I like much of your proposal. I don't like the extra layer(s) of indirection that must be traversed every time it must be decided whether or not a user can view a node. So I'd probably actually keep the different node types for specifying different permissions, at least in the first version.
Having personally completely implemented a replacement for both of the ugly "approval" systems we still have in place (and use simultaneously) and then repeatedly failing to get it deployed, I'd actually place tackling that mess ahead of this as I expect the wide touch of the approval process will likely make for some nice roadblocks if it isn't significantly cleaned up before.
Even before that, how about just working on implementing "patch approval" so we have some hope of building on the recent momentum in site improvements by making pmdev work not quickly revert to the awful place it used to be so we might actually increase the number of active, useful members writing (and applying, testing, reverting!) patches?