Requirement Specification
| Document | Requirement Specification |
| Specification name | Req Spec for service PrestaShop |
| Author: | AF0334 |
| Version: | 0.1 |
| Date: | 24-1-2025 |
Introduction
This is the requirement specification document for Team Fearless' project. The project is part of the FutureFactory course, which consists of designing, developing and maintaining an e-commerce platform known as PrestaShop. PrestaShop is a service to be used as a base, which clients will be able to customize to fit their needs as an online store.
The purpose of the project is to establish PrestaShop as a service with select features and to conduct necessary bug fixes to the preliminary code, so that the service runs as smoothly as possible and fits the product owner's, as well as the stakeholders' needs.
Client
The client is the product owner, though all stakeholders should be taken into account in the requirement specification and product deliverance.
About the author and project team
The project team is FutureFactory's team 10, known as Team Fearless. The team consists of six members, with roles including a team leader, developers, service operator, and tester. The team was formed with great effort and consideration by coach and scrum master Narsuman.
Short description of service/solution
PrestaShop is an e-commerce platform meant for business owners and other potential clients to be able to easily set up an online store. While the primary client base of PrestaShop consists of entrepreneurs and business owners, it is important to take into account the clients' clients in the development of the service.
Stakeholders will benefit from being able to easily set up their online store with PrestaShop service, allowing their business to run smoothly and effortlessly. The clients of PrestaShop users will benefit from an easy and smooth shopping experience, powered by the features offered in the product.
Business requirements / goals
PrestaShop as a service simplifies the setup and management of an e-commerce platform, helping clients save money by not having to outsource the development. The existing features of the service allow for a smooth setup, that the client can easily customize on their own.
| ReqID | Description |
|---|---|
| BR001 | Implement user-friendly interface and design an intuitive and seamless registration and login process that minimizes friction for users |
| BR002 | Ensure that only authorized users can access the system |
| BR003 | Ensure the balance between security and user experience, which are critical for a successful registration and login system |
| BR004 | Ensure that bug fixes are handled efficiently and effectively, preserving the overall quality and performance of the system |
| BR010 | Minimize the risk of data breaches and unauthorized access to sensitive information |
| BR011 | Maintain a secure and reliable operating environment for all users |
| BR012 | Improve user trust and confidence in the system's security |
| BR031 | Ensure the reliability and availability of customer PrestaShop instances with minimal downtime |
| BR033 | Enable seamless integration of PrestaShop instances with other business applications and services |
| BR061 | Ensure comprehensive testing of all user interfaces (front- and back-end) |
| BR063 | Integrate testing into the CI/CD pipeline |
| BR064 | Generate clear and consise test reports with detailed results and metrics |
Stakeholder map
Stakeholders and profiles
| Stakeholde/profile | Info / Link to description |
|---|---|
| Coach | Marko Rintamäki |
| Product Owner | Hanh Nguyen |
| Mentor | Mentors |
| Team Leader | Joona Pankkonen |
| End User 1 | Iiro Rosendahl |
| End User 2 | Annukka Rosendahl |
| Partner | Partners |
| Investor | Olli Santala |
| Customer | Sampsa Piili |
Customer journey path as PlantUML Statemachine -diagram
Preliminary User Storys
| User Story ID | Description / link to issue |
|---|---|
| US131 | #131 As a new end user, I want a straightforward and quick registration process, so I can start shopping as soon as possible |
| US133 | #133 As an end user, if I forget my password, I want to easily recover or reset it, so I can access my account |
| US011 | #011 As a user, I want to be confident that my data is protected from unauthorized access, so that I can trust the system. |
| US046 | #046 As a test engineer, I would like to access control systems to generate various testing scenarios, where each test user has different roles and permissions, to validate the system's access control. |
System requirements
These are some of the requirements for an e-commerce platform.
| RequirementsID | Description |
|---|---|
| SYSTEM-HW-REQ-0002 | Availability, SLA: Target uptime of 99.9% |
| SYSTEM-HW-REQ-0003 | Storage: Minimum 10GB disk space, expandable based on catalog size |
| SYSTEM-HW-REQ-0004 | RAM Requirement: Minimum 2GB |
| SYSTEM-HW-REQ-0005 | Security: SSL/TLS encryption, GDPR compliance, and regular security patches |
| SYSTEM-HW-REQ-0006 | Backup Policy: Automated daily backups, full backup weekly, stored for at least 7 days |
| SYSTEM-HW-REQ-0007 | Service Model: Hosted as a SaaS solution on cloud or self-hosted on a VPS |
| SYSTEM-HW-REQ-0008 | Database: MySQL 5.7+ |
| SYSTEM-HW-REQ-0008 | PHP Version: PHP 7.4 or 8.0+ |
Constraints and standards that affect on service design
Some general constraints and standards to keep in mind when working with any platform.
