Fix add / delete contact access

htdocs/commande/class/api_orders.class.php

@@ -415,21 +415,16 @@ class Orders extends DolibarrApi
 	 */
     public function postContact($id, $contactid, $type)
     {
-        if(!DolibarrApiAccess::$user->rights->commande->creer) {
-            throw new RestException(401);
-        }
-
-        $result = $this->commande->fetch($id);
-
-		if(!$result) {
-			throw new RestException(404, 'Order not found');
+        if (! DolibarrApiAccess::$user->rights->commande->creer) {
+			throw new RestException(401);
 		}
 
-        if (!in_array($type, array('BILLING', 'SHIPPING', 'CUSTOMER'), true)) {
-            throw new RestException(500, 'Availables types: BILLING, SHIPPING OR CUSTOMER');
+        $result = $this->commande->fetch($id);
+        if (! $result) {
+            throw new RestException(404, 'Order not found');
         }
 
-        if(!DolibarrApi::_checkAccessToResource('order', $this->commande->id)) {
+		if (! DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
 			throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 
@@ -457,17 +452,16 @@ class Orders extends DolibarrApi
 	 */
     public function deleteContact($id, $rowid)
     {
-        if(!DolibarrApiAccess::$user->rights->commande->creer) {
-            throw new RestException(401);
-        }
-
-        $result = $this->commande->fetch($id);
-
-		if(!$result) {
-			throw new RestException(404, 'Order not found');
+        if (! DolibarrApiAccess::$user->rights->commande->creer) {
+			throw new RestException(401);
 		}
 
-        if(!DolibarrApi::_checkAccessToResource('order', $this->commande->id)) {
+        $result = $this->commande->fetch($id);
+        if (! $result) {
+            throw new RestException(404, 'Order not found');
+        }
+
+		if (! DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
 			throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
 		}