user.rb

# Edit: fixing the SQL injection
class User < ActiveRecord::Base
  ...
  scope :not_a_member_of, lambda { |project_id| 
    sanitized_join_condition = sanitize_sql_array(
      ["LEFT OUTER JOIN 'memberships' ON 
        'memberships'.'user_id'    = #{self.quoted_table_name}.'id' AND
        'memberships'.'project_id' = ?", project_id]
    )

    joins(sanitized_join_condition).
    where("'memberships'.'project_id' IS NULL") 
  }
  ...
end