我在Sping Boot 中创建了一个REST API，它维护4个模型：博客文章，对文章的评论，用户配置文件，和角色。目前博客文章只能由管理员删除，而不是创建它的用户，我想添加这个功能，该文章可以由创建者删除，这需要首先登录，所以我该如何实现？
以下是我的用户模型：

@Setter
@Getter
@NoArgsConstructor
@AllArgsConstructor
@Entity
@Table(name = "users")
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    @Column(nullable = false, unique = true)
    private String email;

    private String name;

    @Column(nullable = false, unique = true)
    private String username;

    @Column(nullable = false)
    private String password;

    @ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinTable(name = "users_roles",
            joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"),
            inverseJoinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id")
    )
    private Set<Role> roles;
}

这里是我的帖子模型：

@Data
@AllArgsConstructor
@NoArgsConstructor

@Entity
@Table(
        name="Posts", uniqueConstraints = {@UniqueConstraint(columnNames = {"title"})}
)
public class Post {
    @Id
    @GeneratedValue(
            strategy = GenerationType.IDENTITY
    )
    private Long id;

    @Column(name = "Title", nullable = false)
    private String title;

    @Column(name = "Description", nullable = false)
    private String description;

    @Column(name = "Content", nullable = false)
    private String content;

    @OneToMany(mappedBy = "post", cascade = CascadeType.ALL, orphanRemoval = true)
    Set<Comment> comments = new HashSet<>();
}

以下是我的删除后终点：

@PreAuthorize("hasRole('ADMIN')")
@DeleteMapping("/{id}")
public ResponseEntity<String> deletePostById(@PathVariable Long id) {
    postService.deletePostById(id);
    return new ResponseEntity<>("Post Deleted Successfully", HttpStatus.OK);
}

编辑：最后，我能够在这里配置它

private User getUser() {
    SecurityContext context = SecurityContextHolder.getContext();
    Authentication auth = context.getAuthentication();
    return userRepository.findUserByEmail(auth.getName()).orElse(null);
}