Requirement Specifications
| Document | Requirement Specification |
| Specification name | Requirement Specification for PrestaShop |
| Author: | Niko Hämäläinen |
| Version: | 1.0 |
| Date: | 21-2-2024 |
Introduction
"PrestaShop" project works as a worklife example of an exercise in building a fully functional e-commerce platform using given material and infrastructure. The project's goal is to deliver a versatile and user-friendly platform, which clients can use to create their own instance of an online store service and end users can use for online shopping.
Development of the project is scheduled from January 14th 2025 to April 22nd 2025. Service will include functionalities such as a product catalog, personal customer accounts and order processing. Project is developed as a part of the Future Factory course.
Client
Service clients are small and medium-sized business oriented entities that require an e-commerce platform. Clients will operate as independent entities on the platform and manage their own PrestaShop instance.
About the author and project team
The project is developed by a group of upcoming experts on a multitude of fields on IT, each member contributing with skills on their area of expertise. Our aim is to deliver a working project which will showcase our technical skills, capabilities and readiness to learn by working.
| Name | Responsibility |
|---|---|
| Erika Korhonen | Team Leader |
| Niko Hämäläinen | Security/Administrator |
| Daniel | Developer |
| Kushagra Brandigampola | Developer |
| Nora Duralieva | Tester |
Short description of service/solution
The service works as an e-commerce platform designed for online retailers. Key features of the platform include: * Providing a Secure Service - Security measures to protect user data and prevent data breaches. * User-friendliness - Providing a user-friendly and intuitive service platform. * Streamlined Platform as a Service - Allowing development teams to integrate other business applications and services with an instance of PrestaShop * Scalability With Businesses - Supporting growing businesses with expanding needs. * User Feedback - Allowing users to share their feedback on further developing the system.
Target users
- End users
- Small businesses and entrepreneurs
- Administrators
Business requirements / goals?
| ReqID | Description |
|---|---|
| BUSINESS-REQ-0001 | Implement user-friendly interface. Design an intuitive and seamless registration and login process that minimizes friction for users |
| BUSINESS-REQ-0002 | We want to ensure that only authorized users can access the system |
| BUSINESS-REQ-0003 | We ensure balance between security and user experience, which are critical for a successful registration and login system |
| BUSINESS-REQ-0004 | Integrate testing into the continuous integration/continuous delivery (CI/CD) pipeline |
| BUSINESS-REQ-0005 | Generate clear and concise test reports with detailed results and metrics |
| BUSINESS-REQ-0006 | Ensure comprehensive testing of all user interfaces (front-end and back-end) |
| BUSINESS-REQ-0007 | The system should provide a dedicated user feedback service that collects, processes and manages customer feedback efficiently |
| BUSINESS-REQ-0008 | Integrate a feedback dialog directly within the PrestaShop user interface to enable real-time feedback submission during user interactions |
| BUSINESS-REQ-0009 | Minimize the risk of data breaches and unauthorized access to sensitive information |
| BUSINESS-REQ-0010 | Improve user trust and confidence in the system's security |
| BUSINESS-REQ-0011 | Enable seamless integration of PrestaShop instances with other business applications and services |
| BUSINESS-REQ-0012 | Ensure the reliability and availability of customer PrestaShop instances with minimal downtime |
Stakeholder map
Stakeholders and profiles
| Stakeholder/profile | Info / Link to description | Motivation? |
|---|---|---|
| Development Team | Team Introduction | Developing a scalable e-commerce platform |
| Scrum Master | Project Management | Ensures deadlines align with project |
| Product Owner | Key project shotcaller | Ensuring project aligns with business's goals and needs |
| Customers | Business owners selling products through the platform | Seeks business growth |
| End Users | Private individuals purchasing products from a customer's website | Seeks a secure shopping experience |
| Partners | Shipping / Payment services | Provide logistics support / Provide secure payment processing |
| Government | Regulation compliance | Ensure platform complies to tax regulations |
| Competitors | Other e-commerce platforms | Market competitors |
| Investors | Financial Backer | Seeks profit on investment |
| Lenders | Financial institution | Provides financial support |
Customer story's as background information
During requirement gathering process it's a good practice to do some interviewing among possible service users and importanto stakeholders. Gathering some information of different users will help to understand how service should be designed to fit a purpose. This information is valuable to understand in how the person/stakeholder benefits of solution/service in future. This process could be written as a customer story. Try to write a story from the perspective of the selected profile/stakeholder (other profiles / stakeholders may appear in the story). It is convenient to refer to previously created [Profile] descriptions as as a back ground of the story.
