fix: 高级编辑直接添加公共库+编辑者权限精确控制

公共库添加:
- 高级编辑直接添加到公共库时owner_id设为admin，所有人可见
- 高级编辑添加不触发审核通知

精油价目权限:
- 编辑精油改为canManage（senior_editor+admin）
- editor只能编辑配方，不能编辑精油价目

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/main.py

@@ -781,8 +781,14 @@ def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
         raise HTTPException(401, "请先登录")
     conn = get_db()
     c = conn.cursor()
+    # Senior editors adding directly to public library: set owner to admin so everyone can see
+    owner_id = user["id"]
+    if user["role"] in ("senior_editor",):
+        admin = c.execute("SELECT id FROM users WHERE role = 'admin' LIMIT 1").fetchone()
+        if admin:
+            owner_id = admin["id"]
     c.execute("INSERT INTO recipes (name, note, owner_id) VALUES (?, ?, ?)",
-              (recipe.name, recipe.note, user["id"]))
+              (recipe.name, recipe.note, owner_id))
     rid = c.lastrowid
     for ing in recipe.ingredients:
         c.execute(
@@ -793,8 +799,8 @@ def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
         c.execute("INSERT OR IGNORE INTO tags (name) VALUES (?)", (tag,))
         c.execute("INSERT OR IGNORE INTO recipe_tags (recipe_id, tag_name) VALUES (?, ?)", (rid, tag))
     log_audit(conn, user["id"], "create_recipe", "recipe", rid, recipe.name)
-    # Notify admin only when non-admin creates a recipe
-    if user["role"] != "admin":
+    # Notify admin when non-admin/non-senior_editor creates a recipe (needs review)
+    if user["role"] not in ("admin", "senior_editor"):
         who = user.get("display_name") or user["username"]
         conn.execute(
             "INSERT INTO notifications (target_role, title, body) VALUES (?, ?, ?)",