Add access_scopes attribute to session object

lib/shopify_api/session.rb

@@ -13,7 +13,7 @@ class Session
     self.myshopify_domain = 'myshopify.com'
 
     attr_accessor :domain, :token, :name, :extra
-    attr_reader :api_version
+    attr_reader :api_version, :access_scopes
     alias_method :url, :domain
 
     class << self
@@ -92,10 +92,11 @@ def extract_current_session
       end
     end
 
-    def initialize(domain:, token:, api_version: ShopifyAPI::Base.api_version, extra: {})
+    def initialize(domain:, token:, access_scopes: nil, api_version: ShopifyAPI::Base.api_version, extra: {})
       self.domain = self.class.prepare_domain(domain)
       self.api_version = api_version
       self.token = token
+      self.access_scopes = access_scopes
       self.extra = extra
     end
 
@@ -180,6 +181,11 @@ def state
 
     private
 
+    def access_scopes=(access_scopes)
+      return unless access_scopes
+      @access_scopes = ShopifyAPI::ApiAccess.new(access_scopes)
+    end
+
     def parameterize(params)
       URI.escape(params.collect { |k, v| "#{k}=#{v}" }.join('&'))
     end

test/session_test.rb

@@ -54,6 +54,39 @@ def setup
     assert(session.valid?)
   end
 
+  test "be valid with nil access_scopes" do
+    session = ShopifyAPI::Session.new(
+      domain: "testshop.myshopify.com",
+      token: "any-token",
+      api_version: any_api_version,
+      access_scopes: nil
+    )
+
+    assert(session.valid?)
+  end
+
+  test "be valid with string of access_scopes" do
+    session = ShopifyAPI::Session.new(
+      domain: "testshop.myshopify.com",
+      token: "any-token",
+      api_version: any_api_version,
+      access_scopes: "read_products, write_orders"
+    )
+
+    assert(session.valid?)
+  end
+
+  test "be valid with a collection of access_scopes" do
+    session = ShopifyAPI::Session.new(
+      domain: "testshop.myshopify.com",
+      token: "any-token",
+      api_version: any_api_version,
+      access_scopes: %w(read_products write_orders)
+    )
+
+    assert(session.valid?)
+  end
+
   test "not raise error without params" do
     assert_nothing_raised do
       ShopifyAPI::Session.new(domain: "testshop.myshopify.com", token: "any-token", api_version: any_api_version)
@@ -84,6 +117,36 @@ def setup
     end
   end
 
+  test "provides default nil access_scopes attribute" do
+    session = ShopifyAPI::Session.new(
+      domain: "testshop.myshopify.com",
+      token: "any-token",
+      api_version: any_api_version
+    )
+    assert_nil session.access_scopes
+  end
+
+  test "provides specified nil access_scopes attribute" do
+    session = ShopifyAPI::Session.new(
+      domain: "testshop.myshopify.com",
+      token: "any-token",
+      access_scopes: "read_products",
+      api_version: any_api_version
+    )
+    assert_equal "read_products", session.access_scopes.to_s
+  end
+
+  test "session instantiation raises error if bad access scopes are provided" do
+    assert_raises NoMethodError do
+      ShopifyAPI::Session.new(
+        domain: "testshop.myshopify.com",
+        token: "any-token",
+        access_scopes: { bad_input: "bad_input" },
+        api_version: any_api_version
+      )
+    end
+  end
+
   test "raise error if params passed but signature omitted" do
     assert_raises(ShopifyAPI::ValidationException) do
       session = ShopifyAPI::Session.new(domain: "testshop.myshopify.com", token: nil, api_version: any_api_version)