diff --git a/src/lib/ACLAnalyzer.py b/src/lib/ACLAnalyzer.py
index 0a67f3be971fe57cfe33e7b9397600b6cd681b1e..b7968de977684e80c94757f96f3e29ecbe2a5906 100644
--- a/src/lib/ACLAnalyzer.py
+++ b/src/lib/ACLAnalyzer.py
@@ -52,13 +52,13 @@ class ACLAnalyzer():
       #     start_node = cm
       ctx = ElementContext(f"{f['parent']}.{f['name']}",'function',route.location,[f"Parent::{f['parent']}"])
       # if start_node:
-      ctx.set_cfg(CFGGenerator().generate(ctx))
+      # ctx.set_cfg(CFGGenerator().generate(ctx))
+      ctx.set_cfg(CFG(f['ast'],f['ctx'],f['cursor'],route.cfg.source_code_method_list,route.cfg.source_code))
       result = self.analyze_function(ctx)
       class_acls.append([ctx.name,result])
     # print("class acl",class_acls)
     return class_acls
 
-
   def analyze_function(self,route:ElementContext,is_route=True)->list[str]:
     # Cek parent nya untuk menentukaan apakah ada dekorator
     # Inisialisasi principal_list
@@ -413,6 +413,7 @@ class ACLAnalyzer():
     route_acls = []
     for f in method_lists:
       if f['type']=='class_method':
+        #TODO class method
         ctx = ElementContext(f"{f['parent']}.{f['name']}",'function',route.location,[])
         result = self.analyze_function(ctx)
         route_acls.append([f"{f['parent']}.{ctx.get_base_element_name()}",result])
@@ -459,8 +460,6 @@ class ACLAnalyzer():
         for k in acl_class.context:
           if k.startswith("Parent::"):
             parent_class = k.split("::")[1]
-        # print("KLASS",parent_class)
-        # print("NAMA",name)
         if acl_class.location==route.location:
           # Kelas/fungsi lokal
           # Kali aja ada di module ini
diff --git a/src/lib/RouteSanitizationAnalyzer.py b/src/lib/RouteSanitizationAnalyzer.py
index 82e0140981fe090826e291ef717d12cfd3395c62..b49b9ca527e5d0e79f951f77ce059f9c2e88f928 100644
--- a/src/lib/RouteSanitizationAnalyzer.py
+++ b/src/lib/RouteSanitizationAnalyzer.py
@@ -31,11 +31,9 @@ class RouteSanitizationAnalyzer():
             vuln_routes.append(f"{func[1]}() in {route.location}")
           else:
             vuln_routes.append(f"{func[2]}.{func[1]}() in {route.location}")
-      
     return vuln_routes
 
   def analyze_class(self,route:ElementContext)->list[str]:
-    #TODO CFG
     method_lists = list(filter(lambda x:x['type']=='class_method' and x['parent']==route.get_base_element_name(),route.cfg.source_code_method_list))
     # Remove yang ada di no check list
     for ctx in route.context:
@@ -48,11 +46,11 @@ class RouteSanitizationAnalyzer():
     unsanitized_methods = []
     for f in method_lists:
       ctx = ElementContext(f['name'],'function',route.location,[])
+      ctx.set_cfg(CFG(f['ast'],f['ctx'],f['cursor'],route.cfg.source_code_method_list,route.cfg.source_code))
       if(not self.analyze_function(ctx)):
         unsanitized_methods.append(f['name'])
     return unsanitized_methods
 
