MAGETWO-37981: Incorrect action name checks leads to customer info leak

 - undo fixed ACL resource

Author: Dale Sikkema

app/code/Magento/Sales/Controller/Adminhtml/Order/Create.php

@@ -373,7 +373,7 @@ protected function _reloadQuote()
      */
     protected function _isAllowed()
     {
-        return $this->_authorization->isAllowed('Magento_Sales::actions');
+        return $this->_authorization->isAllowed($this->_getAclResource());
     }
 
     /**