Requirement Specification


Document	Requirement Specification
Specification name	Req Spec for prestashop
Author:	Byte Me
Version:	1.1
Date:	21.2.2025

Introduction

Our project team is developing a PrestaShop-based online shop application as part of a structured software development process. The team is responsible for designing, implementing, and documenting the project to meet industry standards.

Client

Our clients are online store owners looking for a reliable and flexible e-commerce solution. These businesses vary from small independent sellers to larger retailers who need an efficient way to manage their inventory, sales, and customer interactions. Many of them may not have advanced technical expertise, so they require a user-friendly, scalable, and secure platform that minimizes technical overhead while maximizing customization potential.

About the author and project team

Our team consists mostly of second-year IT students at JAMK University of Applied Sciences. We have experience in basic project work related to software development, including requirement specification, coding, testing, and deployment. This project serves as an opportunity to deepen our understanding of e-commerce platforms, automation, security, and system integration while delivering a functional PrestaShop-based service.

Short description of service/solution

PrestaShop is an open-source e-commerce platform that allows businesses to create and manage online stores. It provides a flexible and highly customizable base that store owners can tailor to fit their specific needs. Our solution builds upon PrestaShop by offering managed hosting, additional security features, automation testing, business intelligence tools, and seamless integrations.

Business requirements / goals?

Our project is a PrestaShop-based e-commerce solution that provides a customizable and scalable online store platform for businesses. By building upon PrestaShop’s open-source framework, we deliver a fully managed hosting service with added security, automation, and analytics features. The service simplifies store setup, ensures a secure shopping experience, and integrates key business tools to help store owners efficiently manage their online presence. Key features include:

Secure service access for store owners and administrators.
Dockerized service production for consistent and scalable deployments.
User feedback service for collecting and managing customer reviews.
1st level support system to assist users with basic troubleshooting.
Feedback dialog integration with PrestaShop UI for seamless customer interactions.
Automatic conversion of feedback into GitLab issues for tracking and resolution.
Managed hosting for PrestaShop instances to ensure uptime and security.
API access for developers to integrate external services and automate tasks.
Integration of test automation into the CI/CD pipeline for improved software reliability.
Acceptance test automation to validate feature implementations before deployment.
Regression testing after bug fixes to maintain system stability.
Password recovery system for enhanced user account security.
Secure user login with authentication measures such as 2FA.
General feedback forms to collect customer insights and product ratings.
Shopping cart analysis to track and reduce abandoned purchases.
Real-time data analytics for monitoring sales trends and stock levels.
Automated testing for continuous verification of system functionality.

ReqID	Description
BUSINESS-REQ-0001	Registration as a new user should be easy for existing customers, as they make up 35% of our user base.
BUSINESS-REQ-0002	The service must provide secure access for store owners and administrators to protect sensitive business data.
BUSINESS-REQ-0003	Automated testing must be integrated into the CI/CD pipeline to ensure stability and prevent regressions.
BUSINESS-REQ-0004	The system must support customer feedback collection, as product ratings and reviews influence 70% of purchase decisions.
BUSINESS-REQ-0005	Store owners must be able to monitor stock levels and sales data in real-time, as 90% of business owners rely on live analytics for decision-making.
BUSINESS-REQ-0006	The platform must include shopping cart analysis to help reduce abandoned purchases and improve conversion rates.
BUSINESS-REQ-0007	The system must offer managed hosting and API integrations to allow businesses to scale without technical overhead.
BUSINESS-REQ-0008	Password recovery and secure login features must be implemented to reduce account lockouts and improve security.
BUSINESS-REQ-0009	The platform must provide automated reporting to help store owners track sales trends and business performance.

Stakeholder map

For our PrestaShop-based e-commerce solution, the following stakeholders are involved:

Primary Stakeholders (Directly Impacted) Store Owners (Merchants) – The primary users who set up and manage their online stores using our PrestaShop service. They need secure access, real-time sales tracking, and automated stock monitoring. Customers (Shoppers) – Individuals purchasing products from stores hosted on our platform. Their experience depends on smooth login, secure transactions, and feedback submission. Developers – Those customizing and integrating additional features via the API for external services and automation. Administrators (System Maintainers) – Responsible for managing platform security, updates, and overall performance.
Secondary Stakeholders (Indirectly Impacted) Third-Party Service Providers – Payment gateways, shipping companies, and external service integrations that require API access and managed hosting compatibility. Marketing & SEO Specialists – Businesses providing services to store owners to improve their online visibility through real-time analytics and insights. Investors/Sponsors – Any funding entities interested in platform growth and profitability, who rely on automated reporting and business intelligence tools.
Regulatory & Compliance Authorities Data Protection Agencies (e.g., GDPR, PCI DSS compliance) – Ensuring customer and store data security through secure authentication and encryption. Local Business Regulations – Compliance with tax laws, licensing, and e-commerce regulations, which impact payment processing and legal reporting.

