FIX create invoice from order using API and multi-entity (#35654)

* FIX create invoice from order using API and multi-entity

* FIX API not allow to access order in other entity on creating invoice from order

* Update api_invoices.class.php

---------

Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>

htdocs/commande/class/commande.class.php

@@ -1156,7 +1156,7 @@ class Commande extends CommonOrder
 				}
 			}
 		} else {
-			dol_print_error($this->db);
+			$this->error = $this->db->lasterror();
 			$this->db->rollback();
 			return -1;
 		}

htdocs/compta/facture/class/api_invoices.class.php

@@ -315,6 +315,7 @@ class Invoices extends DolibarrApi
 	  * @return int
 	  * @throws RestException 400
 	  * @throws RestException 401
+	  * @throws RestException 403		Access not allowed for login
 	  * @throws RestException 404
 	  * @throws RestException 405
 	  */
@@ -332,6 +333,9 @@ class Invoices extends DolibarrApi
 		if (empty($orderid)) {
 			throw new RestException(400, 'Order ID is mandatory');
 		}
+		if (!DolibarrApi::_checkAccessToResource('commande', $orderid)) {
+			throw new RestException(403, 'Access not allowed on order for login '.DolibarrApiAccess::$user->login);
+		}
 
 		$order = new Commande($this->db);
 		$result = $order->fetch($orderid);

htdocs/core/class/commonobject.class.php

@@ -7693,7 +7693,7 @@ abstract class CommonObject
 								    $("#"+child_list).hide();
 								//Show mother lists
 								} else if ($("#"+parent_list).val() != 0){
-								    $("#"+parent_list).show();
+								    showOptions'.$type.'(child_list, parent_list, orig_select[child_list]);
 								}
 								//Show the child list if the parent list value is selected
 								$("select[name=\""+parent_list+"\"]").click(function() {