Why not write a special filter for that as well? You can put any string in your filter array, so you can write your own logical operators.
You can think of anything, for example:
/article/update*=authc, ownerOf["article","id", or(roles(admin))"]
And then parse the string and apply the correct authorization logic you want.