@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_ACB_ADMIN') or hasRole('ROLE_ACB_STAFF')")
  @Transactional(readOnly = false)
  public VendorDTO create(VendorDTO dto)
      throws EntityRetrievalException, EntityCreationException, JsonProcessingException {

    VendorDTO created = vendorDao.create(dto);

    List<CertificationBodyDTO> availableAcbs = acbManager.getAllForUser();
    if (availableAcbs != null && availableAcbs.size() > 0) {
      for (CertificationBodyDTO acb : availableAcbs) {
        VendorACBMapDTO vendorMappingToCreate = new VendorACBMapDTO();
        vendorMappingToCreate.setAcbId(acb.getId());
        vendorMappingToCreate.setVendorId(created.getId());
        vendorMappingToCreate.setTransparencyAttestation(dto.getTransparencyAttestation());
        vendorDao.createTransparencyMapping(vendorMappingToCreate);
      }
    }
    activityManager.addActivity(
        ActivityConcept.ACTIVITY_CONCEPT_VENDOR,
        created.getId(),
        "Vendor " + created.getName() + " has been created.",
        null,
        created);
    return created;
  }
  @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_ACB_ADMIN') or hasRole('ROLE_ACB_STAFF')")
  @Transactional(readOnly = false)
  public VendorDTO update(VendorDTO vendor)
      throws EntityRetrievalException, JsonProcessingException, EntityCreationException {

    VendorDTO before = getById(vendor.getId());
    VendorEntity result = vendorDao.update(vendor);

    // chplAdmin cannot update the transparency but any other role
    // allowed in this method can
    boolean isChplAdmin = false;
    Set<GrantedPermission> permissions = Util.getCurrentUser().getPermissions();
    for (GrantedPermission permission : permissions) {
      if (permission.getAuthority().equals("ROLE_ADMIN")) {
        isChplAdmin = true;
      }
    }

    if (!isChplAdmin) {
      List<CertificationBodyDTO> availableAcbs = acbManager.getAllForUser();
      if (availableAcbs != null && availableAcbs.size() > 0) {
        for (CertificationBodyDTO acb : availableAcbs) {
          VendorACBMapDTO existingMap =
              vendorDao.getTransparencyMapping(vendor.getId(), acb.getId());
          if (existingMap == null) {
            VendorACBMapDTO vendorMappingToUpdate = new VendorACBMapDTO();
            vendorMappingToUpdate.setAcbId(acb.getId());
            vendorMappingToUpdate.setVendorId(before.getId());
            vendorMappingToUpdate.setTransparencyAttestation(vendor.getTransparencyAttestation());
            vendorDao.createTransparencyMapping(vendorMappingToUpdate);
          } else {
            existingMap.setTransparencyAttestation(vendor.getTransparencyAttestation());
            vendorDao.updateTransparencyMapping(existingMap);
          }
        }
      }
    }
    VendorDTO after = new VendorDTO(result);
    after.setTransparencyAttestation(vendor.getTransparencyAttestation());

    activityManager.addActivity(
        ActivityConcept.ACTIVITY_CONCEPT_VENDOR,
        after.getId(),
        "Vendor " + vendor.getName() + " was updated.",
        before,
        after);

    return after;
  }