Permission checking is usually done in the Models. You can implement some can*() methods in your model class, which would check the permission of the viewing user for a particular action. Then call these methods from a controller to set the value of a template parameter.
$foo = $fooModel->getFooById($fooId);
$viewParams = array(
'foo' => $foo,
'canDeleteFoo' => $fooModel->canDeleteFoo($foo, $visitor),
'canEditFoo' => ...
// Pass these parameters to your template
And then in your template, simply check for:
<!-- Stuff to show if the user can delete foo -->