← Back to Overview

FriendChise — Full Case Study

The deep dive: personas, user flows, multi-tenant architecture, RBAC matrix, design decisions, and the V1 testing report.

Figma Design DB Schema View Code

Jump to Section

What's Live in V1 Why V1 Is Heavyinfrastructure-first rationale V2 Visiontools, posts, comments Design & ArchitectureFigma + DB Schema User Personas7 personas User Stories34 stories Key FeaturesMoSCoW priority User Flows9 flows Multi-Tenant Architecture Timetable System Permission Matrix Architecture Decisions Data Model REST API Roadmap Testing & QA
7
User Personas
34
User Stories
36
Features (MoSCoW)
9
User Flows
19
Prisma Models
6
Permission Types
1
Real-World Pilot
Problem Breakdown
ProblemImpact
Uneven task distributionBurnout, breakdowns during 12-hour shifts, workers overloaded while others never learn key tasks
Poor / no trainingWorkers feel clueless for months. Managers blame workers when the real issue is lack of structure
Knowledge stays trappedBetter methods exist at other locations but no one ever finds out
Recipes are inconsistentDifferent locations make things differently — quality varies, customers notice
New franchisees make avoidable mistakesBad habits from day one — can ruin reputation before the business even starts
Conflict between franchisor & franchiseeStruggling franchisees don't trust top-down advice. They trust living proof more
Mass hiring with no structureRidiculously high expenses at launch with no return — most hires aren't set up to succeed
What's Live in V1

These features are deployed and functional at friend-chise.vercel.app:

  • Google OAuth Sign-In — Auth.js v5 with JWT sessions and httpOnly cookies
  • Create Organization — multi-tenant org creation with owner role auto-assigned
  • Role & Permission System — custom roles with 6 permission types, two defaults (Owner, Default Member)
  • Task Library — CRUD for tasks with name, duration, start time, color, and role eligibility
  • Timetable — weekly/daily calendar views with role filtering, status tracking (TODO → IN_PROGRESS → DONE), and entry management
  • Timetable Templates — create reusable weekly schedules and apply them to any date range with frozen task snapshots
  • Member Management — invite by email, accept/decline flow, role assignment, member profile editing
  • Notification System — invite notifications with seen/unread tracking and notification panel
  • Franchise System — generate franchise tokens, link child orgs to parent brands, transfer ownership
  • RBAC Route Guards — server-side permission checks on all sensitive routes and server actions
  • Organization Settings — name, address, operating days, open/close times, timezone
  • Responsive Design — mobile sidebar, collapsible navigation, touch-friendly interactions
  • Drag-and-Drop Template Editor — visual schedule builder over org operating hours with task assignment
  • Franchise Cloning — joining a franchise auto-clones all roles, tasks, and timetable settings from the parent org
  • Dynamic Breadcrumbs — async server component resolves dynamic route IDs to human-readable names via Prisma
  • Role Security — three-layer owner role guard plus cross-tenant task ID validation in transactions
  • Production / Demo Data Isolation — the public demo and the Walker's pilot run on separate Supabase databases, OAuth clients, and auth secrets
Why V1 Is Infrastructure-Heavy

The app is being trialled at a real franchise from V1 — which meant multi-tenant isolation, RBAC, and franchise hierarchy had to ship before any worker-facing features. Tasks contain proprietary recipes that only certain roles should see. Permissions couldn't be bolted on later; they had to exist before the first real worker ever logged in.

V1 looks like an “admin panel” because the worker-facing flow is intentionally V2 territory. Shipping the platform first — with the full permission model, franchise hierarchy, and invite system in place — lets V2 focus purely on product, not plumbing.

V1.5 (next milestone) adds rate limiting and security hardening before V2 work begins. No worker-facing features ship to a real shop without those guardrails in place.

What's Coming in V2

V2 is the actual product the platform was built to enable.

Tasks Become Rich, Composable Work Units

Each task gets tabs — configurable per task — and pluggable “tools”: calculators, recipes, media, and more. Workers click a task and see exactly what they need, in the order that makes sense for that job.

