File deletion is unsafe operation. Granting rights to delete files to one user means that the same rights are granted to all other users. Any user will be able to delete any file of a project at any time.
To delete a file, you must use REST API, which requires a private key. We strongly recommend to use it from your back-end. However, if you are sure, that not a single stranger have access to your page, you can expose secret key and make REST API requests from Javascript.