Example of end use/customer story
Profile 1 wakes up in the morning and checks on his phone if there is room in the X service from the morning. By using application he can find that there is several open slots available .........
end user profile 1 point of view
End user profile 1 is goint to start a concrete mill on a construction site in the afternoon when she receives a message from the X service .........
Customer need
| ReqID | Description |
|---|---|
| CUSTOMER-REQ-0001 | As a user of solution I would like to use Faceboot authentication |
| CUSTOMER-REQ-0002 | As a user, I want to receive an email confirmation when I place an order |
| CUSTOMER-REQ-0003 | As a user, I want to find a Frequently Asked Questions page in case I quickly need assistance and can't rely to wait on customer support tickets |
| CUSTOMER-REQ-0004 | As a user, I want to be confident that my data is protected from unauthorized access, so that I can trust the system |
| CUSTOMER-REQ-0008 | As a user, I want to be able to recover my password in case I forget it |
| CUSTOMER-REQ-0009 | As a user, I want a straightforward registration process, so I can start shopping as soon as possible |
Customer Journey paths in Service/solution
Customer journey path as PlantUML Statemachine -diagram
User Stories
| User Story ID | Description / link to issue |
|---|---|
| US007 | As a security officer, I want this automated scanner to correctly report vulnerabilities in line with their severity and offer mitigation strategies where possible, to help me prioritize and address these issues appropriately, #74 |
| US008 | As service provider I would like to integrate User Feedback Service as own system (e.g doorbell.io, user voice etc.) #101 |
| US009 | As a service provider we would like to be able to support our customer by replying on feedback, #105 |
| US010 | As a developer, I want to be notified of critical security vulnerabilities in our dependencies, so that I can quickly update them and minimize our risk, #72 |
| US013 | As a service provider I would like to integrate Doorbell.io because we have used it a lot #97 |
| US014 | As a developer I would like to get customer feedback in some case as issue (e.g bug or enhancement) using doorbell.io service #103 |
| US015 | As a developer I want to be able to quickly identify and fix bugs, so that I can minimize the impact on users #93 |
| US031 | As a business owner, I want to easily set up an online store without worrying about technical complexities, so that I can focus on running my business. #75 |
| US032 | As a developer, I want to easily integrate my custom applications and services with the PrestaShop platform, so that I can extend its functionality #85 |
| US033 | As a customer, I want to receive reliable and timely support for any technical issues I encounter, so that I can minimize downtime and maintain a smooth online store experience. #76 |
| US034 | As a business owner, I want to access comprehensive analytics and reporting on my store's performance, so that I can make informed decisions to improve my business. #77 |
| US038 | As a Project Manager I want to see regular report from the vulnerability scanning tool, providing visibility into our software security practices, and ensuring that we're maintaining good cybersecurity hygiene, #73 |
| US042 | As a tester, I need to ensure that the password recovery feature works correctly across different scenarios and devices, to ensure a seamless experience for the end-user #90 |
| US067 | As a developer, I would like to be able to use webservice API #86 |
| US092 | As a service provider we need to enable HTTPS #83 |
| US094 | As a Developer I would like to use Containers during development #81 |
| US095 | As a service operator, I would like to be able to run service in Containers #82 |
| US103 | As a tester I would like to be able to test our service using Robot Framework #91 |
| US114 | As a store owner, I want the system to be tested after bug fixes so that my customers do not experience new issues after an update #95 |
| US115 | As a developer I want to run regression tests after bug fixes so that I can ensure the fix does not break other parts of the system #96 |
| US121 | As a developer, I want to create a password reset function, so that users can regain access if they forget their password #84 |
| US123 | As a test engineer I want to automate checking that all product pages load properly, so that customers can browse products without errors #92 |
| US124 | As a DevOps engineer I want to generate a test report after every CI/CD run so that I can easily see which tests passed or failed #94 |
| US126 | As a customer of customer (end-user) I want to provide feedback on my shopping experience, so that the store owner can improve their services #100 |
| US128 | As a store owner I want to automatically analyze feedback, so that I can see trends without manually reading every comment #102 |
| US129 | As a customer, i want to report bugs easily from the store UI, so that developers can fix issues quickly, #104 |
| US130 | As a customer I want to see a list of frequently asked questions, so that I can solve my issue quickly without waiting for support, #106 |
