PTIME vs ACL rights
blog entries have a PTIME (publish time) meta entry, so one can write entries beforehands and have them show up on the blog later. on the blog's main page, just entries are shown that have a PTIME in the past.
i think we should have that feature for any item and also it should be enforced (which, afaik, is currently not done for blog entries, if you would visit their url directly).
enforcing means having it controlled by ACL, and we'ld need a read-like permission weaker or stronger than our current "read":
read: (weakread:) read published stuff strongread: (read:) read all stuff
The PTIME-daterange-based filtering currently needed for blog entries would not be needed any more:
The normal blog visitor (== anon user, for example), would only have weak read rights, thus not see unpublished entries. The blog owner would have strong read rights, thus see everything. So AccessDenied exceptions would be the filter (which could also happen for other reasons, e.g. if some users get no read rights at all, neither weak nor strong read).