Stakeholders and profiles

Stakeholder/Profile	Info / Link to Description	Motivation?
Store Owner 1	Small business owner	Needs an easy-to-use online store with automated stock monitoring & sales tracking.
Store Owner 2	Scaling e-commerce business	Wants API integrations, advanced analytics, and security compliance.
End User 1 (Customer)	Person 17-35 Years old	Prefers seamless checkout, product reviews, and shopping cart recovery tools.
End User 2 (Customer)	Person 36-45 Years old	Needs secure transactions, password recovery, and clear product feedback.
Admin User	Admin Profile	Supports store owners with security, compliance, and technical troubleshooting.
Developer	API Integrator	Requires well-documented API access for custom automation and integrations.
Marketing Specialist	SEO & Sales Growth Expert	Uses real-time data analytics and customer behavior tracking to improve store performance.

Customer story's as background information

During requirement gathering process it's a good practice to do some interviewing among possible service users and importanto stakeholders. Gathering some information of different users will help to understand how service should be designed to fit a purpose. This information is valuable to understand in how the person/stakeholder benefits of solution/service in future. This process could be written as a customer story.

Example of end use/customer story

Profile 1: Emma wakes up, grabs her phone, and logs into her PrestaShop store. She checks sales, sees a best-seller running low, and updates stock. A customer left a review—she replies. Someone abandoned a cart—she sends a discount code.

Later, an inventory alert pops up. She restocks and enables pre-orders. Everything runs smoothly thanks to automated reports, secure hosting, and easy management. Emma doesn’t stress—her shop just works.

end user profile 1 point of view

End user profile 1: Mark runs a small online sneaker shop. He wakes up, checks his PrestaShop dashboard, and sees a few new orders. A low-stock alert pops up—he restocks.

A customer left a four-star review, so Mark replies. Someone abandoned a cart—he sends a discount. The sales report suggests raising prices on a trending item. He tweaks it and logs off.

Customer need

ReqID	Description
CUSTOMER-REQ-0001	As a small store owneruser of solution I like a quick and user-friendly registration to get his shop online without technical struggles.
CUSTOMER-REQ-0002	As a big store owner user of solution I would like to net mega_massia from my store and not get mega_aidsia from using the service.

Customer Journey paths in Service/solution

Customer journey path as a jpg.

Preliminary User Storys

User Story ID	Description / Link to Issue
US1000	As a store owner, I want to generate a report of my sales and stock levels from the last month, so that I can track business performance.
US1001	As an administrator, I want to permanently delete old or inactive user accounts, so that the system remains clean and secure.
US1002	As a customer, I want to submit feedback about products via a simple form, so that I can share my opinions easily.
US1003	As a store owner, I want customer feedback to automatically create GitLab issues, so that I can track and resolve concerns efficiently.
US1004	As a user, I want to securely reset my password via email, so that I can regain access to my account if I forget my credentials.
US1005	As a developer, I want access to an API, so that I can integrate my own tools with the e-commerce platform.
US1006	As a store owner, I want an automated system to analyze abandoned shopping carts, so that I can improve my conversion rates.
US1007	As a store owner, I want to view real-time data analytics on my sales and stock, so that I can make informed business decisions.
US1008	As a user, I want a secure login system with 2FA, so that my account is protected against unauthorized access.
US1009	As a system, I need to run automated regression tests after every bug fix, so that stability is maintained.
US1010	As a store owner, I want my e-commerce platform to be hosted and maintained, so that I don’t have to manage infrastructure.

