has_and_belongs_to_many - ensure only rows with there user_id are returned

rubyonrails-talk
1

@session['user'].messages.find(params[:id])