Stackpane Stackpane
Download

Security Rules

View, edit, deploy, and test Firestore and Storage security rules directly from Stackpane.

Overview

Stackpane displays your currently deployed Firestore and Storage security rules with syntax highlighting. You can review rules, switch between Firestore and Storage rule sets, edit rules directly, deploy changes, and test access patterns — all without leaving the app.

Viewing Rules

Navigate to the Security Rules section from the sidebar. Rules load automatically for the active connection.

Firestore and Storage Toggle

Use the toggle at the top to switch between:

  • Firestore Rules — security rules for your Firestore database
  • Storage Rules — security rules for your Cloud Storage bucket

If multiple rule files exist for a service, they are displayed in a tab view.

Rule Metadata

The “Updated” timestamp shows when the currently deployed rules were last modified. Click Refresh to reload the latest rules from the server.

Syntax Highlighting

Rules are displayed with color-coded syntax highlighting for easy reading:

  • Keywords (blue): rules_version, service, match, allow, if, function, return, let
  • Operations (orange): read, write, get, create, update, delete, list
  • Built-ins (teal): request, resource, auth, path, data, time, duration, math, firestore
  • Booleans and null (purple): true, false, null
  • Strings (red): single-quoted string literals
  • Comments (gray): // line comments

Editing Rules

  1. Click the Edit button to enter edit mode.
  2. The rules source becomes editable in a text editor.
  3. Make your changes to the rules text.
  4. Click Deploy to push the changes, or Cancel to discard.

The editor supports standard text editing features including select all, copy, paste, and undo/redo.

Deploying Rules

From the Editor

  1. Enter edit mode by clicking Edit.
  2. Make your changes to the rules text.
  3. Click Deploy to push the changes.
  4. A confirmation dialog appears warning that this will replace the currently deployed rules.
  5. Click Confirm to proceed with the deployment.

Keyboard Shortcut

Press Cmd+S while in edit mode to trigger the deploy confirmation dialog. This provides a familiar save workflow for developers used to code editors.

Confirmation Dialog

Before deployment, Stackpane shows a confirmation dialog that:

  • Warns that the deployed rules will be replaced immediately
  • Notes that the changes take effect right away for all clients
  • Provides a Confirm button to proceed and a Cancel button to abort

After Deployment

Once deployed:

  • The rules view refreshes to show the newly deployed rules
  • The “Updated” timestamp updates to reflect the deployment time
  • The editor returns to read-only mode

Deployment Scope

Deployment applies to the currently selected rule set:

  • If you are editing Firestore Rules, only Firestore rules are deployed
  • If you are editing Storage Rules, only Storage rules are deployed

Other rule sets are not affected by the deployment.

Testing Access

The Test Access feature lets you verify how your deployed Firestore security rules respond to specific operations on specific document paths. This is a quick way to check rule behavior without writing test code or using the Firebase Console’s rules simulator.

Running a Test

  1. Click Test Rules in the Security Rules toolbar. This is available for Firestore rules only.
  2. Enter a document path (e.g., users/alice, orders/order123).
  3. Select an operation type from the picker:
    • read — test read access
    • write — test write access
    • get — test single document read
    • create — test document creation
    • update — test document update
    • delete — test document deletion
    • list — test collection listing
  4. Click Test to execute the access check.

Reading Results

The test result displays:

  • Allowed (green checkmark) — the operation is permitted by the rules
  • Denied (red X) — the operation is blocked by the rules
  • HTTP status code — the response status from the rules evaluation

Production Warning

When testing against a production (non-emulator) connection, Stackpane displays a warning banner reminding you that:

  • The test runs against your live deployed rules
  • No data is actually modified by the test
  • Results reflect the current production rule set

Use Cases

Verifying New Rules

After editing and deploying new rules, use Test Access to confirm they work as expected:

  1. Test that authenticated paths allow the expected operations
  2. Test that restricted paths deny unauthorized operations
  3. Test edge cases like nested subcollection access

Debugging Access Issues

When your application encounters a permission denied error:

  1. Enter the document path that triggered the error
  2. Test the specific operation that failed
  3. Verify whether the rules allow or deny the operation
  4. Edit the rules if needed and re-test

Tips

  • Review your rules regularly to ensure they match your application’s access patterns
  • Test both positive cases (operations that should be allowed) and negative cases (operations that should be denied)
  • Test rule changes against the emulator before deploying to production
  • Keep a backup of your rules in version control alongside your application code
  • Make small, focused rule changes rather than large rewrites to minimize risk