diff --git a/halfapi/lib/acl_middleware.py b/halfapi/lib/acl_middleware.py
index 2bd5b77..ae52057 100644
--- a/halfapi/lib/acl_middleware.py
+++ b/halfapi/lib/acl_middleware.py
@@ -16,6 +16,16 @@ class AclMiddleware(BaseHTTPMiddleware):
         """
         print(f'Hit acl {__name__} middleware')
 
+        if 'dev_route' in request.scope.keys():
+            print('[DEBUG] Dev route, no ACL')
+            return await call_next(request)
+
+        if not('acls' in request.scope.keys()
+            and type(request.scope['acls']) == list):
+
+            print('BUG : scope["acls"] does not exist or is not a list')
+            raise HTTPException(500)
+
         for acl_fct_name in request.scope['acls']:
             print(f'Will apply {acl_fct_name}')
             try:
diff --git a/tests/test_debug_routes.py b/tests/test_debug_routes.py
new file mode 100644
index 0000000..936554a
--- /dev/null
+++ b/tests/test_debug_routes.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+import pytest
+from starlette.authentication import UnauthenticatedUser
+from starlette.testclient import TestClient
+from halfapi.app import app
+
+def test_itworks():
+    c = TestClient(app)
+    r = c.get('/')
+    assert r.text == 'It Works!'
+
+def test_user():
+    c = TestClient(app)
+    r = c.get('/user')
+    assert r.status_code == 200
diff --git a/tests/test_jwt_middleware.py b/tests/test_jwt_middleware.py
index d80ff9e..b009c33 100644
--- a/tests/test_jwt_middleware.py
+++ b/tests/test_jwt_middleware.py
@@ -12,11 +12,6 @@ from halfapi.app import app
 from halfapi.lib.jwt_middleware import (JWTUser, JWTAuthenticationBackend,
     JWTWebSocketAuthenticationBackend)
 
-def coucou():
-    return 
-def test_connected():
-    app.route('/', coucou)
-
 @pytest.fixture
 def token():
     # This fixture needs to have a running auth-lirmm on 127.0.0.1:3000
@@ -38,6 +33,27 @@ def token():
 
     return res['token']
 
+@pytest.fixture
+def token_dirser():
+    # This fixture needs to have a running auth-lirmm on 127.0.0.1:3000
+    # Sets a valid token
+
+    r = requests.post('http://127.0.0.1:3000/',
+        data={'email':'dhenaut', 'password':'a'})
+
+    if len(r.text) <= 0:
+        raise Exception('No result in token retrieval')
+
+    try:
+        res = json.loads(r.text)
+    except JSONDecodeError:
+        raise Exception('Malformed response from token retrieval')
+
+    if 'token' not in res.keys():
+        raise Exception('Missing token in token request')
+
+    return res['token']
+
 
 def test_token(token):
     client = TestClient(app)
@@ -53,3 +69,24 @@ def test_token(token):
     assert 'id' in res['user'].keys()
     assert 'token' in res['user'].keys()
     assert 'payload' in res['user'].keys()
+
+def test_labopers(token, token_dirser):
+    res = requests.get('http://127.0.0.1:8080/api/v4/organigramme/laboratoire/personnel',
+        params={
+            'q': 'limit:10|format:csv'
+        },
+        headers={
+            'Authorization': token
+        })
+
+    assert res.status_code == 401
+
+    res = requests.get('http://127.0.0.1:8080/api/v4/organigramme/laboratoire/personnel',
+        params={
+            'q': 'limit:10|format:csv'
+        },
+        headers={
+            'Authorization': token_dirser
+        })
+
+    assert res.status_code == 200