response.status_code, 403)
+
+        count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count()
+        self.assertEqual(count, 1)
 
     def test_tombol_citasiAPA(self):
         response = self.client.get(self.url)
diff --git a/app/views.py b/app/views.py
index 66b96f602abe4c0033ad5efdb02ec8cd51f90950..c48aebbc8659d0532996163478278099cc975852 100644
--- a/app/views.py
+++ b/app/views.py
@@ -236,6 +236,8 @@ def toggle_like(request):
 
 
 def delete_comment(request, pk_materi, pk_comment):
+    if not request.user.is_authenticated or not request.user.is_admin:
+        raise PermissionDenied(request)
     comment = get_object_or_404(Comment, pk=pk_comment)
     url = "/materi/" + str(pk_materi) + "/"
     comment.delete()