Brammm/gist:5568265

## gistfile1.php
/*
In security.yml I declared a parameter (for the life of me, I can't remember if this was important):

# security.yml
parameters:
  security.acl.permission.map.class: Acme\DemoBundle\Security\Acl\Permission\PermissionMap


In services.yml I redeclare the acl collection cache service:

# services.yml
security.acl.collection_cache:
  class:     %security.acl.collection_cache.class%
  arguments: [@security.acl.provider, @security.acl.object_identity_retrieval_strategy, @security.acl.security_identity_retrieval_strategy]


This uses my PermissionMap.php:
*/
<?php
# Acme\DemoBundle\Security\Acl\Permission\PermissionMap.php
namespace Acme\DemoBundle\Security\Acl\Permission;

use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
// we don't use the Symfony MaskBuilder

class PermissionMap implements PermissionMapInterface
{

    const PERMISSION_VIEW        = 'VIEW';
    const PERMISSION_EDIT        = 'EDIT';
    const PERMISSION_CREATE      = 'CREATE';
    const PERMISSION_DELETE      = 'DELETE';
    const PERMISSION_UNDELETE    = 'UNDELETE';
    const PERMISSION_OPERATOR    = 'OPERATOR';
    const PERMISSION_MASTER      = 'MASTER';
    const PERMISSION_OWNER       = 'OWNER';
    // your own permissions here
    const PERMISSION_COPY        = 'COPY';
    const PERMISSION_REVIEW      = 'REVIEW';

    private $map = array(
        self::PERMISSION_VIEW => array(
            MaskBuilder::MASK_VIEW,
            MaskBuilder::MASK_EDIT,
            MaskBuilder::MASK_COPY,
            MaskBuilder::MASK_REVIEW,
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_EDIT => array(
            MaskBuilder::MASK_EDIT,
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),
        // don't forget to add maps
        self::PERMISSION_COPY => array(
            MaskBuilder::MASK_COPY,
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_REVIEW => array(
            MaskBuilder::MASK_REVIEW,
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_CREATE => array(
            MaskBuilder::MASK_CREATE,
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_DELETE => array(
            MaskBuilder::MASK_DELETE,
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_UNDELETE => array(
            MaskBuilder::MASK_UNDELETE,
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_OPERATOR => array(
            MaskBuilder::MASK_OPERATOR,
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_MASTER => array(
            MaskBuilder::MASK_MASTER,
            MaskBuilder::MASK_OWNER,
        ),

        self::PERMISSION_OWNER => array(
            MaskBuilder::MASK_OWNER,
        ),
    );

    /**
     * {@inheritDoc}
     */
    public function getMasks($permission, $object)
    {
        if (!isset($this->map[$permission])) {
            return null;
        }

        return $this->map[$permission];
    }

    /**
     * {@inheritDoc}
     */
    public function contains($permission)
    {
        return isset($this->map[$permission]);
    }
}
/*
In the same folder I extend the Symfony MaskBuilder:
*/
<?php
# Acme\DemoBundle\Security\Acl\Permission\MaskBuilder.php

namespace Acme\DemoBundle\Security\Acl\Permission;

use Symfony\Component\Security\Acl\Permission\MaskBuilder as BaseMaskBuilder;

class MaskBuilder extends BaseMaskBuilder
{
    const MASK_COPY         = 256;        // 1 << 8
    const MASK_REVIEW       = 512;        // 1 << 9

    const CODE_COPY         = 'X';
    const CODE_REVIEW       = 'R';
}

/*
Note: at the moment you have to create your own PermissonMap and implement the interface.
Theres no point of extending the existing PermissonMap as it's using private constants and methods.
I have submitted a Pull Request (which has been merged in the master) that fixes this.
See https://github.com/symfony/symfony/pull/7601
*/
	/*
	In security.yml I declared a parameter (for the life of me, I can't remember if this was important):

	# security.yml
	parameters:
	security.acl.permission.map.class: Acme\DemoBundle\Security\Acl\Permission\PermissionMap


	In services.yml I redeclare the acl collection cache service:

	# services.yml
	security.acl.collection_cache:
	class: %security.acl.collection_cache.class%
	arguments: [@security.acl.provider, @security.acl.object_identity_retrieval_strategy, @security.acl.security_identity_retrieval_strategy]


	This uses my PermissionMap.php:
	*/
	<?php
	# Acme\DemoBundle\Security\Acl\Permission\PermissionMap.php
	namespace Acme\DemoBundle\Security\Acl\Permission;

	use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
	// we don't use the Symfony MaskBuilder

	class PermissionMap implements PermissionMapInterface
	{

	const PERMISSION_VIEW = 'VIEW';
	const PERMISSION_EDIT = 'EDIT';
	const PERMISSION_CREATE = 'CREATE';
	const PERMISSION_DELETE = 'DELETE';
	const PERMISSION_UNDELETE = 'UNDELETE';
	const PERMISSION_OPERATOR = 'OPERATOR';
	const PERMISSION_MASTER = 'MASTER';
	const PERMISSION_OWNER = 'OWNER';
	// your own permissions here
	const PERMISSION_COPY = 'COPY';
	const PERMISSION_REVIEW = 'REVIEW';

	private $map = array(
	self::PERMISSION_VIEW => array(
	MaskBuilder::MASK_VIEW,
	MaskBuilder::MASK_EDIT,
	MaskBuilder::MASK_COPY,
	MaskBuilder::MASK_REVIEW,
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_EDIT => array(
	MaskBuilder::MASK_EDIT,
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),
	// don't forget to add maps
	self::PERMISSION_COPY => array(
	MaskBuilder::MASK_COPY,
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_REVIEW => array(
	MaskBuilder::MASK_REVIEW,
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_CREATE => array(
	MaskBuilder::MASK_CREATE,
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_DELETE => array(
	MaskBuilder::MASK_DELETE,
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_UNDELETE => array(
	MaskBuilder::MASK_UNDELETE,
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_OPERATOR => array(
	MaskBuilder::MASK_OPERATOR,
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_MASTER => array(
	MaskBuilder::MASK_MASTER,
	MaskBuilder::MASK_OWNER,
	),

	self::PERMISSION_OWNER => array(
	MaskBuilder::MASK_OWNER,
	),
	);

	/**
	* {@inheritDoc}
	*/
	public function getMasks($permission, $object)
	{
	if (!isset($this->map[$permission])) {
	return null;
	}

	return $this->map[$permission];
	}

	/**
	* {@inheritDoc}
	*/
	public function contains($permission)
	{
	return isset($this->map[$permission]);
	}
	}
	/*
	In the same folder I extend the Symfony MaskBuilder:
	*/
	<?php
	# Acme\DemoBundle\Security\Acl\Permission\MaskBuilder.php

	namespace Acme\DemoBundle\Security\Acl\Permission;

	use Symfony\Component\Security\Acl\Permission\MaskBuilder as BaseMaskBuilder;

	class MaskBuilder extends BaseMaskBuilder
	{
	const MASK_COPY = 256; // 1 << 8
	const MASK_REVIEW = 512; // 1 << 9

	const CODE_COPY = 'X';
	const CODE_REVIEW = 'R';
	}

	/*
	Note: at the moment you have to create your own PermissonMap and implement the interface.
	Theres no point of extending the existing PermissonMap as it's using private constants and methods.
	I have submitted a Pull Request (which has been merged in the master) that fixes this.
	See https://github.com/symfony/symfony/pull/7601
	*/