You may add the artifact approval process by using Artifactory User Plugin. Also, we have an example plugin -preventUnapproved.groovy that intercepts any download request sent to Artifactory, verifies that the artifact being downloaded has an 'approved' property, and allows/rejects the download accordingly. You can edit the plugin in order to implement your own logic.
On the other hand, you may achieve a similar process by using one repository for approved artifacts, and another for unapproved ones. You can create an 'approved' repository and assign read (and any other permissions) for the users that need these artifacts, and an 'unapproved' repository that restricts permissions for these users. The flow would be to move/copy the approved artifacts from one repository to the other, thus exposing the approved artifacts in the UI and in doing so, allowing users to download these.