Steps to reproduce:
log in with JohnDoe
create a new patient, draw its pedigree
log in with Admin
create a new patient, add it to JohnDoe's family & pedigree
log in with JohnDoe, edit the family
correct: JohnDoe cannot click on Admin's patient, view its details, or edit it in any way
bug: JohnDoe can delete the whole node from the pedigree
In Admin's patient history, the patient appears modified by JohnDoe, even though JohnDoe cannot access that patient
consequence bug: if JohnDoe click Undo in the pedigree, saving will fail due to insufficient permissions; the behavior is correct, JohnDoe shouldn't be able to put Admin's patient in a family, and this bug will not be present once the original bug is fixed