Firebase Rule - Match document to user via email address

I'm trying to get a simple rule to work: If a document from my records collection contains an email (fatherEmail || motherEmail) that matches the email of the user logging in, allow that doc to be read. Not working - Missing or insufficient permissions.

Here are my rules: Cloud Firestore Rules

Per Firebase tech support the recommended way to retrieve the auth'd user's email address:

function getUserEmail(){ return; }

Here’s the Stackblitz:

Login using a verified email: User: Pass: foobar If you look at the console, you'll see the error I mentioned above.

My records collection contains one document that contains as the value for thefatherEmail property so that doc should pull up: Matching Doc