Autofill user_id; editing still vulnerable

app/controllers/alerts_controller.rb

@@ -40,6 +40,7 @@ class AlertsController < ApplicationController
   # POST /alerts.json
   def create
     @alert = Alert.new(params[:alert])
+    @alert.user_id = current_user.id
 
     respond_to do |format|
       if @alert.save

app/models/alert.rb

@@ -17,10 +17,10 @@ class Alert < ActiveRecord::Base
                           :format       => {
                             :with           => /\A[0-9]+[A-Za-z]?\Z/
                           }
-  validates :user_id,     :presence     => true,
+  # validates :user_id,     :presence     => true,
-                          :numericality => {
+  #                         :numericality => {
-                            only_integer:   true
+  #                           only_integer:   true
-                          }
+  #                         }
   validates :semester,    :presence     => true
 
   scope :user_alerts, lambda { |user_id| 

app/views/alerts/_form.html.erb

@@ -1,10 +1,4 @@
 <%= form_for @alert, :html => { :class => 'form-horizontal' } do |f| %>
-  <div class="control-group">
-    <%= f.label :user_id, :class => 'control-label' %>
-    <div class="controls">
-      <%= f.number_field :user_id, :class => 'number_field' %>
-    </div>
-  </div>
   <div class="control-group">
     <%= f.label :department, :class => 'control-label' %>
     <div class="controls">
@@ -23,12 +17,6 @@
       <%= f.text_field :semester, :class => 'text_field' %>
     </div>
   </div>
-  <div class="control-group">
-    <%= f.label :alerted, :class => 'control-label' %>
-    <div class="controls">
-      <%= f.check_box :alerted, :class => 'check_box' %>
-    </div>
-  </div>
 
   <div class="form-actions">
     <%= f.submit nil, :class => 'btn btn-primary' %>