[Zope] Delete permission weirdness?

[Chris Allen]

Hi all,

I have stumbled across this rather interesting behaviour: Consider a
situation where you have a DTML method within a Folder object.  For a
user-defined role "MyRole" you enable "Delete objects" permission on the
Folder.  But for the DTML method, you turn off "Acquire permission" and make
sure the delete permission is off for everyone (even "Manager").  Why does
Zope still allow a user in the "MyRole" group to delete the object?

Regards,
Chris