before_destroy and sessions

Models don't have access to the session, so session[:user_id] is nil.

Sessions are a controller thing. One way I've seen this work is this:

1. Add a 'current_user' class property to your User model
2. Create a before_filter that sets this to the session[:user] on every
request (not just at login)
3. In your model code, use 'User.current_user' instead of session[:user]

I wouldn't even take the callback/filter route. I'd simply define my
own method, destroy_as:

class SomeModel < ActiveRecord::Base
  def destroy_as(user)
    return false unless self.user == user

# now the controller - presumably you
# have access to the user object, not just
# the id - i usually instantiate a user from
# an id in the session using a before_filter

def destroy
  @obj = SomeModel.find(params[:id]
  if @obj.destroy_as(@current_user)
    flash[:notice] = 'It worked!'
    flash[:error] = 'It didnt work!'

Hope that helps. You could alternatively just pass in the user ID to
destroy_as and do the comparison that way but I think this is more
intention revealing.