| ReqId | Description |
|---|---|
| CONSTRAINT-REQ-S00001 | GDPR Compliance: Ensure customer data is processed according to the EU GDPR, including consent management, data access requests, and the right to be forgotten. |
| CONSTRAINT-REQ-S00002 | PCI-DSS Compliance: If handling payments directly, comply with Payment Card Industry Data Security Standards (PCI-DSS) to secure transactions. Alternatively, use a PCI-compliant payment gateway like PayPal, Stripe, or Authorize.Net. Works together with GDPR, |
| CONSTRAINT-REQ-S00003 | WCAG: Ensure the platform meets WCAG 2.1 accessibility guidelines for users with disabilities. |
| CONSTRAINT-REQ-S00004 | Copyright & Intellectual Property: Ensure no copyrighted content (images, descriptions, trademarks) is used without permission. |
Service primay features and functionalities
Priorization of essential features
- P1 = Mandatory
- P3 = Required
- P5 = Nice to have
| Feature | Priority |
|---|---|
| FEA002 | P1 |
| FEA003 | P3 |
| FEA0010 | P4 |
| FEA011 | P3 |
| FEA031 | P3 |
| FEA032 | P4 |
| FEA132 | P3 |
| FEA135 | P1 |
| FEA141 | P4 |
| FEA149 | P4 |
| FEA192 | P3 |
| FEA193 | P3 |
| FEA210 | P3 |
| FEA212 | P3 |
| FEA081 | P3 |
| FEA087 | P3 |
| FEA023 | P3 |
| FEA083 | P3 |
Functional requirements of the service
| ReqID | Description | Affected feature |
|---|---|---|
| FUNC-REQ-C0001 | Users able to connect securely using https | FEA002 |
| FUNC-REQ-C0002 | Service can be run with docker | FEA003 |
| FUNC-REQ-C0003 | Scanning tool to find vulnerabilities | FEA0010 |
| FUNC-REQ-C0004 | Access controls implemented to restrict access to data | FEA011 |
| FUNC-REQ-C0005 | Analytics and reporting available on store's performance | FEA031 |
| FUNC-REQ-C0006 | API available for extra functionalities | FEA032 |
| FUNC-REQ-C0007 | Password can be recovered | FEA132 |
| FUNC-REQ-C0008 | Backups stored in a chosen location | FEA141 |
| FUNC-REQ-C0009 | Data can be recovered in case of data loss | FEA149 |
| FUNC-REQ-C0010 | Users can pay with popular payment methods(eg. PayPal) | FEA192 |
| FUNC-REQ-C0011 | checkout works seamlessly so mobile users can use it too | FEA193 |
| FUNC-REQ-C0012 | Service can be quickly set up with docker | FEA210 |
| FUNC-REQ-C0013 | Docker contains frontend tools | FEA212 |
| FUNC-REQ-C0014 | Version control system in use | FEA081 |
Software / service non-functional requirements
| REQID | Category | Description |
|---|---|---|
| NFR-001 | Performance | The platform must support at least 100 concurrent users without performance degradation. |
| NFR-002 | Performance | Page load time should be under 2 seconds for 90% of users. |
| NFR-003 | Performance | The system must handle a minimum of 500 transactions per hour during peak sales periods. |
| NFR-004 | Performance | Implement caching to improve response times. |
| NFR-005 | Usability | The platform should follow WCAG 2.1 accessibility standards for all users. |
| NFR-006 | Usability | The admin panel must be user-friendly, with a dashboard for order and stock management. |
| NFR-007 | Usability | The checkout process must be completed within 3 steps to ensure a smooth user experience. |
| NFR-008 | Security | All customer and payment data must be encrypted using SSL/TLS. |
| NFR-009 | Security | The system should support two-factor authentication (2FA) for admin accounts. |
| NFR-010 | Security | Passwords must be hashed and stored securely |
| NFR-011 | Maintainability | The platform should support automated backups and allow for quick restoration within 30 minutes. |
| NFR-012 | Maintainability | The system should have logging and monitoring tools to detect errors and downtime. |
| NFR-013 | Maintainability | The software should support automatic or manual software updates without breaking functionality. |
Performance Requirements
Performance requirements in a software service context define how well the software system accomplishes certain functions under specific conditions1
| Requirement ID | Description |
|---|---|
| PR-001 | The platform must support at least 100 concurrent users without performance degradation. |
| PR-002 | Page load time should be under 2 seconds for 90% of users. |
| PR-003 | The system must handle a minimum of 500 transactions per hour during peak sales periods. |
| PR-004 | The database should support up to 10,000 products with minimal impact on query speed. |
| PR-005 | The checkout process must be completed within 3–5 seconds after user submission. |
| PR-006 | The system should maintain 99.9% uptime, with planned maintenance limited to off-peak hours. |
| PR-007 | Caching mechanisms must be implemented to improve response times. |
| PR-008 | The platform must support CDN integration to optimize loading speed for international users. |
| PR-009 | The API response time for third-party integrations (e.g., payment gateways) should be under 1 second. |
| PR-010 | Backup and restore operations must be completed within 30 minutes to minimize downtime. |
Security Requirements
Security requirements in a software product refer to the standards and specifications that the product must meet to ensure its security. These requirements are often guided by laws and regulations.
