diff --git a/backend/internal/http/handler/order_handler.go b/backend/internal/http/handler/order_handler.go
index a9fd635..398ed3d 100644
--- a/backend/internal/http/handler/order_handler.go
+++ b/backend/internal/http/handler/order_handler.go
@@ -55,6 +55,23 @@ func (h *Handler) ListOrders(w http.ResponseWriter, r *http.Request) {
 	page, pageSize := parsePagination(r)
 	filter := domain.OrderFilter{}
 
+	// Parse role query param for filtering
+	requester, err := getRequester(r)
+	if err != nil {
+		writeError(w, http.StatusUnauthorized, err)
+		return
+	}
+
+	role := r.URL.Query().Get("role")
+	if role != "" && requester.CompanyID != nil {
+		switch role {
+		case "buyer":
+			filter.BuyerID = requester.CompanyID
+		case "seller":
+			filter.SellerID = requester.CompanyID
+		}
+	}
+
 	result, err := h.svc.ListOrders(r.Context(), filter, page, pageSize)
 	if err != nil {
 		writeError(w, http.StatusInternalServerError, err)
diff --git a/backend/internal/http/handler/shipping_handler.go b/backend/internal/http/handler/shipping_handler.go
index 1dd3150..875b35c 100644
--- a/backend/internal/http/handler/shipping_handler.go
+++ b/backend/internal/http/handler/shipping_handler.go
@@ -28,17 +28,8 @@ func (h *Handler) GetShippingSettings(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	requester, err := getRequester(r)
-	if err != nil {
-		writeError(w, http.StatusBadRequest, err)
-		return
-	}
-	if !strings.EqualFold(requester.Role, "Admin") {
-		if requester.CompanyID == nil || *requester.CompanyID != vendorID {
-			writeError(w, http.StatusForbidden, errors.New("not allowed to view shipping settings"))
-			return
-		}
-	}
+	// Any authenticated user can view shipping settings (needed for checkout)
+	// No role-based restriction here - shipping settings are public info for buyers
 
 	settings, err := h.svc.GetShippingSettings(r.Context(), vendorID)
 	if err != nil {