func (dgh *deleteGroupHandler) firewall(req *charonrpc.DeleteGroupRequest, act *session.Actor) error {
    if act.User.IsSuperuser {
        return nil
    }
    if act.Permissions.Contains(charon.GroupCanDelete) {