| US132 | As a shop owner, I want our clients to log in securely with their credentials, so that information and purchase history are protected #87 |
| US133 | As a end user, if I forget my password, I want to easily recover or reset it, so I can access my account #89 |
| US182 | As a store owner, I want to collect and analyze customer feedback to improve my business #98 |
| US183 | As a customer I want to address customer concerns and improve product quality #99 |
| US210 | As a Prestashop developer, I want to easily integrate my preferred database MariaDB, with my local PrestaShop development environment using Docker Compose #80 |
| US211 | As a PrestaShop developer, I want to mount my local code into the Docker container to easily make changes and see them reflected immediately #79 |
| US212 | As a PrestaShop developer, I want to use a pre-configured Docker image that includes all the necessary PHP extensions and libraries for PrestaShop development #78 |
Selected Use Cases of service/solution
While a useruses the service there will be service-related interaction events. Most importatnt scenarios using the service/solution should be described somehow. One way to to define usage scenario is a Use Case description. Use Cases diagrams can be drawn using PlantUML scripts. UML Use Case description can be done as PlantUML description, but a more detailed use case requires a separate description document
It is useful to record all relevant use cases in one broader Use Case description because it allows you to view easier throughout the system. Attention! In the larger system as a whole, there may be several hundred different uses. A more detailed description of the use case in the training environment is provided using a use case-specific template file. For every use case an independent file is created.
| Use Case | Domain |
|---|---|
| Use Case 1 - Making Order | |
| Use Case 1 - Ordering | Customer |
| Use Case 2 - Modifying order | Customer |
| Use Case 3 - Cancelling order | Customer |
| Use Case 4 - Security management | Administrator |
| Use Case 5 - Customer feedback | Owner |
Preliminary MockUp-prototype layouts for solution/service
When defining the needed features and functions for service/solution under design, it may be handy method to scetch up some visible elements of service layouts. On web desing those preliminary visions for eg user interface layout are called as "Mockups". Mockups help to valiate development team's understanding of needed design between customer and team. Mockup's are handy to use also to check needed functionalityes during selected use cases. Different layouts and visualisation of service can reveal more easily some hidden needs those should be gather on the requirements specification.
System requirements
- Service will be developed as a SaaS model
- Servers will be hosted via a cloud service
- SLA uptime: 99%. Absolute 24/7 availability borderline impossible
| RequirementsID | Description |
|---|---|
| SYSTEM-HW-REQ-0002 | The main services must be at least duplicated N + 1 |
| SYSTEM-HW-REQ-0003 | Server memory capacity> 16GB |
| SYSTEM-HW-REQ-0004 | Intel / AMD x64 processor |
| SYSTEM-HW-REQ-0005 | System must support scalable networking to handle traffic spikes |
Constraints and standards that affect on service design
| ReqId | Description |
|---|---|
| CONSTRAINT-REQ-S00000 | The service login process must follow XYZ policies [Login ft1] (bottoms / bottom property.md) |
| CONSTRAINT-REQ-S00001 | The service must comply with GDPR regulations for handling personal user data |
| CONSTRAINT-REQ-S00002 | The system must log all administrative access and modifications for auditing purposes |
Service primary features and functionalities
- P1 = Mandatory
- P3 = Required
- P5 = Nice to have
Functional requirements of the service
| ReqID | Description | Affected feature |
|---|---|---|
| FUNC-REQ-C0001 | Ensure seamless integration with popular shipping services | Order Processing |
| FUNC-REQ-C0002 | Ensure the system sends an email confirmation for orders and shipping updates | Order Processing |
| FUNC-REQ-C0003 | Platform must allow new users to register a personal account | Registration and Login |
| FUNC-REQ-C0004 | Service providers should be able to reply on given feedback | Customer Service |
| FUNC-REQ-C0005 | Service provider can create a FAQ page | Customer Service |
| FUNC-REQ-C0006 | Customer should be able to leave feedback on purchased products | Customer Service |
| FUNC-REQ-C0007 | Ensure customer feedback is visible on product pages and easily accessible | Customer Service |
Software / service non-functional requirements
Performance Requirements
| ReqID | Requirement | Description |
|---|---|---|
| PERF-REQ-0000 | Response Time | The gateway service should respond to requests within a specified time frame under normal load conditions |
| PERF-REQ-0001 | Throughput | The gateway service should be able to handle a certain number of requests per second without degradation of performance |