The Conversion Tool — First V2 Feature to Ship

You're making custard for 200 doughnuts. The tool tells you: 5L milk, 10L thick cream, 1.25L custard powder. Edit one number, everything scales. This is the first pluggable tool and the clearest demonstration of what “task as work unit” actually means.

More V2 Changes

  • Task detail page becomes orderable — item cards, recipe steps, embedded images and videos.
  • Task types — the schema gains a kind field (recipe, chore, daily task, etc.) so the UI can render each type appropriately.
  • Posts and comments layer — announcements and trending tasks become a feed. Comments on tasks and posts have up/down votes.

V1 made the platform safe for a real shop. V2 is what the platform was built to enable.

Design & Architecture

UI Wireframes

Component layouts and page structures were designed in Figma before implementation. Wireframes cover timetable views, task management, member management, settings panels, and mobile responsive layouts.

View Figma Wireframes →

Database Schema

19 Prisma models across PostgreSQL (Supabase) covering users, organizations, memberships, roles, permissions, tasks, timetable entries, templates, template entries, notifications, and franchise relationships.

View Database Diagram →

User Personas

Frank — The Franchisor

Age 52 · Brand Owner · 30+ locations

Built his donut brand from scratch 15 years ago. Knows the business inside out but can't be everywhere at once. Wants to maintain consistent quality, share official procedures, and identify struggling franchisees early.

Frustration: Some locations are damaging the brand reputation. He shares advice but franchisees don't always trust top-down instructions.

Nina — The New Franchisee

Age 29 · First-time Owner · Just hired 8 workers

Invested her savings into her first franchise. No food industry experience. Overwhelmed — flipping through 50+ paper recipes, doesn't know what tasks to prioritize.

How FriendChise helps: Inherits Frank's default tasks automatically. Watches video tutorials on each task. Timetable templates structure her entire week from day one.

Derek — The Struggling Franchisee

Age 41 · Declining Location · 2 years in

Started strong but has been declining steadily. Doesn't trust top-down advice from the franchisor — feels disconnected from his reality.

How FriendChise helps: Compares his task times to successful locations. Gets peer feedback from franchisees going through similar challenges.

Sarah — The Succeeding Franchisee

Age 35 · Top 5 for 3 years · Wants to help others

Figured out efficient systems, happy workers, customers love her store. Has great methods but no platform to share them.

How FriendChise helps: Posts videos, tips, and comments under tasks. Shares her cycle setup. Upvote system recognizes her contributions.

Marcus — The New Worker

Age 22 · First job · Hired at Nina's location

Showed up on day one and nobody told him what to do. Eager to learn but feels lost and anxious.

How FriendChise helps: Sees daily tasks clearly on his phone with role-based visibility. Clicks any task for step-by-step instructions and videos.

Jay — The Shift Lead

Age 27 · 3 years experience · Derek's location

Knows every task inside out, trains most new hires. Stretched thin — basically running the floor while expected to teach everyone.

How FriendChise helps: Timetable templates take pressure off manual scheduling. New workers self-learn through task videos.

Rico — The Field Auditor

Age 38 · Former top-performer · Travels between locations

Hired by the franchisor to audit operations. Franchisees see him as a spy, not a helper. Locations hide problems when he visits.

How FriendChise helps: Views performance data remotely. Points franchisees to community-proven posts instead of arguing his own opinion.

User Stories (34 Total)
New Franchisee (3 stories)

As a new franchisee, I want to see video tutorials attached to each task so that I can learn how to do things properly without relying on someone to teach me in person.

As a new franchisee, I want to see major warnings and key points on each task so that I know what to watch out for before I start.

As a new franchisee, I want to inherit the franchisor's default tasks automatically so that I have a structured starting point from day one.

Struggling Franchisee (4 stories)

As a struggling franchisee, I want to see how top-performing locations handle the same tasks so that I can identify what I'm doing wrong.

As a struggling franchisee, I want to compare task durations — expected vs actual — so that I can spot inefficiencies.

