Greetings,

the following:

I would like to automatically assign a group to a new member who registers. Now, of course, I have found the following link:

https://docs.umbraco.com/umbraco-cms/tutorials/members-registration-and-login#assigning-new-members-to-groups-automatically

The advice here is to copy the source code of the existing UmbRegisterController and create a new controller with the same code, except that you add the modification so that the member is assigned the group.

So far, so good.

But: Is this really the best way? My problem with this is that if the controller is modified in any new Umbraco version (e.g. bug fixing), the new version will not be used at all. Now imagine there is a security gap. Wouldn't that be fatal?

Shouldn't we create a new controller instead, which derives from the existing UmbRegisterController and "overwrites" the "HandleRegisterMember" method with the "new" keyword?

I know that hiding the existing implementation is often regarded as "bad practice". But in this case, wouldn't it be more appropriate than copying the code and not benefiting from bug fixes/security patches?

As an example:

[
    HttpPost,
    ValidateAntiForgeryToken,
    ValidateUmbracoFormRouteString
]
public new async Task<IActionResult> HandleRegisterMember(
    [Bind(Prefix = "registerModel")] RegisterModel registerModel)
{
    IActionResult result = await base.HandleRegisterMember(registerModel);

    if (string.IsNullOrWhiteSpace(registerModel.Username))
    {
        return result;
    }

    if (!memberService.Exists(registerModel.Username))
    {
        return result;
    }

    memberService.AssignRole(registerModel.Username, "Foo");

    return result;
}