Content Translation Operations are 403 for Users with Admin Role

Content Translation module provides routes to translate any entity through a route subscriber and the following link templates as defined in a hook_entity_alter implementation:

$translations_path = $entity_type->getLinkTemplate('canonical') . '/translations';
$entity_type->setLinkTemplate('drupal:content-translation-overview', $translations_path);
$entity_type->setLinkTemplate('drupal:content-translation-add', $translations_path . '/add/{source}/{target}');
$entity_type->setLinkTemplate('drupal:content-translation-edit', $translations_path . '/edit/{language}');
$entity_type->setLinkTemplate('drupal:content-translation-delete', $translations_path . '/delete/{language}');

However, those routes may not accessible to any user with permission to edit the entity itself, even if that user is user 1. From https://www.drupal.org/node/2677778#comment-11022487: →

By design, it appears, ContentTranslationManageAccessCheck blocks editors access to the entity.$entity_type_id.content_translation_edit route:

 // Editors have no access to the translation operations, as entity
 // access already grants them an equal or greater access level.
 $templates = ['update' => 'edit-form', 'delete' => 'delete-form'];
 if ($entity->access($operation) && $entity_type->hasLinkTemplate($templates[$operation])) {
   return AccessResult::forbidden()->cachePerPermissions();
 }

It seems wrong to me that user 1, or any user with the admin role, should get a 403 access denied for an operation that a translator can accomplish. This seems to be true even if user 1 also has the translator role.

Because of this decision, one cannot count on the translation link templates to be a reliable path for anyone who should be able to translate content. It is impossible, for example, to create a view that will allow administrators to edit content translations in any language with a single click; the edit-form link template points to whatever language in which the current page is being viewed, and the drupal:content-translation-edit link template is 403. Even on the translations overview page, this situation leads to many workarounds that seem inherently buggy, e.g. (from the same comment referenced above):

And the overview controller always provides editors with links to the entity edit page:

  if ($update_access->isAllowed() && $entity_type->hasLinkTemplate('edit-form')) {
    $links['edit']['url'] = $entity->urlInfo('edit-form');
    $links['edit']['language'] = $language;
  }
  elseif (!$is_original && $translation_access->isAllowed()) {
    $links['edit']['url'] = $edit_url;
  }

But the entity.$entity_type_id.edit_form route always loads the translation of the currently negotiated language.

Steps to reproduce:

1. Create node/1
2. Enable content translation
3. Add a language
4. Add a translation for node/1
5. Create a "translator" role that has the permissions for Content Translation
6. Create a user with the "translator" role

Expected behavior:

• As the translator user, node/1/translations/edit/{langcode} helps me translate the content
• As the translator user, node/1/translations/delete/{langcode} helps me translate the content
• As the admin user or user 1, node/1/translations/edit/{langcode} helps me translate the content
• As the admin user or user 1, node/1/translations/delete/{langcode} helps me translate the content

What happens instead:

• As the translator user, node/1/translations/edit/{langcode} is available
• As the translator user, node/1/translations/delete/{langcode} is available
• As the admin user or user 1, node/1/translations/edit/{langcode} is 403 Access Denied
• As the admin user or user 1, node/1/translations/delete/{langcode} is 403 Access Denied

Proposed resolution:

• Remove the access checks that deny access to admin users
• Optionally remove workarounds to send admin users to edit-form link template
• Optionally redirect admin users to the proper edit form instead of 403