Selected Use Cases of service/solution

While a useruses the service there will be service-related interaction events. Most importatnt scenarios using the service/solution should be described somehow. One way to to define usage scenario is a Use Case description. Use Cases diagrams can be drawn using PlantUML scripts. UML Use Case description can be done as PlantUML description, but a more detailed use case requires a separate description document

It is useful to record all relevant use cases in one broader Use Case description because it allows you to view easier throughout the system. Attention! In the larger system as a whole, there may be several hundred different uses. A more detailed description of the use case in the training environment is provided using a use case-specific template file. For every use case an independent file is created.

Use Case	Domain
Use Case 1 - Place an Order	Customer - Making an order
Use Case 2 - Submit a Product Review	Customer - Submitting feedback
Use Case 3 - Login & Password Recovery	Customer - Secure login & password reset
Use Case 4 - Check & Modify Orders	Admin - Managing orders
Use Case 5 - View Sales Reports	Admin - Sales & performance reports
Use Case 6 - Delete Inactive Accounts	Store Owner - Account management
Use Case 7 - Manage Security Settings	Store Owner - Security & access control
Use Case 8 - Monitor Stock Levels	Store Owner - Inventory management
Use Case 9 - Analyze Shopping Cart Abandonment	Store Owner - Customer behavior tracking
Use Case 10 - Enable Customer Feedback Forms	Store Owner - Feedback collection
Use Case 11 - Access API for Integrations	Developer - API & system integrations
Use Case 12 - Run Automated Regression Tests	System - Ensuring stability after updates

Preliminary MockUp-prototype layouts for solution/service

Password recovery UI mockup

Below is the mockup for the password recovery ui. The mockup aligns with the following feature:

Feature 132 - Password Recovery

System requirements

The PrestaShop Enhancements system is designed to be scalable, reliable, and secure, ensuring seamless operation for online store owners. The service will be deployed as a SaaS (Software as a Service) solution, leveraging cloud infrastructure for high availability and performance. Security and compliance with GDPR and PCI DSS are prioritized, with encryption and access controls in place to protect customer data. Automated backups and failover mechanisms ensure business continuity.

To maintain optimal performance, the system must support dynamic scaling, with a target page load time of under 2 seconds and an API response time below 200ms. A redundant architecture (N+1) prevents single points of failure, and Docker-based deployments guarantee consistency across environments.

RequirementsID	Description
SYSTEM-HW-REQ-0002	The main services must be at least duplicated N + 1
SYSTEM-HW-REQ-0003	Server memory capacity> 16GB
SYSTEM-HW-REQ-0004	Intel / AMD x64 processor
SYSTEM-HW-REQ-0005	Cloud storage must have automated backup retention
SYSTEM-HW-REQ-0006	The system must support Docker-based deployments for consistency

Constraints and standards that affect on service design

The implementation and use of software/services are often governed by laws, regulations, and industry standards. These constraints shape how the system is designed, developed, and maintained. It’s crucial to identify these early, as they significantly impact the system's security, compliance, and long-term viability. Some key legal and regulatory constraints include:

ReqId	Description
CONSTRAINT-REQ-S00000	The service login process must follow XYZ policies [Login ft1] (bottoms / bottom property.md)
CONSTRAINT-REQ-S00002	The system must comply with GDPR, ensuring user data is encrypted and stored securely.
CONSTRAINT-REQ-S00003	The system must log and archive access records for 12 months for security auditing.

Service primay features and functionalities

The PrestaShop Enhancements service introduces new features to improve store management, performance, and user experience. It enables seamless third-party integrations, automated workflows, and enhanced security while ensuring scalability and reliability. As development progresses, additional functionalities will be refined and expanded to meet evolving business needs.

Functions
- The user can create account
- The customer can give feedback
- The Test is automated
- The business can monitor sales
Functions
- The user can create an account.
- The customer can submit feedback and rate products.
- The test is automated within the CI/CD pipeline.
- The business can monitor sales, stock levels, and customer behavior.
- The store owner can analyze shopping cart abandonment trends.
- The administrator can delete inactive accounts and manage security settings.
- The developer can integrate third-party services via API access.
- The system can automatically generate business reports for performance tracking.

