avalonmediasystem · masaball · Mar 27, 2026 · Apr 10, 2026 · Jun 11, 2026
diff --git a/app/controllers/admin/collections_controller.rb b/app/controllers/admin/collections_controller.rb
@@ -71,7 +71,7 @@ def show
       format.json { render json: @collection.to_json }
       format.html {
         @groups = { inherited: @collection.inherited_local_read_groups, default: @collection.default_local_read_groups }
-        @users = { inherited: @collection.inherited_read_users, default: @collection.default_read_users }
+        @users = { inherited: @collection.inherited_read_users.map(&:downcase), default: @collection.default_read_users.map(&:downcase) }
         @virtual_groups = { inherited: @collection.inherited_virtual_read_groups, default: @collection.default_virtual_read_groups }
         @ip_groups = { inherited: @collection.inherited_ip_read_groups, default: @collection.default_ip_read_groups }
         @visibility = @collection.default_visibility

diff --git a/app/controllers/admin/units_controller.rb b/app/controllers/admin/units_controller.rb
@@ -61,7 +61,7 @@ def show
       format.json { render json: @unit.to_json }
       format.html {
         @groups = @unit.default_local_read_groups
-        @users = @unit.default_read_users
+        @users = @unit.default_read_users.map(&:downcase)
         @virtual_groups = @unit.default_virtual_read_groups
         @ip_groups = @unit.default_ip_read_groups
 

diff --git a/app/controllers/media_objects_controller.rb b/app/controllers/media_objects_controller.rb
@@ -310,7 +310,7 @@ def custom_edit
     if 'access-control' == @active_step
       @groups = { base: @media_object.local_read_groups, inherited: @media_object.inherited_local_read_groups }
       @group_leases = @media_object.leases('local')
-      @users = { base: @media_object.read_users, inherited: @media_object.inherited_read_users }
+      @users = { base: @media_object.read_users.map(&:downcase), inherited: @media_object.inherited_read_users.map(&:downcase) }
       @user_leases = @media_object.leases('user')
       @virtual_groups = { base: @media_object.virtual_read_groups, inherited: @media_object.inherited_virtual_read_groups }
       @virtual_leases = @media_object.leases('external')

diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -385,8 +385,8 @@ def is_exclusively_inherited_from_parent?(media_object)
     # User isn't in item's read users and is inherited from parent (exclusively inherited user) OR
     # User isn't in item's read groups and is in a read group inherited from parent (exclusively inherited group)
     # Short form: NOT explicitly granted access to item AND (explicitly inherited user OR explicitly inherited group)
-    !(@user.in?(media_object.read_users) || !(@user_groups & media_object.read_groups).empty?) &&
-    ((!@user.in?(media_object.read_users) && @user.in?(media_object.inherited_read_users)) ||
+    !(@user.in?(media_object.read_users.map(&:downcase)) || !(@user_groups & media_object.read_groups).empty?) &&
+    ((!@user.in?(media_object.read_users.map(&:downcase)) && @user.in?(media_object.inherited_read_users.map(&:downcase))) ||
       ((@user_groups & media_object.read_groups).empty? && !(@user_groups & media_object.inherited_read_groups).empty?))
   end
 

diff --git a/app/models/admin/collection.rb b/app/models/admin/collection.rb
@@ -78,6 +78,7 @@ class Admin::Collection < ActiveFedora::Base
   around_save :reindex_members, if: Proc.new { |c| c.name_changed? or c.unit_changed? }
   around_save :return_checkouts, if: Proc.new { |c| c.cdl_enabled_changed? && c.cdl_enabled == false }
   before_create :create_dropbox_directory!
+  before_save :normalize_read_users, if: proc { |c| c.default_read_users_changed? }
 
   before_destroy :destroy_dropbox_directory!
 