-
   def analyze_function(self,route:ElementContext)->bool:
     ##print(self.project_info.acl_class)
     # Cek parent nya untuk menentukaan apakah ada dekorator
diff --git a/src/lib/VulnerabilitReporter.py b/src/lib/VulnerabilitReporter.py
index bfec0a8846ab7642106070b5d01bdd518686c412..71fe53e5fe59c8b2423688973f1f089ebb5bd1e4 100644
--- a/src/lib/VulnerabilitReporter.py
+++ b/src/lib/VulnerabilitReporter.py
@@ -28,7 +28,6 @@ class VulnerabilityReporter:
         print()
         print("> Potential Broken ACL:")
         i = 0
-        print("a",self.real_acl_data.route_acl)
         for key,value in self.real_acl_data.route_acl.items():
             try:
                 # print(set(self.expected_acl_data.route_acl[key]))
diff --git a/tests/tc1/acl.txt b/tests/tc1/acl.txt
index 80aafd10dc351842c2809c776cf9408869faf63a..13f3317a55dba6df3437654eba6721f3069574ee 100644
--- a/tests/tc1/acl.txt
+++ b/tests/tc1/acl.txt
@@ -6,6 +6,11 @@ add_note:admin,user
 update_note:admin,user
 get_note:admin,user
 delete_note:admin,user
+Views.class_add_note:admin,user
+Views.class_update_note:admin,user
+Views.class_delete_note:admin,user
+Views.class_get_note:admin,user
+Views.class_get_logs: admin
 =====DETAIL=====
 var:user::var:role; [admin:admin,user:user,none:guest]
 lib:flask_login::login_required; admin,user
\ No newline at end of file
diff --git a/tests/tc1/class_views.py b/tests/tc1/class_views.py
new file mode 100644
index 0000000000000000000000000000000000000000..67a9fd48d9019569e187bb8e96b2956a39c55b20
--- /dev/null
+++ b/tests/tc1/class_views.py
@@ -0,0 +1,73 @@
+from flask import Blueprint, render_template, request, flash, jsonify,abort
+# @ACL(login_required)
+from flask_login import login_required, current_user
+from .models import Note,Log
+from .db import db
+import json
+from lib.RoleCheck import RoleCheck
+
+views = Blueprint('views', __name__)
+# @Routes
+class Views():
+    # @NoCheck
+    def __init__(self) -> None:
+        pass
+    @views.route('/add', methods=['POST'])
+    @login_required
+    def class_add_note(self):
+        if request.method == 'POST':
+            note = request.form.get('note')
+
+            if len(note) < 1:
+                flash('Note is too short!', category='error')
+            else:
+                new_note = Note(data=note, user_id=current_user.id)
+                db.session.add(new_note)
+                db.session.commit()
+                flash('Note added!', category='success')
+
+        return render_template("home.html")
+
+    @views.route('/update', methods=['POST'])
+    @login_required
+    def class_update_note(self):
+        if request.method == 'POST':
+            n = request.form.get('note')
+            noteId = n['noteId']
+            note = Note.query.get(noteId)
+        
+            if note.user_id == current_user.id:
+                if len(n.note) < 1:
+                    flash('Note is too short!', category='error')
+                else:
+                    db.session.update().where(Note.id==n.id).values(data=n.note)
+                    db.session.commit()
+            flash('Note updated!', category='success')
+
+        return render_template("home.html")
+
+    @views.route('/delete', methods=['POST'])
+    @login_required
+    def class_delete_note(self):
+        note = json.loads(request.data)
+        noteId = note['noteId']
+        note = Note.query.get(noteId)
+        if note:
+            if note.user_id == current_user.id:
+                db.session.delete(note)
+                db.session.commit()
+        return jsonify({})
+
+    @views.route('/note', methods=['GET'])
+    # @login_required
+    def class_get_note(self):
+        notes = Note.query.filter(Note.user_id==current_user.id)
+        return jsonify(notes)
+
+    @views.route('/logs', methods=['GET'])
+    @login_required
+    def class_get_logs(self):
+        # if (RoleCheck().is_admin(current_user)):
+        #     abort(403)
+        logs = Log.query.get()
+        return jsonify(logs)
\ No newline at end of file
diff --git a/tests/tc1/views.py b/tests/tc1/views.py
index 4d4ce7c47a8d96769da53af959b0e26de22f299d..0c10a90feb78adfbb7f7bd5180cc124b6a5bf926 100644
--- a/tests/tc1/views.py
+++ b/tests/tc1/views.py
@@ -26,7 +26,7 @@ def add_note():
     return render_template("home.html")
 
 @views.route('/update', methods=['POST'])
-@login_required
+# @login_required
 def update_note():
     if request.method == 'POST':
         n = request.form.get('note')