| ReqID | Requirement | Description |
|---|---|---|
| SEC-REQ-001 | GDPR Compliance | Ensure data protection and privacy by following the General Data Protection Regulation. |
| SEC-REQ-002 | SSL Certificate | Encrypts data transmitted between the website and users to ensure privacy and security. |
| SEC-REQ-003 | Secure Payment Gateways | Use PCI DSS-compliant payment gateways to ensure secure processing of payment transactions. |
| SEC-REQ-004 | Access Control | Limit access to sensitive areas and use IP whitelisting to restrict access to trusted IP addresses. |
| SEC-REQ-005 | Backup and Recovery | Regularly back up data and have a recovery plan in place for data loss or security breaches. |
| SEC-REQ-006 | Data Minimization | Collect only the data necessary for the intended purpose and avoid excessive data collection. |
Accessability Requirements
Accessibility requirements refer to the standards and specifications that a product, service, or environment must meet to be usable by as many people as possible, including those with disabilities. These requirements are often guided by laws and regulations.
| ReqID | Requirement | Description |
|---|---|---|
| ACC-REQ-001 | Keyboard Accessibility | All functionality must be operable through a keyboard interface. |
| ACC-REQ-002 | Text Alternatives | Provide text alternatives for any non-text content. |
| ACC-REQ-003 | Time-based Media | Provide alternatives for time-based media, such as captions for videos. |
| ACC-REQ-004 | Adaptable | Content must be presented in ways that can be perceived by all users, including those with disabilities. |
| ACC-REQ-005 | Understandable Information | Provide clear, simple, and consistent information and instructions to make content easily understandable. |
| ACC-REQ-006 | Contrast Ratio | Maintain a sufficient contrast ratio between text and background colors to enhance readability. |
| ACC-REQ-007 | Consistent Layout | Use a consistent layout and design throughout the website to help users predict and understand navigation. |
Quality Assurance
> What issues need to be considered for product quality assurance point of view ?.> -->- Link to Master Test Plan
Preliminary Acceptance Tests
Acceptance tests generally focus on the customer / end-user perspective. The aim is to validate, ie to validate whether the product meets the customer's wishes and whether it meets the set requirements. Acceptance tests can be used to determine whether a product is also sufficiently high-performance, usable, or secure for customer use.
| AcceptanceTestId | Description | Feature |
|---|---|---|
| ACCTEST001 - Acceptance Test 1 | EXAMPLE (Work In Progress) | Example Feature X |
Software architecture, placement view, database description, and integrations
Software implementation requirements can be set for pre-defined technologies that must be followed in development. This situation often occurs when the software is related to a previously implemented solution
- Link to Software architecture
Deployment diagram
The placement view allows you to describe how different parts of the service work when it is running.
Integrations with other systems
General view of integrations as UML Deployment Diagram
Standards and sources
As part of the requirements definition, it is essential to identify important sources that are useful or relevant to the whole. Standards and pre-distributed guidelines are useful sources and as needed clarify the meaning of the requirements.
- General Data Protection Regulation (GDPR): This regulation protects privacy and gives individuals control over their personal data.
- ePrivacy Directive: This directive complements the GDPR and provides rules on confidentiality of communications and tracking technologies such as cookies.
- Directive on the legal protection of computer programs ('Software Directive'): This directive protects computer programs by means of copyright.
- Directive on the enforcement of intellectual property right ('IPRED'): This directive enforces intellectual property rights.
- Directive on the legal protection of databases ('Database Directive'): This directive protects databases.
- EU Cybersecurity Act: This act ensures safer hardware and software.
- Digital contract rules: These rules make it easier for consumers and businesses to buy and sell digital content, digital services, goods, and 'smart goods' in the EU.