As a struggling franchisee, I want to see factors that contribute to success so that I know what to focus on improving.

As a struggling franchisee, I want feedback from other franchisees, not just the franchisor, so that I can learn from people going through the same challenges.

Worker (4 stories)

As a worker, I want to see my assigned tasks for the week in a clear schedule so that I know exactly what I'm responsible for each day.

As a worker, I want to search for recipes quickly so that I don't have to dig through piles of paper.

As a worker, I want tasks to be evenly distributed so that I'm not burnt out doing more than everyone else.

As a worker, I want a checklist or standard for each task so that the person before me doesn't leave a mess for me to clean up.

New Worker (4 stories)

As a new worker, I want to see exactly what tasks I need to do today so that I'm not confused on my first day.

As a new worker, I want to see what a full week of work looks like so that I can mentally prepare and feel confident.

As a new worker, I want to be eased into tasks gradually so that I can learn at a steady pace without being overwhelmed.

As a new worker, I want step-by-step details on how to execute each task so that I build good habits from the start.

Franchisor (5 stories)

As a franchisor, I want to flag posts as urgent or official so that franchisees know which procedures are mandatory.

As a franchisor, I want to create a default set of tasks that all franchisees must follow so that every location maintains the same standard.

As a franchisor, I want to discover better methods from franchisees and share them across all locations.

As a franchisor, I want to share recipes with role-based permissions so that only authorized people can view secret recipes.

As a franchisor, I want to see the performance/status of each franchisee so that I can identify who needs help.

Succeeding Franchisee (3 stories)

As a succeeding franchisee, I want to share my knowledge and methods so that the overall franchise reputation improves.

As a succeeding franchisee, I want to be rewarded for contributing so that I'm motivated to keep sharing.

As a succeeding franchisee, I want to share my task cycle setup so that others can learn from my scheduling approach.

Forum, Cycle Management & Roles (11 stories)

As a franchise member, I want to post tips, videos, and comments under any task or recipe so that I can share my knowledge — based on my permission role.

As a franchise member, I want to upvote/downvote posts so that the best methods naturally rise to the top.

As a franchise member, I want to search the forum so that I can quickly find information on a specific topic.

As a manager, I want to manually adjust the task cycle if needed so that I can handle edge cases like someone calling in sick.

As a manager, I want to auto-generate an optimal task cycle when I'm unsure how to distribute tasks.

As a manager, I want to see which tasks have been completed so that I can track progress and hold workers accountable.

As a franchisee owner, I want to create custom ranks with custom names (e.g., “Head Baker”, “Shift Lead”).

As a franchisee owner, I want to assign permissions to each rank so that I control who can do what.

As a franchisee owner, I want two default ranks — Worker and Owner — so that new members are assigned the basic role automatically.

As someone with a management permission, I want to assign and manage permission roles for others so I can delegate.

As a worker, I want to check off tasks on my phone as I complete them so that everyone knows what's done.

Key Features (MoSCoW Prioritized)

Must Have

MUST PLANNED

Smart Task Cycle Generator

Auto-distributes tasks evenly across workers. 4 workers + 1 task every 2 days = 8-day cycle where everyone does it once.

MUST LIVE IN V1

Role & Permission System

Custom ranks with assignable permissions. Two defaults: Worker and Owner. Management role holders can assign permissions to others.

MUST PLANNED

Parent → Child Task Inheritance

Franchisor defines default tasks all franchisees inherit. Franchisees can add their own local tasks on top.

MUST PLANNED

Task-Linked Forum

Every task and recipe is also a forum topic. Comments and upvotes/downvotes surface the best methods.

MUST LIVE IN V1

Worker Daily/Weekly Timetable

Assigned tasks visible on any device. Filter the overall mixed timetable to "My Tasks Today." Calendar (week/day) and simple list modes.

MUST PLANNED

Recipe Database

Searchable, role-based access. Some recipes locked to specific roles. Each recipe is also a forum post.

MUST LIVE IN V1

Task Check-Off & Tracking

Workers press "Done" to mark completion. Status flow: TODO → IN_PROGRESS → DONE / SKIPPED.

