decorator: Reorder public_json_view.

Doing the dispatch to authenticated_json_view first lets us avoid
messing around with the skip_rate_limiting parameter.

Since rate_limit itself checks user.is_authenticated, there's no
potential downside to doing that check first here.

zerver/decorator.py

@@ -849,10 +849,16 @@ def public_json_view(
         *args: ParamT.args,
         **kwargs: ParamT.kwargs,
     ) -> HttpResponse:
+        if request.user.is_authenticated:
+            # For authenticated users, process the request with their permissions.
+            return authenticated_json_view(view_func, skip_rate_limiting=skip_rate_limiting)(
+                request, *args, **kwargs
+            )
+
+        # Otherwise, process the request for a logged-out visitor.
         if not skip_rate_limiting:
             rate_limit(request)
 
-        if not request.user.is_authenticated:
         process_client(
             request,
             is_browser_view=True,
@@ -860,10 +866,6 @@ def public_json_view(
         )
         return view_func(request, request.user, *args, **kwargs)
 
-        # Fall back to authenticated_json_view if the user is authenticated.
-        # Since we have done rate limiting earlier is no need to do it again.
-        return authenticated_json_view(view_func, skip_rate_limiting=True)(request, *args, **kwargs)
-
     return _wrapped_view_func