It is worth noting that some of the functional requirements are in practice essential functions, i.e. they can be "upgraded" to features. As an example, the Online Banking service has the essential function "payment from account", which is an important feature of the service in practice. Over here there are a number of other smaller and more specific functional requirements associated with functionality If you are asked what the service / software can do, try to identify the most important functions! They are quite certainly essential features. Think about what functions you can do, for example, on the online banking page? What are the most important functions you use most often? Is it worth considering at the definition stage whether all the features are necessary? You should try to group the key features first. The features can be specified by functional requirements, which are called expand the feature description. In practice, the features are larger entities that make up the entire service / software. The Finnish word feature may be a bit misleading, because often when presenting products, the aim is to emphasize its "information security" as a feature of the product. This is not to say that this is one feature of the product software but a general "design philosophy." The product may contain features that allow it to be called secure.

Priorization of essential features / functions:

P1 = Mandatory
P3 = Required
P5 = Nice to have

Feature	Priority
Feature 002 - Secure Service Access	P1
Feature 003 - Dockerized Service Production	P1
Feature 006 - User feedback service	P1
Feature 007 - 1st level support	P1
Feature 008 - Feedback dialog integration with PrestaShop UI	P1
Feature 009 - Feedback as Gitlab Issued	P1
Feature 031 - Provide managed hosting for PrestaShop instances	P1
Feature 032 - Provide API access for developers to integrate with other services	P3
Feature 063 - Integrate test automation into the CI/CD pipeline	P3
Feature 067 - Acceptance test automation	P1
Feature 086 - Regression testing after bug fixes	P1
Feature 132 - Password recovery	P3
Feature 135 - Secure user login	P3
Feature 178 - General Feedback Forms	P1
Feature 182 - Shopping cart analysis	P5
Feature 183 - Real-Time data analyitcs	P3
Feature 217 - Automated testing	P3

Functional requirements of the service

The PrestaShop Enhancements service introduces essential functionalities to improve store operations, security, and scalability. It ensures seamless order processing, payment handling, and customer management, while supporting third-party integrations and automated features. Each functional requirement is defined separately to ensure clarity and traceability.

ReqID	Description	Affected feature?
FUNC-REQ-C0001	Users must be able to log in securely using email & password authentication.	Feature 135 - Secure User Login
FUNC-REQ-C0002	Users must have the ability to recover their password via email reset.	Feature 132 - Password Recovery
FUNC-REQ-C0003	Users can submit feedback via a form in the UI.	Feature 178 - General Feedback Forms
FUNC-REQ-C0004	Store owners can view and analyze customer feedback directly in PrestaShop.	Feature 008 - Feedback Dialog Integration
FUNC-REQ-C0005	Customer feedback submissions.	Feature 009 - Feedback as GitLab Issues
FUNC-REQ-C0006	The system must provide managed hosting with automatic scaling.	Feature 031 - Provide Managed Hosting
FUNC-REQ-C0007	Developers must be able to access APIs for external integrations.	Feature 032 - Provide API Access
FUNC-REQ-C0008	CI/CD pipeline must include automated integration tests.	Feature 063 - Integrate Test Automation
FUNC-REQ-C0009	CI/CD pipeline must include automated acceptance tests.	Feature 067 - Acceptance Test Automation
FUNC-REQ-C0010	System must perform regression testing after bug fixes.	Feature 086 - Regression Testing
FUNC-REQ-C0011	The platform must analyze customer shopping cart abandonment.	Feature 182 - Shopping Cart Analysis
FUNC-REQ-C0012	Real-time sales & stock data must be available for store owners.	Feature 183 - Real-Time Data Analytics
FUNC-REQ-C0013	Users must have secure access to their accounts with role-based permissions.	Feature 002 - Secure Service Access
FUNC-REQ-C0014	The system must support Dockerized production environments.	Feature 003 - Dockerized Service Production
FUNC-REQ-C0015	Automated test cases must run before every deployment.	Feature 217 - Automated Testing

Software / service non-functional requirements

What were the non-functional requirements? You can present the different requirements in a separate table or refer here to [one] (bases / baseline requirements list.md) larger table. [Non-Functional Requirements] (https://en.wikipedia.org/wiki/Non-functional_requirement) includes a wide range of different perspectives on a software purchase product. The main author from a perspective are: Performance, usability, security, and maintainability You can present the different requirements in a separate table or refer here to [one] (bases / baseline requirements list.md) larger table. How well does the service / component or other part of the service perform during the load? What are the bottlenecks. What requirements should the service be able to meet?

