I am working on Check content permissions (page) and when testing I have always true even the user does not has permission with delete operation.
Example user does not have permission to delete Confluence page but when checking with rest api hasPermission is true!!!
Sounds like a bug to me. If you can put together "Steps to Reproduce" the problem, maybe with some screenshots, that would make an excellent bug report to Atlassian: