Yeah this looks more or less correct, assuming read/write/etc are on the organization level and not on the case level. For performance reasons, you probably want to swap the order of the intersection conditionals, as we want to keep the cardinality of the left hand side of the intersection as small as possible, and presumably a huge number of users will belong to the org and be a strict superset of the read/write/etc.