Using the if statement to redirect unverified users, then the switch case statement to redirect based on user level is the best way to do this.
as for the access rule, it sounds like you figured it out, use a restrict if condition to restrict if the verified session is false, then an allow condition to allow if the user level session is above a certain value.