I think you need to modify the 'write list' option.
The way you have it coded, 'staff' will be interpreted as a user. Here is what it shows in the samba doc.
This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax.
Note that if a user is in both the read list and the write list then they will be given write access.
By design, this parameter will not work with the security = share in Samba 3.0.
Default: write list =
Example: write list = admin, root, @staff
So, try @staff, that should treat the staff as the group you intend.
Hope this helps.