is it necessary ?

errors.add(:user_id, 'is not valid') if !self.user, do you think is
necessary ? i don't know, because i set it in the controller, but is
possible by other ways to send (with an own made form) the form with a
different user_id (i set it before create the object, so i think is
impossible, but i don't know)?

Setting the user from the session should be safe. Session data cannot
be manipulated by spoofing a form. But its a good idea for the model
to validate the presence of a user_id. You can do this with
validates_presence_of (easier than writing a custom validation).

validates_presence_of :user_id

Aaron