Plugin installation interface

See also more general notes at AdminRequirements

How it works now
Plugins are manually enabled by adding a line to config.php, such as:

addPlugin('Example', array('param1' => 'value1', 'param2' => 'value2'));

This will look for and load files named 'ExamplePlugin.php' or 'Example/ExamplePlugin.php' either in the plugins/ directory (for plugins that ship with StatusNet) or in the local/ directory (for plugins you write yourself or that you get from somewhere else) or local/plugins/.

(from README)

Database schema changes
As of 0.9.x StatusNet exposes an interface for schema updates which plugins can specify; the CheckSchema event should trigger when the installer activates a plugin.

(Note that altering core tables is probably something that should be avoided; have your plugin make its own tables!)

WordPress


WordPress has a UI in its administration panel for activating and deactivation plugins, which are autodiscovered based on metadata placed in comments:


 * Description of plugin metadata header
 * http://codex.wordpress.org/Writing_a_Plugin

It may be useful to adopt or adapt this metainfo format.

Recent WordPress also include the ability to add, upgrade, or remove items to/from the plugins directory if it's configured with FTP access to itself. (?!) We might want to hold off on something like that, but keep in mind that making upgrades easy is a Good Idea (TM).

Requirements

 * Web UI in administration panel
 * Restrict access to certain users!
 * List available plugins
 * Allow activation/deactivation of available plugins
 * Allow plugins to add their own configuration forms
 * Read metadata from plugin files/subdirs
 * name
 * url
 * description
 * author
 * version
 * StatusNet version dependencies
 * Specify deps for other plugins, PHP modules?
 * Backend storage of plugin activation state
 * preferably without having to alter config.php?
 * Events:
 * Trigger CheckSchema event on activation
 * Need to add activate/deactivate/config events?

Concerns

 * Do we need a "safe mode" in case a buggy plugin causes fatal errors?
 * Performance issues of scanning the plugins dir or checking config database?
 * If we want to look for updates, how can we do this? Central DB or an update feed URL in plugin spec?
 * Need to check detail to confirm, but WordPress appears to do upgrade checks through their centralized plugin database - http://wordpress.org/extend/plugins/