diff -u b/core/modules/node/lib/Drupal/node/NodeAccessController.php b/core/modules/node/lib/Drupal/node/NodeAccessController.php
--- b/core/modules/node/lib/Drupal/node/NodeAccessController.php
+++ b/core/modules/node/lib/Drupal/node/NodeAccessController.php
@@ -39,12 +39,19 @@
       return FALSE;
     }
 
+    $access = module_invoke_all('node_create_access', $account);
+
     $configured_types = node_permissions_get_configured_types();
     if (isset($configured_types[$type])) {
       if (user_access('create ' . $type . ' content', $account)) {
-        return NODE_ACCESS_ALLOW;
+        $access[] = NODE_ACCESS_ALLOW;
       }
     }
+
+    if ($return = $this->processAccessHookResults($access) !== NULL) {
+      return $return;
+    }
+
     return NODE_ACCESS_DENY;
   }
 
only in patch2:
unchanged:
--- a/core/lib/Drupal/Core/Entity/EntityAccessController.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessController.php
@@ -45,17 +45,28 @@ public function access(EntityInterface $entity, $operation, $langcode = Language
     // - At least one module says to grant access.
     $access = module_invoke_all($entity->entityType() . '_access', $entity->getBCEntity(), $operation, $account, $langcode);
 
+    if ($return = $this->processAccessHookResults($access) === NULL) {
+      // No result from hook, so entity checks are done.
+      $return = (bool) $this->checkAccess($entity, $operation, $langcode, $account);
+    }
+    return $this->setCache($return, $entity, $operation, $langcode, $account);
+  }
+
+  /**
+   * We grant access to the entity if both of these conditions are met:
+   * - No modules say to deny access.
+   * - At least one module says to grant access.
+   */
+  protected function processAccessHookResults($access) {
     if (in_array(FALSE, $access, TRUE)) {
-      $return = FALSE;
+      return FALSE;
     }
     elseif (in_array(TRUE, $access, TRUE)) {
-      $return = TRUE;
+      return TRUE;
     }
     else {
-      // No result from hook, so entity checks are done.
-      $return = (bool) $this->checkAccess($entity, $operation, $langcode, $account);
+      return;
     }
-    return $this->setCache($return, $entity, $operation, $langcode, $account);
   }
 
   /**
only in patch2:
unchanged:
--- a/core/modules/translation/translation.module
+++ b/core/modules/translation/translation.module
@@ -119,14 +119,14 @@ function translation_permission() {
 }
 
 /**
- * Implements hook_node_access().
+ * Implements hook_node_create_access().
  */
-function translation_node_access($node, $op, $account, $langcode) {
+function translation_node_create_access($account) {
   $query = Drupal::request()->query;
   $translation = $query->get('translation');
   $target = $query->get('target');
   $request_has_translation_arg = !empty($translation) && !empty($target) && is_numeric($translation);
-  if ($op == 'create' && $request_has_translation_arg) {
+  if ($request_has_translation_arg) {
     $source_node = node_load($translation);
     if (empty($source_node) || !translation_user_can_translate_node($source_node, $account)){
       return NODE_ACCESS_DENY;