service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if request.auth != null
      						&& request.auth.uid == resource.data.userId
                  && request.auth.token.email_verified;
      allow write: if request.auth != null
                  && request.auth.token.email_verified;
    }
  }
}