When people delete tasks it should only delete the tasks in projects that person has access to.
Task T is associated to Project A, B and C
Mr.Bob can edit project A, comment only project B, but no access to project C
When Mr.Bob delete Task T, it should only remove from project A, and task T in project C should remain intact. In the end, projects should only be accessed by those who have the permission to do so.
Security wise, it is a general practice to put denied first before allowed when the two are conflicted.
Editing is one thing. There are logs anyway. However, to be able to completely remove tasks from projects you have no access to, it does make no sense to me.