@@ -388,4 +389,8 @@ def published_count
     def unpublished_count
       media_objects.count - published_count
     end
+
+    def normalize_read_users
+      self.default_read_users = default_read_users.map(&:downcase)
+    end
 end
diff --git a/app/models/admin/unit.rb b/app/models/admin/unit.rb
@@ -62,6 +62,7 @@ class Admin::Unit < ActiveFedora::Base
 
   has_subresource 'poster', class_name: 'IndexedFile'
 
+  before_save :normalize_read_users, if: proc { |u| u.default_read_users_changed? }
   around_save :reindex_members, if: proc { |u| u.name_changed? }
 
   def created_at
@@ -235,4 +236,8 @@ def remove_edit_user(name)
   def add_edit_user(name)
     self.default_permissions.build({ name: name, type: 'person', access: 'edit' })
   end
+
+  def normalize_read_users
+    self.default_read_users = default_read_users.map(&:downcase)
+  end
 end
diff --git a/app/models/concerns/admin_collection_behavior.rb b/app/models/concerns/admin_collection_behavior.rb
@@ -43,7 +43,7 @@ def inherited_depositors
   end
 
   def inherited_read_users
-    unit.default_read_users
+    unit.default_read_users.map(&:downcase)
   end
 
   def inherited_read_groups

diff --git a/app/models/concerns/media_object_behavior.rb b/app/models/concerns/media_object_behavior.rb
@@ -141,7 +141,7 @@ def inherited_virtual_read_groups
   def inherited_read_users
     return [] unless collection
     users = collection.default_read_users.to_a + collection.inherited_read_users.to_a
-    users.uniq
+    users.uniq.map(&:downcase)
   end
 
   def inherited_read_groups

diff --git a/app/models/media_object.rb b/app/models/media_object.rb
@@ -37,6 +37,7 @@ class MediaObject < ActiveFedora::Base
   before_save :update_dependent_properties!, prepend: true
   before_save :update_permalink, if: Proc.new { |mo| mo.persisted? && mo.published? }, prepend: true
   before_save :assign_id!, prepend: true
+  before_save :normalize_read_users
 
   after_find do
     # Force loading of section_ids from list_source
@@ -512,4 +513,7 @@ def sections_with_rendering_files?(tags)
       tags.any? { |t| sections_with_files(tag: t).present? }
     end
 
+    def normalize_read_users
+      self.read_users = read_users.map(&:downcase)
+    end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -133,7 +133,7 @@ def self.find_for_lti(auth_hash, signed_in_resource=nil)
   end
 
   def self.autocomplete(query, _id = nil)
-    self.where("username LIKE :q OR email LIKE :q", q: "%#{query}%").collect { |user|
+    self.where("LOWER(username) LIKE LOWER(:q) OR LOWER(email) LIKE LOWER(:q)", q: "%#{query}%").collect { |user|
       { id: user.user_key, display: user.user_key }
     }
   end

diff --git a/lib/tasks/avalon_migrations.rake b/lib/tasks/avalon_migrations.rake
@@ -171,5 +171,36 @@ namespace :avalon do
         collection.save!(validate: false)
       end
     end
+    desc "Downcase existing special access user entries"
+    task special_access_users: :environment do
+      query = 'inheritable_read_access_person_ssim:/.*[A-Z].*/ OR read_access_person_ssim:/.*[A-Z].*/'
+
+      num_found = ActiveFedora::SolrService.count(query)
+      puts("#{num_found} matching records found.")
+
+      start = 0
+      error_count = 0
+      while start < num_found
+        ids = ActiveFedora::SolrService.query(query, fl: 'id', rows: 1000, start: start)
+        ids.each do |i|
+          object = ActiveFedora::Base.find(i[:id])
+          case object.class
+          when Admin::Unit, Admin::Collection
+            object.default_read_users = object.default_read_users.map(&:downcase)
+          when MediaObject
+            object.read_users = object.read_users.map(&:downcase)
+          end
+          object.save
+        rescue StandardError => e
+          # Use `i[:id]` for logging in case the error occurs when trying to find the object
+          puts("A problem was encountered with record #{i[:id]}: #{e.message}")
+          error_count += 1
+          next
+        end
+        start += 1000
+      end
+
+      puts("#{num_found - error_count} records successfully migrated")
+    end
   end
 end
diff --git a/spec/controllers/admin_collections_controller_spec.rb b/spec/controllers/admin_collections_controller_spec.rb
@@ -561,8 +561,15 @@
     end
 
