Move covered scopes check into strategy

lib/shopify_app/access_scopes/noop_strategy.rb

@@ -7,6 +7,10 @@ class << self
         def update_access_scopes?(*_args)
           false
         end
+
+        def covered_scopes?(*_args)
+          true
+        end
       end
     end
   end

lib/shopify_app/access_scopes/user_strategy.rb

@@ -12,6 +12,11 @@ def update_access_scopes?(user_id: nil, shopify_user_id: nil)
             "#update_access_scopes? requires user_id or shopify_user_id parameter inputs")
         end
 
+        def covered_scopes?(current_shopify_session)
+          # NOTE: this not Ruby's `covers?` method, it is defined in ShopifyAPI::Auth::AuthScopes
+          current_shopify_session.scope.to_a.empty? || current_shopify_session.scope.covers?(ShopifyAPI::Context.scope)
+        end
+
         private
 
         def update_access_scopes_for_user_id?(user_id)

lib/shopify_app/controller_concerns/login_protection.rb

@@ -29,9 +29,7 @@ def activate_shopify_session
         return redirect_to_login
       end
 
-      unless current_shopify_session.scope.to_a.empty? ||
-          current_shopify_session.scope.covers?(ShopifyAPI::Context.scope)
-
+      unless ShopifyApp.configuration.user_access_scopes_strategy.covered_scopes?(current_shopify_session)
         clear_shopify_session
         return redirect_to_login
       end