diff --git a/app/models.py b/app/models.py
index 0145db4..9b2c79a 100644
--- a/app/models.py
+++ b/app/models.py
@@ -96,7 +96,7 @@ class Order(db.Model):
         group = dict()
         for item in self.items:
             user = group.get(item.get_name(), dict())
-            user["total"] = user.get("totalm", 0) + item.product.price
+            user["total"] = user.get("total", 0) + item.product.price
             user["to_pay"] = user.get("to_pay", 0) + item.product.price if not item.paid else 0
             user["paid"] = user.get("paid", True) and item.paid
             user["products"] = user.get("products", []) + [item.product]
diff --git a/app/views/order.py b/app/views/order.py
index b009142..677a10e 100644
--- a/app/views/order.py
+++ b/app/views/order.py
@@ -55,6 +55,8 @@ def order(id, form=None):
 @login_required
 def order_edit(id):
     order = Order.query.filter(Order.id == id).first()
+    if current_user.id is not order.courrier_id and not current_user.is_admin():
+        abort(401)
     if order is None:
         abort(404)
     orderForm = OrderForm(obj=order)
@@ -65,6 +67,7 @@ def order_edit(id):
         return redirect(url_for('.order', id=order.id))
     return render_template('order_edit.html', form=orderForm, order_id=id)
 
+
 @order_bp.route('/<id>/create', methods=['POST'])
 def order_item_create(id):
     current_order = Order.query.filter(Order.id == id).first()