is it necessary ?

errors.add(:user_id, 'is not valid') if !self.user, do you think is necessary ? i don't know, because i set it in the controller, but is possible by other ways to send (with an own made form) the form with a different user_id (i set it before create the object, so i think is impossible, but i don't know)?

Setting the user from the session should be safe. Session data cannot be manipulated by spoofing a form. But its a good idea for the model to validate the presence of a user_id. You can do this with validates_presence_of (easier than writing a custom validation).

validates_presence_of :user_id

Aaron