ACL Error - Admin user can't change the attributes set

[MauroNigrele]

A backend user with permissions to edit products but not attributes set can't select/change the attribute set of the product that is creating/editing, since the ajax call to http://magentohost/admin/catalog/product/suggestAttributeSets/ returns a 403 Forbidden due to insufficient permissions

Steps to reproduce

1. Log as Admin
2. Create a new attribute set
3. Create a basic backend user/role with just product edition permissions
4. Log out
5. Log in with that user
6. Create a new product and try to change se attribute set

Expected result

1. The user can select the any attribute set.

Actual result

1. The suggest widget isn't populated because the ajax request fails

[piotrekkaminski]

Internal issue MAGETWO-53557

[MauroNigrele]

- Update -
Actually, this bug also apply for any "no-admin" user regardless the permissions.

I guess that adding the below code on: \Magento\Catalog\Controller\Adminhtml\Product\SuggestAttributeSets this should be fixed:

    protected function _isAllowed()
    {
        return $this->_authorization->isAllowed('Magento_Catalog::products');
    }

Sorry no time for PR :(

[rganin]

Fixed in 2.0 branch. Not reproduced in 2.1 and develop.