URI pattern / Javascript policy question

I am new to KC and trying to play with authorisation using the analogy of a law firm with lawyers and clerks.

→ Lawyers and Clerks are assigned to specific cases.
→ Lawyers can perform write actions on the case
→ Clerks can only read from cases
→ A case will have child resource

Sample URIs:

My idea:

Create a group for each case and assign users to the group. The group will have a naming convention “CaseGroup:{caseId}”

Create 2 roles, lawyers, clerks and assign users to those roles

So I want to create 2 policies:

Java Script policy to do the following:

  1. Extract the caseId out of the requested resource URI ("/cases/1/notes")
  2. Calculate the group name (“CaseGroup:1”)
  3. Verify user is a member of “CaseGroup:1”)

Role Policy
If user’s role is lawyer able to write
If user’s role in clerk able to read

Creating the Role policy is easy but how do I create the Javascript policy?

Any ideas?