There are many ways to reproduce this. The simplest is:
- Create a patient
- Add Admin as a collaborator to it, with any access level, e.g. 'edit' (either from the UI or via REST, doesn't matter)
- Read the permissions for this patient via REST.
Expected: Collaborator 'Admin' appears with 'edit' access level, as it was recorded
Actual: Collaborator 'Admin' appears with 'owner' access level
This behavior appears to be intentional and there probably was a good reason behind this choice originally. However, it creates issues with using the RESTful API for managing permissions from the UI ( PT-3210 Final code review ), since the collaborator levels that are read via GET do not always correspond to the collaborator levels recorded.