Should Have

SHOULD PLANNED

Video/Media Attachments

On tasks and posts. New workers can prep at home. Saves money on teaching and time.

SHOULD PLANNED

Upvote/Downvote System

On posts and comments. Best methods naturally rise to the top.

SHOULD PLANNED

Performance Dashboard

Task completion rates, cycle data, activity metrics. For franchisor and auditor roles.

SHOULD PLANNED

Gradual Onboarding

Cycle algorithm eases new workers into tasks slowly so they learn at a steady pace.

Nice to Have

NICE

Demographic-Based Recommendations

If your area has average age 50, recommend posts from successful franchisees with similar demographics. Like Netflix but for franchise knowledge.

NICE

AI Safety Flagging

Auto-detect posts with potential legal, health, or safety violations (e.g., cross-contamination risks).

NICE

Shareable Cycle Profiles

Succeeding franchisees share their entire cycle setup. Seasonal chaining for different seasons.

NICE

Reward/Recognition System

Monthly best post, top contributor badges. Incentivize sharing.

User Flows (9 Total)

1. New Franchisee Onboarding (Nina) — Partially Live

  1. Signs up / gets invited by franchisor
  2. Creates franchise location profile (name, address, size, equipment)
  3. Automatically inherits franchisor's default tasks
  4. Reviews inherited tasks — excludes those that don't apply, adjusts frequency, adds custom tasks
  5. Adds workers (invite by email/code), assigns roles/ranks
  6. Generates first task cycle
  7. Publishes timetable → Workers can now see their schedule

2. Worker Daily Routine (Marcus) — Live

  1. Opens app → sees full timetable (all workers, all tasks)
  2. Filters to "My Tasks Today"
  3. Clicks on a task → views step-by-step instructions, warnings, video tutorials, forum tips
  4. Completes the task → presses "Done" → moves to next task

3. Recipe Search (Any Worker) — Planned

  1. Goes to Recipe section or uses search bar
  2. Results filtered by role permission (only sees recipes their role allows)
  3. Clicks on recipe → sees official recipe from franchisor
  4. Reads community posts underneath — watches video tips, sees upvoted suggestions

4. Cycle Generation & Adjustment (Jay) — Planned

  1. Opens Cycle Manager → sees current active tasks for the location
  2. Chooses: Auto-generate or Manual setup
  3. Reviews generated timetable, adjusts if needed (sick day, swaps)
  4. Publishes → all workers see updated timetable

5. Forum Interaction (Any Member) — Planned

  1. Accesses forum via: clicking a task → "View Posts", clicking a recipe, or General Forum
  2. Browses/searches posts → reads, upvotes/downvotes, watches attached video, comments
  3. OR creates a new post — selects category, writes content, attaches media, submits

6. Franchisor Overview (Frank) — Planned

  1. Opens Franchisor Dashboard → sees overview of all franchise locations
  2. Performance metrics, which locations thriving vs struggling, recent forum activity
  3. Clicks a specific franchisee → sees their setup, completion rates, worker activity
  4. Can create/edit default tasks, post official procedures, share recipes with role-based permissions

7. Struggling Franchisee Seeking Help (Derek) — Planned

  1. Notices low performance metrics → goes to Forum
  2. Searches for a specific problem (e.g., "workers taking too long on prep")
  3. Finds posts from successful franchisees sorted by upvotes
  4. Applies changes: adjusts task cycle, shares new methods with workers, monitors improvement

8. Field Audit (Rico) — Planned

  1. Sees franchisor-level overview → identifies struggling locations remotely
  2. Reviews specific location data: task setup, cycle config, worker completion rates, forum engagement
  3. Prepares before visiting: saves relevant posts, notes data points (not opinions)
  4. Visits armed with data → points franchisee to community-proven methods. Less conflict, more trust

9. Role & Permission Setup (Owner) — Live

  1. Goes to Team Management → sees default ranks: Worker, Owner
  2. Creates custom ranks (e.g., "Head Baker", "Shift Lead", "Trainee")
  3. Assigns permissions to each rank
  4. Assigns ranks to workers → workers now see/access only what their rank allows
Multi-Tenant Architecture

Hierarchical Model

Parent org (brand) → Child org (franchisee) via one-time invite links. A single user can belong to multiple orgs. UI has an org dropdown listing every org the user is a member of.