Performance Requirements

Performance requirements in a software service context define how well the software system accomplishes certain functions under specific conditions1

ReqID	Requirement	Description
PERF-REQ-0000	Response Time	The gateway service should respond to requests within a specified time frame under normal load conditions
PERF-REQ-0001	Throughput	The gateway service should be able to handle a certain number of requests per second without degradation of performance
PERF-REQ-0002	Scalability	The gateway service should be able to scale up to handle increased load, either by adding more resources (vertical scaling) or by distributing the load across multiple instances (horizontal scaling)
PERF-REQ-0003	Availability	The gateway service should be available for use a certain percentage of the time, often expressed as a "five nines" (99.999%) availability requirement
PERF-REQ-0004	Resilience	The gateway service should be able to recover quickly from failures and continue to function

Security Requirements

Security requirements in a software product refer to the standards and specifications that the product must meet to ensure its security. These requirements are often guided by laws and regulations.

ReqID	Requirement	Description
SEC-REQ-0001	Secure Communication	All communication between client and server is decrypted.
SEC-REQ-0002	Authentication	Users must be authenticated before they can access the system to ensure that only authorized personnel have access.
SEC-REQ-003	Data Integrity	The system must ensure that data is not tampered with.

Accessability Requirements

Accessibility requirements refer to the standards and specifications that a product, service, or environment must meet to be usable by as many people as possible, including those with disabilities. These requirements are often guided by laws and regulations.

ReqID	Requirement	Description
ACC-REQ-0000	Keyboard Accessibility	All functionality must be operable through a keyboard interface.
ACC-REQ-0002	Text Alternatives	Provide text alternatives for any non-text content.
ACC-REQ-0003	Time-based Media	Provide alternatives for time-based media, such as captions for videos.
ACC-REQ-0004	Adaptable	Content must be presented in ways that can be perceived by all users, including those with disabilities.

These

Quality Assurance

What issues need to be considered for product quality assurance point of view ?.

Link to Master Test Plan

Preliminary Acceptance Tests

Acceptance tests generally focus on the customer / end-user perspective. The aim is to validate, ie to validate whether the product meets the customer's wishes and whether it meets the set requirements. Acceptance tests can be used to determine whether a product is also sufficiently high-performance, usable, or secure for customer use.

AcceptanceTestId	Description	Feature
ACCTEST001 - Acceptance Test 1	eg. Verify login as new user	Feature X
ACCTEST002 - Acceptance Test 2	eg. Verify remove of personal data	Feature Y
ACCTEST003 - Acceptance Test 3	eg. Verify login with correct password	Feature Z

Software architecture, placement view, database description, and integrations

Software implementation requirements can be set for pre-defined technologies that must be followed in development. This situation often occurs when the software is related to a previously implemented solution

Link to Software architecture

Deployment diagram

The placement view allows you to describe how different parts of the service work when it is running.

Integrations with other systems

The requirements definition is to describe the dependence of the service / product on other systems. Are there any parts of the service to be purchased from an external service provider. Examples are virtual machines, billing systems, control and other service production solutions.

Link to Software architecture

General view of integrations as UML Deployment Diagram

OR

** Describing integration as a sequence diagram **

If necessary, events between systems can be described, for example, in the form of a sequence diagram.

Standards and sources

As part of the requirements definition, it is essential to identify important sources that are useful or relevant to the whole. Standards and pre-distributed guidelines are useful sources and as needed clarify the meaning of the requirements.

General Data Protection Regulation (GDPR): This regulation protects privacy and gives individuals control over their personal data.
ePrivacy Directive: This directive complements the GDPR and provides rules on confidentiality of communications and tracking technologies such as cookies.
Directive on the legal protection of computer programs ('Software Directive'): This directive protects computer programs by means of copyright.
Directive on the enforcement of intellectual property right ('IPRED'): This directive enforces intellectual property rights.
Directive on the legal protection of databases ('Database Directive'): This directive protects databases.
EU Cybersecurity Act: This act ensures safer hardware and software.
Digital contract rules: These rules make it easier for consumers and businesses to buy and sell digital content, digital services, goods, and 'smart goods' in the EU.

Please note that these are just a few examples and the specific laws and rules may vary depending on the context and the specific needs of your software service. It's always a good idea to consult with a legal expert to ensure compliance with all relevant laws and regulations.