| PERF-REQ-0002 | Scalability | The gateway service should be able to scale up to handle increased load, either by adding more resources (vertical scaling) or by distributing the load across multiple instances (horizontal scaling) |
| PERF-REQ-0003 | Availability | The gateway service should be available for use a certain percentage of the time, often expressed as a "five nines" (99.999%) availability requirement |
| PERF-REQ-0004 | Resilience | The gateway service should be able to recover quickly from failures and continue to function |
Security Requirements
| ReqID | Requirement | Description |
|---|---|---|
| SEC-REQ-0001 | Secure Communication | All communication between devices and servers must be encrypted to prevent interception. |
| SEC-REQ-0002 | Authentication | Firefighters must be authenticated before they can access the system to ensure that only authorized personnel have access. |
| SEC-REQ-0003 | Data Integrity | The system must ensure that data, such as incident reports or firefighter locations, is not tampered with. |
| SEC-REQ-0004 | Secure Data Storage | Customer data (e.g credentials, order history, payment details) must be stored in encrypted databases. |
| SEC-REQ-0005 | Password Recovery | User must be able to change their password at any given time and must receive an email notification when a password is changed. |
Accessability Requirements
| ReqID | Requirement | Description |
|---|---|---|
| ACC-REQ-0000 | Keyboard Accessibility | All functionality must be operable through a keyboard interface. |
| ACC-REQ-0002 | Text Alternatives | Provide text alternatives for any non-text content. |
| ACC-REQ-0003 | Time-based Media | Provide alternatives for time-based media, such as captions for videos. |
| ACC-REQ-0004 | Adaptable | Content must be presented in ways that can be perceived by all users, including those with disabilities. |
| ACC-REQ-0005 | HTML Validation | HTML must be validated through W3C's verification service |
| ACC-REQ-0005 | CSS Validation | CSS must be validated through W3C's verification service |
Quality Assurance
- Ensure all features work as expected
- Run tests and validate that all features work correctly
- Customer account features should be working as expected
- Pages should be displayed correctly
Preliminary Acceptance Tests
| AcceptanceTestId | Description | Feature |
|---|---|---|
| ACCTEST001 - Acceptance Test 1 | Verify login as new user | FEA135 |
| ACCTEST002 - Acceptance Test 2 | Ensure only authorized users can access the system | FEA135 |
| ACCTEST003 - Acceptance Test 3 | Verify login with correct password | FEA135 |
| ACCTEST003 - Acceptance Test 4 | Verify password recovery process | FEA132 |
| ACCTEST003 - Acceptance Test 5 | Ensure feedback can be sent and is received by store owner | FEA006 |
Software architecture, placement view, database description, and integrations
Software implementation requirements can be set for pre-defined technologies that must be followed in development. This situation often occurs when the software is related to a previously implemented solution
- Link to Software architecture
Deployment diagram
The placement view allows you to describe how different parts of the service work when it is running.
Integrations with other systems
The requirements definition is to describe the dependence of the service / product on other systems. Are there any parts of the service to be purchased from an external service provider. Examples are virtual machines, billing systems, control and other service production solutions.
- Link to Software architecture
General view of integrations as UML Deployment Diagram
OR
** Describing integration as a sequence diagram **
If necessary, events between systems can be described, for example, in the form of a sequence diagram.
Standards and sources
As part of the requirements definition, it is essential to identify important sources that are useful or relevant to the whole. Standards and pre-distributed guidelines are useful sources and as needed clarify the meaning of the requirements.
- General Data Protection Regulation (GDPR): This regulation protects privacy and gives individuals control over their personal data.
- ePrivacy Directive: This directive complements the GDPR and provides rules on confidentiality of communications and tracking technologies such as cookies.
- Directive on the legal protection of computer programs ('Software Directive'): This directive protects computer programs by means of copyright.
- Directive on the enforcement of intellectual property right ('IPRED'): This directive enforces intellectual property rights.
- Directive on the legal protection of databases ('Database Directive'): This directive protects databases.
- EU Cybersecurity Act: This act ensures safer hardware and software.
- Digital contract rules: These rules make it easier for consumers and businesses to buy and sell digital content, digital services, goods, and 'smart goods' in the EU.
Please note that these are just a few examples and the specific laws and rules may vary depending on the context and the specific needs of your software service. It's always a good idea to consult with a legal expert to ensure compliance with all relevant laws and regulations.