Org TypeDescription
IndependentCreated normally. Full settings, full control. No parent.
Parent (Brand)Can issue franchisee creation links. Defines default tasks/recipes/roles. Can view child orgs.
Child (Franchisee)Created only via invite link. Inherits published tasks/recipes/roles from parent. Can create own local tasks.

Task Inheritance Rules

  • Tasks are shared/canonical — NOT copied into child orgs
  • Each canonical task has one shared forum thread within the brand network
  • Title and main description are read-only for child orgs
  • Child orgs can create their own local tasks and recipes
  • Franchisees customize which tasks are in their cycle based on their location's equipment and size
Timetable System Design

Two-Layer Architecture

Layer 1 — Template / Cycle Profile (pattern definition): A named cycle profile (e.g., "Standard Week" with 7 days). Task placements stored as TaskInstance rows with relative dayOffset and startTimeMin. No real dates — purely positional.

Layer 2 — Materialised Schedule (real calendar): When a manager selects a template, the system calculates real dates (weekStartDate + dayOffset) and creates new TaskInstance rows with absolute scheduledStartAt / scheduledEndAt.

Why Materialised (Not Virtual Projection)

  • Real scenario: Someone completed a task at 9am. Later you edit the template to move it to 2pm. Virtual projection would show "scheduled at 2pm, done at 9am" — misleading
  • Materialised rows give you an audit trail
  • Each instance can be independently edited (reassign, reschedule, change status)
  • Storage cost is minimal — a few hundred rows per week per org

Apply / Overwrite Flow

  1. Manager goes to Timetable page (current week's materialised schedule)
  2. Selects a template from the dropdown
  3. If week has no instances → materialise directly
  4. If week already has instances → confirmation dialog warns before overwriting
  5. Cycle must start on a Monday (enforced by backend + UI)

Task Frequency System (Min/Max Wait)

Each task has two recurrence variables:

MinMaxMeaning
01Do it every day
12Do it every 1–2 days (flexible)
27At least once a week, no sooner than every 2 days

Franchisees can shorten the frequency but cannot exceed the max set by the franchisor.

Permission Matrix (RBAC)
ActionOwnerManagerWorker
Create/delete organization
Manage members (invite/remove/change role)
Create/manage custom ranks
Create/edit/delete task templates
Create/edit timetable templates
Apply template to a week (materialise)
Edit materialised instances (reassign)
Assign members to task instances
View timetable (full week)
View own daily tasks
Update task status✓ (own)
View all org members✓ (read)
Create local tasks/recipes
Post in forumRole-dependent
View secret recipesRole-dep.Role-dep.

Permission enum values: ORG_MANAGE, ROLE_MANAGE, TASK_CREATE, TASK_UPDATE, TASK_DELETE, TASK_ASSIGN, TASKINSTANCE_COMPLETE

Architecture & Design Decisions

Materialised Scheduling vs Virtual Projection

Chose: Materialised scheduling. When a template is applied, real TaskInstance rows are generated with absolute dates. This allows per-instance overrides without a complex exception layer.

Single Table Dual-Purpose (TaskInstance)

Chose: One table for now. Template placements have templateId + dayOffset + startTimeMin. Materialised instances have scheduledStartAt + scheduledEndAt. Distinguished by which fields are populated. Clean refactor path to split later if needed.

Auth Config Split for Edge Runtime

Next.js middleware runs on the Edge runtime, which can't import @prisma/client. Auth config split into auth.config.ts (Edge-compatible, no Prisma) and auth.ts (full config with Prisma adapter). A real production pattern.

Service Layer Pattern

Both Server Actions (web UI) and API Routes (external/mobile) are thin wrappers that delegate to lib/services/. No duplicated business logic. Server Actions additionally call revalidatePath to invalidate the Next.js cache.