     context "add new special access" do
-      it "user" do
-        expect{ put 'update', params: { id: collection.id, submit_add_user: "Add", add_user: "test1@example.com", add_user_display: "test1" }}.to change{ collection.reload.default_read_users.size }.by(1)
+      context "user" do
+        it "adds user" do
+          expect { put 'update', params: { id: collection.id, submit_add_user: "Add", add_user: "test1@example.com", add_user_display: "test1" } }.to change { collection.reload.default_read_users.size }.by(1)
+        end
+
+        it "is case insensitive" do
+          put 'update', params: { id: collection.id, submit_add_user: "Add", add_user: "Test2@example.com", add_user_display: "Test2" }
+          expect(collection.reload.default_read_users).to include("test2@example.com")
+        end
       end
 
       it "group" do

diff --git a/spec/controllers/admin_units_controller_spec.rb b/spec/controllers/admin_units_controller_spec.rb
@@ -406,8 +406,15 @@
     end
 
     context "add new special access" do
-      it "user" do
-        expect { put 'update', params: { id: unit.id, submit_add_user: "Add", add_user: "test1@example.com", add_user_display: "test1" } }.to change { unit.reload.default_read_users.size }.by(1)
+      context "user" do
+        it "adds user" do
+          expect { put 'update', params: { id: unit.id, submit_add_user: "Add", add_user: "test1@example.com", add_user_display: "test1" } }.to change { unit.reload.default_read_users.size }.by(1)
+        end
+
+        it "is case insensitive" do
+          put 'update', params: { id: unit.id, submit_add_user: "Add", add_user: "Test2@example.com", add_user_display: "Test2" }
+          expect(unit.reload.default_read_users).to include("test2@example.com")
+        end
       end
 
       it "group" do

diff --git a/spec/controllers/media_objects_controller_spec.rb b/spec/controllers/media_objects_controller_spec.rb
@@ -2214,9 +2214,15 @@
       before(:each) { login_user media_object.collection.managers.first }
 
       context "grant and revoke special read access" do
-        it "grants and revokes special read access to users" do
-          expect { put :update, params: { id: media_object.id, step: 'access-control', donot_advance: 'true', add_user: user, submit_add_user: 'Add' } }.to change { media_object.reload.read_users }.from([]).to([user])
-          expect {put :update, params: { id: media_object.id, step: 'access-control', donot_advance: 'true', remove_user: user, submit_remove_user: 'Remove' } }.to change { media_object.reload.read_users }.from([user]).to([])
+        context "users" do
+          it "grants and revokes special read access to users" do
+            expect { put :update, params: { id: media_object.id, step: 'access-control', donot_advance: 'true', add_user: user, submit_add_user: 'Add' } }.to change { media_object.reload.read_users }.from([]).to([user])
+            expect {put :update, params: { id: media_object.id, step: 'access-control', donot_advance: 'true', remove_user: user, submit_remove_user: 'Remove' } }.to change { media_object.reload.read_users }.from([user]).to([])
+          end
+          it "is case insensitive" do
+            put :update, params: { id: media_object.id, step: 'access-control', donot_advance: 'true', add_user: "Test1@example.com", submit_add_user: 'Add' }
+            expect(media_object.reload.read_users).to include("test1@example.com")
+          end
         end
         it "grants and revokes special read access to groups" do
           expect { put :update, params: { id: media_object.id, step: 'access-control', donot_advance: 'true', add_group: group, submit_add_group: 'Add' } }.to change { media_object.reload.read_groups }.from([]).to([group])