refactor: validate IsAuthenticated permission first

Author: BryanttV

openedx_authz/rest_api/utils.py

@@ -20,13 +20,12 @@ def _decorator(func_or_class):
         """
         Requires either OAuth2 or Session-based authentication.
         """
-        func_or_class.authentication_classes = (
+        func_or_class.authentication_classes = [
             JwtAuthentication,
             SessionAuthenticationAllowInactiveUser,
-        )
-        func_or_class.permission_classes = ()
+        ]
         if is_authenticated:
-            func_or_class.permission_classes += (IsAuthenticated,)
+            func_or_class.permission_classes.insert(0, IsAuthenticated)
         return func_or_class
 
     return _decorator