Discriminated Union Result Types

Auth helpers return { ok: true, user, membership } or { ok: false, response: 401|403 }. Routes early-return with if (!authz.ok) return authz.response — clean, consistent, no exceptions for control flow.

Shared Tasks with Single Forum Thread

Tasks are NOT copied into child orgs. Each canonical task has one shared forum thread that all brand-network franchisees can comment under. Avoids data duplication, centralizes community knowledge, and updates propagate automatically.

Data Model

Key models in the PostgreSQL schema:

  • Organization — Top-level tenant with optional parentOrgId for brand→franchisee hierarchy. Has openTimeMin, closeTimeMin, timezone.
  • User / Account / Session — Auth.js managed. OAuth account linking. JWT strategy.
  • Membership — Join table: User ↔ Organization, with a Role.
  • Role / RolePermission — Org-scoped roles with granular OrgPermission enum values.
  • Task — Reusable template: title, description, durationMin, peopleRequired, preferredStartTimeMin, minWaitDays, maxWaitDays.
  • TaskEligibility — Links Task to eligible Roles.
  • TimetableTemplate — Named cycle profile with templateDays count and optional effectiveFrom.
  • TaskInstance — Dual-purpose: template placements (relative dayOffset) OR materialised entries (absolute scheduledStartAt). Status: TODO → IN_PROGRESS → DONE / SKIPPED.
  • TaskInstanceAssignee — Many-to-many: TaskInstance ↔ Membership.
REST API Endpoints
  • POST /api/orgs — Create org (auto-creates Owner/Member roles with permissions)
  • GET/POST/DELETE /api/orgs/[orgId]/memberships — Manage members (requires ORG_MANAGE)
  • GET/POST/DELETE /api/orgs/[orgId]/tasks — Task templates (TASK_CREATE/DELETE)
  • GET/POST /api/orgs/[orgId]/task-instances — Task instances with ?status= filtering
  • GET/POST/DELETE .../task-instances/[id]/assignees — Assignee management (TASK_ASSIGN)
  • PATCH .../task-instances/[id]/status — Update status (TASKINSTANCE_COMPLETE)
Roadmap & Progress
  • Service layer & REST API
  • Task management (CRUD, eligibility)
  • Member management (invite, roles)
  • Google OAuth authentication (JWT)
  • Timetable view (calendar + simple modes)
  • Timetable template editor (drag/drop)
  • Template materialisation (apply to week)
  • Parent/child org hierarchy with invite links
  • Worker "Today" view (filtered daily checklist)
  • Notifications for schedule changes
  • Recipe database (searchable, role-based)
  • Task-linked forum (posts, comments, upvotes)
  • Completion stats dashboard
  • Fair rotation algorithm
  • Demographic-based smart recommendations
  • AI compliance/safety flagging
  • Seasonal cycle chaining
  • Mobile app
Testing & Quality Assurance

Smoke Test Report — V1

A structured smoke test was conducted across 87 individual test cases (now 468 unit tests + Playwright E2E in CI) covering all major features, RBAC permissions, mobile responsiveness, and edge cases.

87
Total Tests
45
Passed
8
Partial
34
Failed

Testing Categories

CategoryPassPartialFailTotal
Auth (Sign In)3003
Create Org2125
Org Settings4015
Roles6017
Tasks2248
Templates1168
Apply Template4015
Timetable4239
Invite Member2103
Accept Invite5005
RBAC (Permissions)6028
Franchise3014
Decline Invite3003
Mobile (iPhone)0134

Methodology

  • Manual smoke testing — end-to-end walkthrough of all 14 major features
  • RBAC automation script — automated route-level permission testing across 15 sensitive URLs
  • Cross-device testing — desktop and iPhone
  • Two-account testing — owner vs default member to verify permission boundaries

Full test report and individual bug issues are tracked on GitHub.

Back to the overview?

Return to the high-level summary or jump straight to the code.

Back to Overview View Code Live Demo