Basically yeah. You don't even need to do everything the original does. The middleware for normal routes already verifies the UID, so in my new route controller I just check if that UID is part of a certain Group. Then you can mostly copy what is in the original routes controller and template.
Also, for the front end, you can copy most of the code to your new page, but you need to watch out for the socket calls. Most of them will start with 'admin.' and that won't work because it verifies the user is a real admin. You'll need to change them and make new socket routes starting with 'plugins.' and verify the UID is part of the access group, same as your route above.