Issue #1896556 by klausi: Fixed Routing AccessManager does not evaluate access checks correctly.

core/lib/Drupal/Core/Access/AccessManager.php

@@ -120,11 +120,16 @@ public function check(Route $route) {
         $this->loadCheck($service_id);
       }
 
-      $access = $this->checks[$service_id]->access($route, $this->request);
-      if ($access === FALSE) {
+      $service_access = $this->checks[$service_id]->access($route, $this->request);
+      if ($service_access === FALSE) {
         // A check has denied access, no need to continue checking.
+        $access = FALSE;
         break;
       }
+      elseif ($service_access === TRUE) {
+        // A check has explicitly granted access, so we need to remember that.
+        $access = TRUE;
+      }
     }
 
     // Access has been denied or not explicily approved.

core/lib/Drupal/Core/Access/DefaultAccessCheck.php

@@ -26,6 +26,6 @@ public function applies(Route $route) {
    * Implements AccessCheckInterface::access().
    */
   public function access(Route $route, Request $request) {
-    return $route->getRequirement('_access');
+    return (bool) $route->getRequirement('_access');
   }
 }

core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php

@@ -62,7 +62,6 @@ public function dynamicRoutes(RouteBuildEvent $event) {
 
         // @todo Switch to ->addCollection() once http://drupal.org/node/1819018 is resolved.
         foreach ($plugin->routes() as $name => $route) {
-          $route->setRequirement('_access', 'TRUE');
           $collection->add("rest.$name", $route);
         }
       }

core/modules/system/lib/Drupal/system/Tests/Routing/RouterPermissionTest.php

@@ -46,5 +46,10 @@ public function testPermissionAccess() {
     $this->assertResponse(200);
     $this->assertNoRaw('Access denied');
     $this->assertRaw('test7text', 'The correct string was returned because the route was successful.');
+
+    $this->drupalGet('router_test/test9');
+    $this->assertResponse(200);
+    $this->assertNoRaw('Access denied');
+    $this->assertRaw('test8', 'The correct string was returned because the route was successful.');
   }
 }

core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php

+<?php
+
+/**
+ * @file
+ * Contains Drupal\router_test\Access\TestAccessCheck.
+ */
+
+namespace Drupal\router_test\Access;
+
+use Drupal\Core\Access\AccessCheckInterface;
+use Symfony\Component\Routing\Route;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Access check for test routes.
+ */
+class TestAccessCheck implements AccessCheckInterface {
+
+  /**
+   * Implements AccessCheckInterface::applies().
+   */
+  public function applies(Route $route) {
+    return array_key_exists('_access_router_test', $route->getRequirements());
+  }
+
+  /**
+   * Implements AccessCheckInterface::access().
+   */
+  public function access(Route $route, Request $request) {
+    // No opinion, so other access checks should decide if access should be
+    // allowed or not.
+    return NULL;
+  }
+}

core/modules/system/tests/modules/router_test/lib/Drupal/router_test/RouterTestBundle.php

@@ -20,5 +20,7 @@ class RouterTestBundle extends Bundle {
    */
   public function build(ContainerBuilder $container) {
     $container->register('router_test.subscriber', 'Drupal\router_test\RouteTestSubscriber')->addTag('event_subscriber');
+    $container->register('access_check.router_test', 'Drupal\router_test\Access\TestAccessCheck')
+      ->addTag('access_check');
   }
 }

core/modules/system/tests/modules/router_test/router_test.routing.yml

@@ -45,3 +45,11 @@ router_test_8:
   pattern: '/router_test/test8'
   defaults:
     _controller: '\Drupal\router_test\TestControllers::test8'
+
+router_test_9:
+  pattern: '/router_test/test9'
+  defaults:
+    _controller: '\Drupal\router_test\TestControllers::test8'
+  requirements:
+    _permission: 'access test7'
+    _access_router_test: 'TRUE'